The Samba-Bugzilla – Attachment 7718 Details for
Bug 9060
Domain User with SeMachineAccountPrivilege cannot net rpc join a DC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
level 10 logs
samba.log (text/plain), 1.14 MB, created by
Arvid Requate
on 2012-07-24 10:26:55 UTC
(
hide
)
Description:
level 10 logs
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2012-07-24 10:26:55 UTC
Size:
1.14 MB
patch
obsolete
>### /var/log/samba/log.smbd > Unlocking key A3770000FFFFFFFF >[2011/12/13 17:45:16.581228, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal) >[2011/12/13 17:45:35, 0] smbd/server.c:1053(main) > smbd version 3.6.6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter syslog = 0 > doing parameter max log size = 1000000 > doing parameter max open files = 32808 > doing parameter server string = %h univention corporate server > doing parameter netbios name = master >[2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) > handle_netbios_name: set global_myname to: MASTER > doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" > doing parameter auth methods = guest sam winbind > doing parameter ldap suffix = dc=x86err300s3,dc=qa > doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" > doing parameter ldap ssl = start tls > doing parameter passdb expand explicit = no > doing parameter ldap idmap suffix = cn=idmap,cn=univention > doing parameter idmap config * : backend = ldap > doing parameter idmap config * : range = 55000-64000 > doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 > doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa > doing parameter idmap config X86ERR300S3 : backend = nss > doing parameter idmap config X86ERR300S3 : range = 1000-54999 > doing parameter winbind max clients = 500 > doing parameter winbind nested groups = no > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter winbind separator = + > doing parameter template shell = /bin/bash > doing parameter template homedir = /home/%D-%U > doing parameter pam password change = no > doing parameter unix password sync = yes > doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" > doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* > doing parameter passwd chat timeout = 60 > doing parameter client use spnego = yes > doing parameter obey pam restrictions = yes > doing parameter encrypt passwords = yes > doing parameter load printers = yes > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter security = user > doing parameter domain logons = yes > doing parameter domain master = yes > doing parameter preferred master = yes > doing parameter local master = yes > doing parameter os level = 65 > doing parameter wins support = yes > doing parameter workgroup = X86ERR300S3 > doing parameter oplocks = yes > doing parameter kernel oplocks = yes > doing parameter large readwrite = yes > doing parameter deadtime = 15 > doing parameter read raw = yes > doing parameter write raw = yes > doing parameter max xmit = 65535 > doing parameter getwd cache = yes > doing parameter wide links = no > doing parameter store dos attributes = yes > doing parameter logon home = \\master\%U > doing parameter logon drive = I: > doing parameter logon path = \\master\%U\windows-profiles\%a > doing parameter preserve case = yes > doing parameter short preserve case = yes > doing parameter time server = yes > doing parameter host msdfs = no > doing parameter msdfs root = no > doing parameter guest account = nobody > doing parameter map to guest = Bad User > doing parameter admin users = administrator join-backup > doing parameter set quota command = /usr/sbin/univention-setquota > doing parameter check password script = /usr/share/univention-samba/password_check %u > doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" > doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" > doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" > doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" > doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" > doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" > doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" > doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" > doing parameter usershare max shares = 0 > doing parameter include = /etc/samba/base.conf >[2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" >[2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) > pm_process() returned Yes >[2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_PDC >[2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35, 4] smbd/sec_ctx.c:174(get_current_groups) > get_current_groups: user is in 1 groups: 0 >[2011/12/13 17:45:35, 2] lib/tallocmsg.c:124(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE >[2011/12/13 17:45:35, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2011/12/13 17:45:35.306250, 3] param/loadparm.c:9595(lp_load_ex) > lp_load_ex: refreshing parameters >[2011/12/13 17:45:35.306304, 3] param/loadparm.c:5212(init_globals) > Initialising global parameters >[2011/12/13 17:45:35.306347, 2] param/loadparm.c:5005(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >[2011/12/13 17:45:35.306422, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2011/12/13 17:45:35.306466, 3] param/loadparm.c:8333(do_section) > Processing section "[global]" > doing parameter debug level = 10 >[2011/12/13 17:45:35.306521, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter syslog = 0 > doing parameter max log size = 1000000 > doing parameter max open files = 32808 > doing parameter server string = %h univention corporate server > doing parameter netbios name = master >[2011/12/13 17:45:35.306883, 4] param/loadparm.c:7584(handle_netbios_name) > handle_netbios_name: set global_myname to: MASTER > doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" > doing parameter auth methods = guest sam winbind > doing parameter ldap suffix = dc=x86err300s3,dc=qa > doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" > doing parameter ldap ssl = start tls > doing parameter passdb expand explicit = no > doing parameter ldap idmap suffix = cn=idmap,cn=univention > doing parameter idmap config * : backend = ldap > doing parameter idmap config * : range = 55000-64000 > doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 > doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa > doing parameter idmap config X86ERR300S3 : backend = nss > doing parameter idmap config X86ERR300S3 : range = 1000-54999 > doing parameter winbind max clients = 500 > doing parameter winbind nested groups = no > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter winbind separator = + > doing parameter template shell = /bin/bash > doing parameter template homedir = /home/%D-%U > doing parameter pam password change = no > doing parameter unix password sync = yes > doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" > doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* > doing parameter passwd chat timeout = 60 > doing parameter client use spnego = yes > doing parameter obey pam restrictions = yes > doing parameter encrypt passwords = yes > doing parameter load printers = yes > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter security = user > doing parameter domain logons = yes > doing parameter domain master = yes > doing parameter preferred master = yes > doing parameter local master = yes > doing parameter os level = 65 > doing parameter wins support = yes > doing parameter workgroup = X86ERR300S3 > doing parameter oplocks = yes > doing parameter kernel oplocks = yes > doing parameter large readwrite = yes > doing parameter deadtime = 15 > doing parameter read raw = yes > doing parameter write raw = yes > doing parameter max xmit = 65535 > doing parameter getwd cache = yes > doing parameter wide links = no > doing parameter store dos attributes = yes > doing parameter logon home = \\master\%U > doing parameter logon drive = I: > doing parameter logon path = \\master\%U\windows-profiles\%a > doing parameter preserve case = yes > doing parameter short preserve case = yes > doing parameter time server = yes > doing parameter host msdfs = no > doing parameter msdfs root = no > doing parameter guest account = nobody > doing parameter map to guest = Bad User > doing parameter admin users = administrator join-backup > doing parameter set quota command = /usr/sbin/univention-setquota > doing parameter check password script = /usr/share/univention-samba/password_check %u > doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" > doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" > doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" > doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" > doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" > doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" > doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" > doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" > doing parameter usershare max shares = 0 > doing parameter include = /etc/samba/base.conf >[2011/12/13 17:45:35.312857, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" >[2011/12/13 17:45:35.312901, 2] param/loadparm.c:8350(do_section) > Processing section "[homes]" >[2011/12/13 17:45:35.312968, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 0 for homes >[2011/12/13 17:45:35.313006, 10] param/loadparm.c:6541(hash_a_service) > hash_a_service: creating servicehash >[2011/12/13 17:45:35.313041, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 0 for service name homes > doing parameter comment = Heimatverzeichnisse > doing parameter browsable = no > doing parameter read only = no > doing parameter create mask = 0700 > doing parameter directory mask = 0700 > doing parameter vfs objects = acl_xattr >[2011/12/13 17:45:35.313242, 2] param/loadparm.c:8350(do_section) > Processing section "[printers]" >[2011/12/13 17:45:35.313302, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 1 for printers >[2011/12/13 17:45:35.313338, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 1 for service name printers > doing parameter comment = Drucker > doing parameter browseable = no > doing parameter path = /tmp > doing parameter printable = yes > doing parameter public = no > doing parameter writable = no > doing parameter create mode = 0700 >[2011/12/13 17:45:35.313522, 2] param/loadparm.c:8350(do_section) > Processing section "[print$]" >[2011/12/13 17:45:35.313580, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 2 for print$ >[2011/12/13 17:45:35.313615, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 2 for service name print$ > doing parameter comment = Printer Drivers > doing parameter path = /var/lib/samba/drivers > doing parameter browseable = yes > doing parameter guest ok = no > doing parameter read only = no > doing parameter write list = root, Administrator, @Printer-Admins >[2011/12/13 17:45:35.313775, 2] param/loadparm.c:8350(do_section) > Processing section "[netlogon]" >[2011/12/13 17:45:35.313835, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 3 for netlogon >[2011/12/13 17:45:35.313881, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 3 for service name netlogon > doing parameter comment = Domain logon service > doing parameter path = /var/lib/samba/netlogon > doing parameter public = no > doing parameter preserve case = yes > doing parameter case sensitive = no > doing parameter writable = yes > doing parameter include = /etc/samba/installs.conf >[2011/12/13 17:45:35.314084, 2] param/loadparm.c:7713(handle_include) > Can't find include file /etc/samba/installs.conf > doing parameter include = /etc/samba/shares.conf >[2011/12/13 17:45:35.314155, 2] param/loadparm.c:7713(handle_include) > Can't find include file /etc/samba/shares.conf > doing parameter include = /etc/samba/printers.conf >[2011/12/13 17:45:35.314231, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/printers.conf" > doing parameter include = /etc/samba/local.conf >[2011/12/13 17:45:35.314311, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/local.conf" >[2011/12/13 17:45:35.314349, 4] param/loadparm.c:9631(lp_load_ex) > pm_process() returned Yes >[2011/12/13 17:45:35.314419, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 4 for IPC$ >[2011/12/13 17:45:35.314457, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 4 for service name IPC$ >[2011/12/13 17:45:35.314499, 3] param/loadparm.c:6653(lp_add_ipc) > adding IPC service >[2011/12/13 17:45:35.314532, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_PDC >[2011/12/13 17:45:35.314569, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35.314613, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:35.315005, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=2001:4dd0:ff00:8c42:ff08::180 bcast=2001:4dd0:ff00:8c42:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: >[2011/12/13 17:45:35.315072, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=fe80::5054:ff:febb:90c5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2011/12/13 17:45:35.315163, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=10.200.8.180 bcast=10.200.8.255 netmask=255.255.255.0 >[2011/12/13 17:45:35.315217, 3] smbd/server.c:1088(main) > loaded services >[2011/12/13 17:45:35.315262, 5] lib/util.c:242(init_names) > Netbios name list:- > my_netbios_names[0]="MASTER" >[2011/12/13 17:45:35.315351, 3] smbd/server.c:1120(main) > Becoming a daemon. >[2011/12/13 17:45:35.321780, 8] ../lib/util/util.c:263(fcntl_lock) > fcntl_lock 9 13 0 1 1 >[2011/12/13 17:45:35.321868, 8] ../lib/util/util.c:298(fcntl_lock) > fcntl_lock: Lock call successful >[2011/12/13 17:45:35.322066, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam >[2011/12/13 17:45:35.322116, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam' >[2011/12/13 17:45:35.322150, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam_compat >[2011/12/13 17:45:35.322183, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam_compat' >[2011/12/13 17:45:35.322224, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam >[2011/12/13 17:45:35.322258, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam' >[2011/12/13 17:45:35.322289, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam_compat >[2011/12/13 17:45:35.322322, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2011/12/13 17:45:35.322355, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend IPA_ldapsam >[2011/12/13 17:45:35.322388, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'IPA_ldapsam' >[2011/12/13 17:45:35.322420, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend smbpasswd >[2011/12/13 17:45:35.322453, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'smbpasswd' >[2011/12/13 17:45:35.322486, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend tdbsam >[2011/12/13 17:45:35.322518, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'tdbsam' >[2011/12/13 17:45:35.322551, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend wbc_sam >[2011/12/13 17:45:35.322585, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'wbc_sam' >[2011/12/13 17:45:35.322617, 5] passdb/pdb_interface.c:141(make_pdb_method_name) > Attempting to find a passdb backend to match ldapsam:"ldap://master.x86err300s3.qa:7389" (ldapsam) >[2011/12/13 17:45:35.322652, 5] passdb/pdb_interface.c:162(make_pdb_method_name) > Found pdb backend ldapsam >[2011/12/13 17:45:35.322705, 2] lib/smbldap_util.c:278(smbldap_search_domain_info) > smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=X86ERR300S3))] >[2011/12/13 17:45:35.322760, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaDomain)(sambaDomainName=X86ERR300S3))], scope => [2] >[2011/12/13 17:45:35.322834, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35.322897, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2011/12/13 17:45:35.322945, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 >[2011/12/13 17:45:35.336268, 3] lib/smbldap.c:803(smb_ldap_start_tls) > StartTLS issued: using a TLS connection >[2011/12/13 17:45:35.599194, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2011/12/13 17:45:35.599383, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" >[2011/12/13 17:45:35.601092, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2011/12/13 17:45:35.601171, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2011/12/13 17:45:35.601810, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaAlgorithmicRidBase does not exist >[2011/12/13 17:45:35.601864, 5] passdb/pdb_interface.c:173(make_pdb_method_name) > pdb backend ldapsam:"ldap://master.x86err300s3.qa:7389" has a valid init >[2011/12/13 17:45:35.616530, 10] registry/reg_backend_db.c:526(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2011/12/13 17:45:35.616593, 10] registry/reg_cachehook.c:70(reghook_cache_init) > reghook_cache_init: new tree with default ops 0xb77df800 for key [] >[2011/12/13 17:45:35.616853, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2011/12/13 17:45:35.616931, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] >[2011/12/13 17:45:35.616971, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2011/12/13 17:45:35.617022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] >[2011/12/13 17:45:35.617059, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:35.617109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2011/12/13 17:45:35.617146, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2011/12/13 17:45:35.617183, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:35.617233, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2011/12/13 17:45:35.617270, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2011/12/13 17:45:35.617312, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df8e0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] >[2011/12/13 17:45:35.617348, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.617385, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree >[2011/12/13 17:45:35.617418, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.617453, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df800 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2011/12/13 17:45:35.617486, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.617522, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree >[2011/12/13 17:45:35.617556, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.617591, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df800 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2011/12/13 17:45:35.617624, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.617659, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree >[2011/12/13 17:45:35.617692, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.617726, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df920 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2011/12/13 17:45:35.617759, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.617795, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree >[2011/12/13 17:45:35.617827, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.617862, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df8a0 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2011/12/13 17:45:35.617894, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.617929, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2011/12/13 17:45:35.617969, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618005, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df960 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2011/12/13 17:45:35.618038, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618073, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree >[2011/12/13 17:45:35.618106, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618140, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df9a0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2011/12/13 17:45:35.618172, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618207, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree >[2011/12/13 17:45:35.618239, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618273, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77df9e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2011/12/13 17:45:35.618306, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618340, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree >[2011/12/13 17:45:35.618373, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618406, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77dfa20 for key [\HKPT] >[2011/12/13 17:45:35.618438, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618471, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKPT] to tree >[2011/12/13 17:45:35.618503, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618537, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77dfa60 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2011/12/13 17:45:35.618569, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618603, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree >[2011/12/13 17:45:35.618635, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618669, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0xb77dfaa0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2011/12/13 17:45:35.618716, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2011/12/13 17:45:35.618751, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree >[2011/12/13 17:45:35.618784, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2011/12/13 17:45:35.618817, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2011/12/13 17:45:35.619529, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user X86ERR300S3+root >[2011/12/13 17:45:35.619737, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is x86err300s3+root >[2011/12/13 17:45:35.621324, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is X86ERR300S3+root >[2011/12/13 17:45:35.682242, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is X86ERR300S3+ROOT >[2011/12/13 17:45:35.683516, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in x86err300s3+root >[2011/12/13 17:45:35.684459, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [X86ERR300S3+root]! >[2011/12/13 17:45:35.688736, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2011/12/13 17:45:35.688784, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2011/12/13 17:45:35.688919, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2011/12/13 17:45:35.689000, 5] lib/gencache.c:68(gencache_init) > Opening cache file at /var/run/samba/gencache.tdb >[2011/12/13 17:45:35.689116, 5] lib/gencache.c:111(gencache_init) > Opening cache file at /var/run/samba/gencache_notrans.tdb >[2011/12/13 17:45:35.689195, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/0 and timeout = Thu Jan 1 01:00:00 1970 > (-1323794735 seconds in the past) >[2011/12/13 17:45:36.703183, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 0 >[2011/12/13 17:45:36.703258, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.703299, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.703334, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.703368, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.703403, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.703516, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2011/12/13 17:45:36.703924, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) >[2011/12/13 17:45:36.703987, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.704028, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 0 -> sid S-1-22-2-0 >[2011/12/13 17:45:36.704088, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] >[2011/12/13 17:45:36.704455, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) >[2011/12/13 17:45:36.704513, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for root >[2011/12/13 17:45:36.704564, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\root => domain=[X86ERR300S3], name=[root] >[2011/12/13 17:45:36.704600, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:36.704639, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.704675, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.704741, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.704776, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.704809, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.704903, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=root)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:36.705362, 4] passdb/pdb_ldap.c:1578(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2011/12/13 17:45:36.705423, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.705461, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.705496, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.705544, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.705578, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.705609, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.705675, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2011/12/13 17:45:36.706108, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2011/12/13 17:45:36.706239, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.706290, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2011/12/13 17:45:36.706325, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:36.707035, 10] passdb/lookup_sid.c:1544(sid_to_uid) > sid S-1-22-1-0 -> uid 0 >[2011/12/13 17:45:36.707185, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2011/12/13 17:45:36.707470, 10] auth/token_util.c:339(create_local_nt_token) > Create local NT token for S-1-22-1-0 >[2011/12/13 17:45:36.707550, 10] passdb/lookup_sid.c:1635(sid_to_gid) > sid S-1-5-32-544 -> gid 5010 >[2011/12/13 17:45:36.707603, 10] passdb/lookup_sid.c:1635(sid_to_gid) > sid S-1-5-32-545 -> gid 5011 >[2011/12/13 17:45:36.707700, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-1-0] >[2011/12/13 17:45:36.707747, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2011/12/13 17:45:36.707790, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2011/12/13 17:45:36.707843, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2011/12/13 17:45:36.707885, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2011/12/13 17:45:36.709034, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.709091, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.709127, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.709160, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.709193, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.709264, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2011/12/13 17:45:36.709755, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5022 >[2011/12/13 17:45:36.709819, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2011/12/13 17:45:36.709862, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:36.709909, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.709946, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) > LEGACY: sid S-1-1-0 -> gid 5022 >[2011/12/13 17:45:36.709985, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.710021, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.710054, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.710097, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.710131, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.710192, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2011/12/13 17:45:36.710573, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2011/12/13 17:45:36.710634, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.710672, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:36.710708, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:36.710745, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2011/12/13 17:45:36.710789, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (7): > SID[ 0]: S-1-22-1-0 > SID[ 1]: S-1-22-2-0 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-5022 > SID[ 6]: S-1-22-2-5020 > Privileges (0x 0): > Rights (0x 0): >[2011/12/13 17:45:36.710968, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 5022 > Group[ 2]: 5020 >[2011/12/13 17:45:36.711172, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2011/12/13 17:45:36.711212, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2011/12/13 17:45:36.711326, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2011/12/13 17:45:36.711386, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user X86ERR300S3+nobody >[2011/12/13 17:45:36.711421, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is x86err300s3+nobody >[2011/12/13 17:45:36.712010, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is X86ERR300S3+nobody >[2011/12/13 17:45:36.712551, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is X86ERR300S3+NOBODY >[2011/12/13 17:45:36.713130, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in x86err300s3+nobody >[2011/12/13 17:45:36.713184, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [X86ERR300S3+nobody]! >[2011/12/13 17:45:36.713226, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2011/12/13 17:45:36.713260, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2011/12/13 17:45:36.713296, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2011/12/13 17:45:36.713352, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/65534 and timeout = Thu Jan 1 01:00:00 1970 > (-1323794736 seconds in the past) >[2011/12/13 17:45:36.714381, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 65534 >[2011/12/13 17:45:36.714437, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.714474, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.714508, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.714542, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.714575, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.714654, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2] >[2011/12/13 17:45:36.715033, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) >[2011/12/13 17:45:36.715094, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.715132, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 65534 -> sid S-1-22-2-65534 >[2011/12/13 17:45:36.715186, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2] >[2011/12/13 17:45:36.715544, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) >[2011/12/13 17:45:36.715600, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for nobody >[2011/12/13 17:45:36.715637, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for nobody >[2011/12/13 17:45:36.715693, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-501] >[2011/12/13 17:45:36.715742, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] >[2011/12/13 17:45:36.715787, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-546] >[2011/12/13 17:45:36.715831, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2011/12/13 17:45:36.715884, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2011/12/13 17:45:36.715925, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-546] >[2011/12/13 17:45:36.718834, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.718897, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.718944, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.718981, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.719014, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.719072, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2011/12/13 17:45:36.719110, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:36.719144, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.719178, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:36.719211, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.719243, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.719324, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:36.719741, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-546] count=0 >[2011/12/13 17:45:36.719819, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546))], scope => [2] >[2011/12/13 17:45:36.720193, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)) >[2011/12/13 17:45:36.720254, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.720291, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2011/12/13 17:45:36.720327, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.720362, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-21-861941570-1634457251-3974523304-546 >[2011/12/13 17:45:36.720401, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.720436, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.720469, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.720502, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.720534, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.720586, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2011/12/13 17:45:36.720623, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:36.720657, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.720838, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:36.720874, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.720906, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.720987, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:36.721403, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-546] count=0 >[2011/12/13 17:45:36.721480, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546))], scope => [2] >[2011/12/13 17:45:36.721838, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-546)) >[2011/12/13 17:45:36.721900, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.721936, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2011/12/13 17:45:36.721973, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.722008, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-21-861941570-1634457251-3974523304-546 >[2011/12/13 17:45:36.722047, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.722083, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.722116, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.722149, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.722181, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.722256, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2011/12/13 17:45:36.722613, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2011/12/13 17:45:36.722674, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.722712, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:36.722748, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:36.722784, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-21-861941570-1634457251-3974523304-546 to gid, ignoring it >[2011/12/13 17:45:36.722821, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2011/12/13 17:45:36.722862, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-65534 > SID[ 7]: S-1-22-2-5001 > SID[ 8]: S-1-22-2-5022 > SID[ 9]: S-1-22-2-5012 > Privileges (0x 0): > Rights (0x 0): >[2011/12/13 17:45:36.723082, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 65534 > Primary group is 65534 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5012 >[2011/12/13 17:45:36.723268, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) > Initialise the svcctl registry keys if needed. >[2011/12/13 17:45:36.723311, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.723346, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.723379, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:36.723412, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:36.723444, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:36.723535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:36.723574, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2011/12/13 17:45:36.723628, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2011/12/13 17:45:36.723688, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2011/12/13 17:45:36.723723, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2011/12/13 17:45:36.723765, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2011/12/13 17:45:36.723834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2011/12/13 17:45:36.724052, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2011/12/13 17:45:36.724100, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2011/12/13 17:45:36.724140, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2011/12/13 17:45:36.724173, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2011/12/13 17:45:36.724206, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.724237, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM] >[2011/12/13 17:45:36.724302, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.724385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > result : WERR_OK >[2011/12/13 17:45:36.724580, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > keyname: struct winreg_String > name_len : 0x0044 (68) > name_size : 0x0044 (68) > name : * > name : 'SYSTEM\CurrentControlSet\Services' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2011/12/13 17:45:36.725028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.725111, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.725147, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2011/12/13 17:45:36.725187, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.725219, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.725252, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.725283, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.725334, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.725372, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.725410, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.725451, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.725486, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.725517, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.725569, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.725605, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.725643, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.725674, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.725708, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.725739, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.725799, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.725836, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.725871, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.725948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > result : WERR_OK >[2011/12/13 17:45:36.726103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2011/12/13 17:45:36.726301, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.726384, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0xb77df800) >[2011/12/13 17:45:36.726420, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.726465, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.726519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000007 (7) > max_subkeylen : * > max_subkeylen : 0x0000001c (28) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.726921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.727285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.727364, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.727400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001a (26) > size : 0x001e (30) > name : * > name : 'LanmanServer' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.727698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.728053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.728131, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.728167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Eventlog' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.728460, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.728836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.728916, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.729100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000c (12) > size : 0x001e (30) > name : * > name : 'Tcpip' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.729428, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.729775, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.729854, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.729890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Netlogon' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.730184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.730536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.730614, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.730650, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0010 (16) > size : 0x001e (30) > name : * > name : 'Spooler' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.730954, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.731297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.731376, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.731412, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001e (30) > size : 0x001e (30) > name : * > name : 'RemoteRegistry' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.731707, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2011/12/13 17:45:36.732050, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.732129, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.732165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000a (10) > size : 0x001e (30) > name : * > name : 'WINS' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.732472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0054 (84) > name_size : 0x0054 (84) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2011/12/13 17:45:36.733043, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.733124, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' >[2011/12/13 17:45:36.733163, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.733199, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.733233, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.733268, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.733305, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.733337, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.733370, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.733401, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.733452, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.733489, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.733524, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.733561, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.733592, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.733626, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.733659, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.733710, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.733748, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.733782, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.733817, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.733853, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.733885, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.733919, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.733950, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.734010, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.734047, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2011/12/13 17:45:36.734082, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.734128, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.734162, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.734197, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.734229, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.734279, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.734316, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.734391, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.734579, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.734898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.734990, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] >[2011/12/13 17:45:36.735028, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.735061, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0xb77df800) >[2011/12/13 17:45:36.735096, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.735144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2011/12/13 17:45:36.735181, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2011/12/13 17:45:36.735216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2011/12/13 17:45:36.735251, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2011/12/13 17:45:36.735294, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[28] >[2011/12/13 17:45:36.735331, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[54] >[2011/12/13 17:45:36.735366, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[106] >[2011/12/13 17:45:36.735401, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.735491, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.735802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.735877, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] >[2011/12/13 17:45:36.735913, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.735948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.736031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.736429, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.736509, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] >[2011/12/13 17:45:36.736554, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.736591, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.736688, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2011/12/13 17:45:36.737346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.737425, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] >[2011/12/13 17:45:36.737462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.737498, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.737592, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(28) > [0] : 0x50 (80) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x53 (83) > [13] : 0x00 (0) > [14] : 0x70 (112) > [15] : 0x00 (0) > [16] : 0x6f (111) > [17] : 0x00 (0) > [18] : 0x6f (111) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > size : 0x0000001c (28) >[2011/12/13 17:45:36.738288, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.738366, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] >[2011/12/13 17:45:36.738403, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.738439, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.738525, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(54) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x2f (47) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x6d (109) > [23] : 0x00 (0) > [24] : 0x62 (98) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x2f (47) > [29] : 0x00 (0) > [30] : 0x73 (115) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x63 (99) > [35] : 0x00 (0) > [36] : 0x63 (99) > [37] : 0x00 (0) > [38] : 0x74 (116) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x2f (47) > [43] : 0x00 (0) > [44] : 0x73 (115) > [45] : 0x00 (0) > [46] : 0x6d (109) > [47] : 0x00 (0) > [48] : 0x62 (98) > [49] : 0x00 (0) > [50] : 0x64 (100) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > size : 0x00000036 (54) >[2011/12/13 17:45:36.739607, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.739683, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] >[2011/12/13 17:45:36.739720, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.739755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.739843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(106) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x66 (102) > [35] : 0x00 (0) > [36] : 0x6f (111) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x73 (115) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x6f (111) > [47] : 0x00 (0) > [48] : 0x6f (111) > [49] : 0x00 (0) > [50] : 0x6c (108) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x6e (110) > [55] : 0x00 (0) > [56] : 0x67 (103) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x66 (102) > [61] : 0x00 (0) > [62] : 0x69 (105) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x65 (101) > [67] : 0x00 (0) > [68] : 0x73 (115) > [69] : 0x00 (0) > [70] : 0x20 (32) > [71] : 0x00 (0) > [72] : 0x74 (116) > [73] : 0x00 (0) > [74] : 0x6f (111) > [75] : 0x00 (0) > [76] : 0x20 (32) > [77] : 0x00 (0) > [78] : 0x70 (112) > [79] : 0x00 (0) > [80] : 0x72 (114) > [81] : 0x00 (0) > [82] : 0x69 (105) > [83] : 0x00 (0) > [84] : 0x6e (110) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x64 (100) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x76 (118) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x73 (115) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > size : 0x0000006a (106) >[2011/12/13 17:45:36.741736, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.741814, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] >[2011/12/13 17:45:36.741851, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.741887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.741976, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.742100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.742177, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.742252, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.742295, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.742331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.742487, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0066 (102) > name_size : 0x0066 (102) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2011/12/13 17:45:36.743025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.743105, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' >[2011/12/13 17:45:36.743143, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.743179, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.743213, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.743248, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.743285, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.743318, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.743351, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.743383, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.743433, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.743470, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.743514, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.743552, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.743584, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.743617, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.743648, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.743699, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.743737, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.743771, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.743805, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.743842, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.743874, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.743908, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.743940, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.743999, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.744039, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.744072, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2011/12/13 17:45:36.744107, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.744144, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.744176, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.744210, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.744242, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2011/12/13 17:45:36.744291, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.744328, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2011/12/13 17:45:36.744363, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.744400, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2011/12/13 17:45:36.744433, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2011/12/13 17:45:36.744467, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.744498, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2011/12/13 17:45:36.744543, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2011/12/13 17:45:36.744580, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.744624, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.744726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.744929, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2011/12/13 17:45:36.747174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.747255, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] >[2011/12/13 17:45:36.747294, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.747328, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0xb77df800) >[2011/12/13 17:45:36.747363, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2011/12/13 17:45:36.747413, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2011/12/13 17:45:36.747451, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.747535, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.747656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.747733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.747808, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.747841, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.747875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.748029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2011/12/13 17:45:36.748554, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.748632, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' >[2011/12/13 17:45:36.748669, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.748732, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.748770, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.748805, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.748842, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.748874, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.748908, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.748939, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.748989, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.749026, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.749061, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.749098, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.749130, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.749163, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.749195, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.749244, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.749283, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.749317, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.749352, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.749397, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.749430, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.749464, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.749495, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.749555, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.749593, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2011/12/13 17:45:36.749628, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.749665, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.749697, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.749731, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.749763, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.749814, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.749851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.749926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.750107, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.750419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.750494, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] >[2011/12/13 17:45:36.750531, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.750573, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0xb77df800) >[2011/12/13 17:45:36.750608, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.750657, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2011/12/13 17:45:36.750694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2011/12/13 17:45:36.750729, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2011/12/13 17:45:36.750763, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2011/12/13 17:45:36.750798, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[20] >[2011/12/13 17:45:36.750833, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[54] >[2011/12/13 17:45:36.750868, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[164] >[2011/12/13 17:45:36.750903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.751004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.751322, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.751400, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] >[2011/12/13 17:45:36.751437, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.751472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.751555, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.751882, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.751960, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] >[2011/12/13 17:45:36.751997, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.752032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.752117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2011/12/13 17:45:36.752814, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.752895, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] >[2011/12/13 17:45:36.752933, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.752978, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.753070, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(20) > [0] : 0x4e (78) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x20 (32) > [7] : 0x00 (0) > [8] : 0x4c (76) > [9] : 0x00 (0) > [10] : 0x6f (111) > [11] : 0x00 (0) > [12] : 0x67 (103) > [13] : 0x00 (0) > [14] : 0x6f (111) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : 0x00000014 (20) >[2011/12/13 17:45:36.753632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.753709, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] >[2011/12/13 17:45:36.753746, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.753781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.753865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(54) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x2f (47) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x6d (109) > [23] : 0x00 (0) > [24] : 0x62 (98) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x2f (47) > [29] : 0x00 (0) > [30] : 0x73 (115) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x63 (99) > [35] : 0x00 (0) > [36] : 0x63 (99) > [37] : 0x00 (0) > [38] : 0x74 (116) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x2f (47) > [43] : 0x00 (0) > [44] : 0x73 (115) > [45] : 0x00 (0) > [46] : 0x6d (109) > [47] : 0x00 (0) > [48] : 0x62 (98) > [49] : 0x00 (0) > [50] : 0x64 (100) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > size : 0x00000036 (54) >[2011/12/13 17:45:36.754974, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.755053, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] >[2011/12/13 17:45:36.755090, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.755125, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.755214, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(164) > [0] : 0x46 (70) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6c (108) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x73 (115) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x76 (118) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x63 (99) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x20 (32) > [25] : 0x00 (0) > [26] : 0x70 (112) > [27] : 0x00 (0) > [28] : 0x72 (114) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x69 (105) > [35] : 0x00 (0) > [36] : 0x64 (100) > [37] : 0x00 (0) > [38] : 0x69 (105) > [39] : 0x00 (0) > [40] : 0x6e (110) > [41] : 0x00 (0) > [42] : 0x67 (103) > [43] : 0x00 (0) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x61 (97) > [47] : 0x00 (0) > [48] : 0x63 (99) > [49] : 0x00 (0) > [50] : 0x63 (99) > [51] : 0x00 (0) > [52] : 0x65 (101) > [53] : 0x00 (0) > [54] : 0x73 (115) > [55] : 0x00 (0) > [56] : 0x73 (115) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x74 (116) > [61] : 0x00 (0) > [62] : 0x6f (111) > [63] : 0x00 (0) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x70 (112) > [67] : 0x00 (0) > [68] : 0x6f (111) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x69 (105) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x79 (121) > [77] : 0x00 (0) > [78] : 0x20 (32) > [79] : 0x00 (0) > [80] : 0x61 (97) > [81] : 0x00 (0) > [82] : 0x6e (110) > [83] : 0x00 (0) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x70 (112) > [89] : 0x00 (0) > [90] : 0x72 (114) > [91] : 0x00 (0) > [92] : 0x6f (111) > [93] : 0x00 (0) > [94] : 0x66 (102) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6c (108) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x64 (100) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x74 (116) > [109] : 0x00 (0) > [110] : 0x61 (97) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x28 (40) > [115] : 0x00 (0) > [116] : 0x6e (110) > [117] : 0x00 (0) > [118] : 0x6f (111) > [119] : 0x00 (0) > [120] : 0x74 (116) > [121] : 0x00 (0) > [122] : 0x72 (114) > [123] : 0x00 (0) > [124] : 0x65 (101) > [125] : 0x00 (0) > [126] : 0x6d (109) > [127] : 0x00 (0) > [128] : 0x6f (111) > [129] : 0x00 (0) > [130] : 0x74 (116) > [131] : 0x00 (0) > [132] : 0x65 (101) > [133] : 0x00 (0) > [134] : 0x6c (108) > [135] : 0x00 (0) > [136] : 0x79 (121) > [137] : 0x00 (0) > [138] : 0x20 (32) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x61 (97) > [143] : 0x00 (0) > [144] : 0x6e (110) > [145] : 0x00 (0) > [146] : 0x61 (97) > [147] : 0x00 (0) > [148] : 0x67 (103) > [149] : 0x00 (0) > [150] : 0x65 (101) > [151] : 0x00 (0) > [152] : 0x61 (97) > [153] : 0x00 (0) > [154] : 0x62 (98) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x65 (101) > [159] : 0x00 (0) > [160] : 0x29 (41) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > size : 0x000000a4 (164) >[2011/12/13 17:45:36.758121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.758202, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] >[2011/12/13 17:45:36.758239, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.758275, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.758359, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.758481, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.758557, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.758631, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.758666, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.758700, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.758862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0068 (104) > name_size : 0x0068 (104) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2011/12/13 17:45:36.759404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.759484, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' >[2011/12/13 17:45:36.759522, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.759558, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.759591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.759626, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.759664, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.759695, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.759729, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.759843, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.759897, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.759935, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.759971, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.760008, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.760050, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.760084, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.760115, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.760166, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.760204, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.760238, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.760273, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.760310, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.760341, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.760375, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.760406, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.760466, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.760505, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.760539, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2011/12/13 17:45:36.760574, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.760611, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.760643, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.760677, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.760757, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2011/12/13 17:45:36.760816, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.760854, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2011/12/13 17:45:36.760889, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.760927, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2011/12/13 17:45:36.760960, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2011/12/13 17:45:36.760994, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.761026, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2011/12/13 17:45:36.761073, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2011/12/13 17:45:36.761110, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.761146, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.761233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.761424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2011/12/13 17:45:36.763573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.763652, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] >[2011/12/13 17:45:36.763690, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.763723, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0xb77df800) >[2011/12/13 17:45:36.763758, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2011/12/13 17:45:36.763807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2011/12/13 17:45:36.763844, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.763927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.764048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.764125, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.764200, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.764233, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.764267, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.764421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0062 (98) > name_size : 0x0062 (98) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2011/12/13 17:45:36.764981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.765061, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' >[2011/12/13 17:45:36.765099, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.765135, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.765168, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.765203, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.765240, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.765273, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.765306, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.765337, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.765386, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.765423, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.765537, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.765581, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.765613, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.765647, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.765679, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.765729, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.765768, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.765802, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.765836, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.765873, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.765915, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.765950, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.765982, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.766042, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.766080, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2011/12/13 17:45:36.766115, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.766152, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.766184, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.766218, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.766250, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.766300, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.766337, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.766415, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.766600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.766918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.767009, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] >[2011/12/13 17:45:36.767047, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.767081, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0xb77df800) >[2011/12/13 17:45:36.767124, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.767174, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2011/12/13 17:45:36.767211, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2011/12/13 17:45:36.767247, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2011/12/13 17:45:36.767282, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2011/12/13 17:45:36.767316, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[48] >[2011/12/13 17:45:36.767351, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[54] >[2011/12/13 17:45:36.767386, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[126] >[2011/12/13 17:45:36.767421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.767507, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.767982, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.768062, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] >[2011/12/13 17:45:36.768099, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.768135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.768223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.768551, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.768629, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] >[2011/12/13 17:45:36.768666, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.768726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.768822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2011/12/13 17:45:36.769458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.769534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] >[2011/12/13 17:45:36.769571, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.769607, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.769708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(48) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x6f (111) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x20 (32) > [13] : 0x00 (0) > [14] : 0x52 (82) > [15] : 0x00 (0) > [16] : 0x65 (101) > [17] : 0x00 (0) > [18] : 0x67 (103) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x74 (116) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x79 (121) > [29] : 0x00 (0) > [30] : 0x20 (32) > [31] : 0x00 (0) > [32] : 0x53 (83) > [33] : 0x00 (0) > [34] : 0x65 (101) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x76 (118) > [39] : 0x00 (0) > [40] : 0x69 (105) > [41] : 0x00 (0) > [42] : 0x63 (99) > [43] : 0x00 (0) > [44] : 0x65 (101) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > size : 0x00000030 (48) >[2011/12/13 17:45:36.770713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.770798, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] >[2011/12/13 17:45:36.770837, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.770873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.770973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(54) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x2f (47) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x6d (109) > [23] : 0x00 (0) > [24] : 0x62 (98) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x2f (47) > [29] : 0x00 (0) > [30] : 0x73 (115) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x63 (99) > [35] : 0x00 (0) > [36] : 0x63 (99) > [37] : 0x00 (0) > [38] : 0x74 (116) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x2f (47) > [43] : 0x00 (0) > [44] : 0x73 (115) > [45] : 0x00 (0) > [46] : 0x6d (109) > [47] : 0x00 (0) > [48] : 0x62 (98) > [49] : 0x00 (0) > [50] : 0x64 (100) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > size : 0x00000036 (54) >[2011/12/13 17:45:36.772074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.772152, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] >[2011/12/13 17:45:36.772190, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.772226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.772313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(126) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x72 (114) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x6d (109) > [59] : 0x00 (0) > [60] : 0x6f (111) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x65 (101) > [65] : 0x00 (0) > [66] : 0x20 (32) > [67] : 0x00 (0) > [68] : 0x61 (97) > [69] : 0x00 (0) > [70] : 0x63 (99) > [71] : 0x00 (0) > [72] : 0x63 (99) > [73] : 0x00 (0) > [74] : 0x65 (101) > [75] : 0x00 (0) > [76] : 0x73 (115) > [77] : 0x00 (0) > [78] : 0x73 (115) > [79] : 0x00 (0) > [80] : 0x20 (32) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x6f (111) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x74 (116) > [89] : 0x00 (0) > [90] : 0x68 (104) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x20 (32) > [95] : 0x00 (0) > [96] : 0x53 (83) > [97] : 0x00 (0) > [98] : 0x61 (97) > [99] : 0x00 (0) > [100] : 0x6d (109) > [101] : 0x00 (0) > [102] : 0x62 (98) > [103] : 0x00 (0) > [104] : 0x61 (97) > [105] : 0x00 (0) > [106] : 0x20 (32) > [107] : 0x00 (0) > [108] : 0x72 (114) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x67 (103) > [113] : 0x00 (0) > [114] : 0x69 (105) > [115] : 0x00 (0) > [116] : 0x73 (115) > [117] : 0x00 (0) > [118] : 0x74 (116) > [119] : 0x00 (0) > [120] : 0x72 (114) > [121] : 0x00 (0) > [122] : 0x79 (121) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > size : 0x0000007e (126) >[2011/12/13 17:45:36.774562, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.774642, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] >[2011/12/13 17:45:36.774680, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.774716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.774801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.774936, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.775016, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.775091, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.775126, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.775161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.775317, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0074 (116) > name_size : 0x0074 (116) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2011/12/13 17:45:36.775846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.775926, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' >[2011/12/13 17:45:36.775965, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.776000, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.776034, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.776070, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.776107, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.776139, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.776173, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.776204, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.776254, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.776291, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.776326, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.776363, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.776395, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.776429, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.776460, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.776511, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.776549, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.776591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.776627, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.776664, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.776718, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.776759, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.776791, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.776854, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.776894, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.776928, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2011/12/13 17:45:36.776963, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.777001, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.777033, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.777068, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.777099, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2011/12/13 17:45:36.777150, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.777186, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2011/12/13 17:45:36.777221, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.777259, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2011/12/13 17:45:36.777293, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2011/12/13 17:45:36.777327, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.777358, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2011/12/13 17:45:36.777405, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2011/12/13 17:45:36.777442, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.777478, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.777554, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.777753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2011/12/13 17:45:36.779900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.779986, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] >[2011/12/13 17:45:36.780026, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.780060, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0xb77df800) >[2011/12/13 17:45:36.780095, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2011/12/13 17:45:36.780145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2011/12/13 17:45:36.780183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.780267, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.780389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.780464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.780537, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.780570, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.780604, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.780796, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x004e (78) > name_size : 0x004e (78) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2011/12/13 17:45:36.781326, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.781404, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' >[2011/12/13 17:45:36.781441, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.781476, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.781509, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.781544, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.781580, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.781612, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.781645, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.781677, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.781726, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.781762, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.781798, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.781835, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.781867, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.781900, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.781931, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.781981, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.782019, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.782053, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.782087, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.782123, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.782155, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.782189, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.782220, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.782279, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.782316, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2011/12/13 17:45:36.782359, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.782398, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.782431, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.782465, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.782496, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.782545, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.782583, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.782660, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.782844, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.783244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.783325, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] >[2011/12/13 17:45:36.783363, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.783397, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0xb77df800) >[2011/12/13 17:45:36.783431, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.783481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2011/12/13 17:45:36.783519, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2011/12/13 17:45:36.783555, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2011/12/13 17:45:36.783599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2011/12/13 17:45:36.783636, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[74] >[2011/12/13 17:45:36.783671, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[54] >[2011/12/13 17:45:36.783706, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[178] >[2011/12/13 17:45:36.783741, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.783828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.784147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.784224, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] >[2011/12/13 17:45:36.784261, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.784297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.784381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2011/12/13 17:45:36.784721, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.784807, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] >[2011/12/13 17:45:36.784854, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.784890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.784979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2011/12/13 17:45:36.785609, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.785687, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] >[2011/12/13 17:45:36.785724, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.785759, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.785852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(74) > [0] : 0x57 (87) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x64 (100) > [7] : 0x00 (0) > [8] : 0x6f (111) > [9] : 0x00 (0) > [10] : 0x77 (119) > [11] : 0x00 (0) > [12] : 0x73 (115) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x49 (73) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x6e (110) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x74 (116) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x4e (78) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x6d (109) > [39] : 0x00 (0) > [40] : 0x65 (101) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x53 (83) > [45] : 0x00 (0) > [46] : 0x65 (101) > [47] : 0x00 (0) > [48] : 0x72 (114) > [49] : 0x00 (0) > [50] : 0x76 (118) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x63 (99) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x28 (40) > [61] : 0x00 (0) > [62] : 0x57 (87) > [63] : 0x00 (0) > [64] : 0x49 (73) > [65] : 0x00 (0) > [66] : 0x4e (78) > [67] : 0x00 (0) > [68] : 0x53 (83) > [69] : 0x00 (0) > [70] : 0x29 (41) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > size : 0x0000004a (74) >[2011/12/13 17:45:36.787306, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.787385, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] >[2011/12/13 17:45:36.787422, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.787458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.787546, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(54) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x2f (47) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x61 (97) > [21] : 0x00 (0) > [22] : 0x6d (109) > [23] : 0x00 (0) > [24] : 0x62 (98) > [25] : 0x00 (0) > [26] : 0x61 (97) > [27] : 0x00 (0) > [28] : 0x2f (47) > [29] : 0x00 (0) > [30] : 0x73 (115) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x63 (99) > [35] : 0x00 (0) > [36] : 0x63 (99) > [37] : 0x00 (0) > [38] : 0x74 (116) > [39] : 0x00 (0) > [40] : 0x6c (108) > [41] : 0x00 (0) > [42] : 0x2f (47) > [43] : 0x00 (0) > [44] : 0x6e (110) > [45] : 0x00 (0) > [46] : 0x6d (109) > [47] : 0x00 (0) > [48] : 0x62 (98) > [49] : 0x00 (0) > [50] : 0x64 (100) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > size : 0x00000036 (54) >[2011/12/13 17:45:36.788660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.788767, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] >[2011/12/13 17:45:36.788807, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.788842, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.788931, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(178) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x61 (97) > [55] : 0x00 (0) > [56] : 0x20 (32) > [57] : 0x00 (0) > [58] : 0x4e (78) > [59] : 0x00 (0) > [60] : 0x65 (101) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x42 (66) > [65] : 0x00 (0) > [66] : 0x49 (73) > [67] : 0x00 (0) > [68] : 0x4f (79) > [69] : 0x00 (0) > [70] : 0x53 (83) > [71] : 0x00 (0) > [72] : 0x20 (32) > [73] : 0x00 (0) > [74] : 0x70 (112) > [75] : 0x00 (0) > [76] : 0x6f (111) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x6e (110) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2d (45) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x6f (111) > [89] : 0x00 (0) > [90] : 0x2d (45) > [91] : 0x00 (0) > [92] : 0x70 (112) > [93] : 0x00 (0) > [94] : 0x6f (111) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6e (110) > [99] : 0x00 (0) > [100] : 0x74 (116) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x6e (110) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x6d (109) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x73 (115) > [115] : 0x00 (0) > [116] : 0x65 (101) > [117] : 0x00 (0) > [118] : 0x72 (114) > [119] : 0x00 (0) > [120] : 0x76 (118) > [121] : 0x00 (0) > [122] : 0x65 (101) > [123] : 0x00 (0) > [124] : 0x72 (114) > [125] : 0x00 (0) > [126] : 0x28 (40) > [127] : 0x00 (0) > [128] : 0x6e (110) > [129] : 0x00 (0) > [130] : 0x6f (111) > [131] : 0x00 (0) > [132] : 0x74 (116) > [133] : 0x00 (0) > [134] : 0x20 (32) > [135] : 0x00 (0) > [136] : 0x72 (114) > [137] : 0x00 (0) > [138] : 0x65 (101) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x6f (111) > [143] : 0x00 (0) > [144] : 0x74 (116) > [145] : 0x00 (0) > [146] : 0x65 (101) > [147] : 0x00 (0) > [148] : 0x6c (108) > [149] : 0x00 (0) > [150] : 0x79 (121) > [151] : 0x00 (0) > [152] : 0x20 (32) > [153] : 0x00 (0) > [154] : 0x6d (109) > [155] : 0x00 (0) > [156] : 0x61 (97) > [157] : 0x00 (0) > [158] : 0x6e (110) > [159] : 0x00 (0) > [160] : 0x61 (97) > [161] : 0x00 (0) > [162] : 0x67 (103) > [163] : 0x00 (0) > [164] : 0x65 (101) > [165] : 0x00 (0) > [166] : 0x61 (97) > [167] : 0x00 (0) > [168] : 0x62 (98) > [169] : 0x00 (0) > [170] : 0x6c (108) > [171] : 0x00 (0) > [172] : 0x65 (101) > [173] : 0x00 (0) > [174] : 0x29 (41) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > size : 0x000000b2 (178) >[2011/12/13 17:45:36.792013, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.792090, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] >[2011/12/13 17:45:36.792127, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.792163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.792246, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.792367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.792444, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.792520, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.792555, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.792590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.792775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2011/12/13 17:45:36.793309, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.793388, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' >[2011/12/13 17:45:36.793426, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.793462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.793496, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.793531, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.793568, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.793601, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.793634, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.793666, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.793716, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.793753, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.793788, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.793826, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.793857, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.793891, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.793923, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.793972, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.794010, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.794044, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.794079, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.794125, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.794158, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.794192, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.794223, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.794283, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.794321, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2011/12/13 17:45:36.794355, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2011/12/13 17:45:36.794390, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.794427, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.794459, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.794493, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.794525, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2011/12/13 17:45:36.794575, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.794611, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2011/12/13 17:45:36.794646, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.794683, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2011/12/13 17:45:36.794715, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2011/12/13 17:45:36.794750, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.794781, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2011/12/13 17:45:36.794826, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2011/12/13 17:45:36.794863, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.794899, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.794988, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-e74e-30819f7b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2011/12/13 17:45:36.795179, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-e74e-30819f7b0000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2011/12/13 17:45:36.797416, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.797497, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] >[2011/12/13 17:45:36.797535, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2011/12/13 17:45:36.797569, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0xb77df800) >[2011/12/13 17:45:36.797613, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2011/12/13 17:45:36.797664, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2011/12/13 17:45:36.797702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2011/12/13 17:45:36.797787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.797910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.797987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.798062, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.798096, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.798130, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.798276, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.798397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.798474, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.798549, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.798584, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2011/12/13 17:45:36.798618, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.798764, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2011/12/13 17:45:36.798827, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) > Initialise the eventlog registry keys if needed. >[2011/12/13 17:45:36.798875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2011/12/13 17:45:36.798918, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg >[2011/12/13 17:45:36.798976, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2011/12/13 17:45:36.799022, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2011/12/13 17:45:36.799226, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2011/12/13 17:45:36.799262, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2011/12/13 17:45:36.799299, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2011/12/13 17:45:36.799331, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2011/12/13 17:45:36.799364, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.799396, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM] >[2011/12/13 17:45:36.799450, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.799533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-e74e-30819f7b0000 > result : WERR_OK >[2011/12/13 17:45:36.799684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-e74e-30819f7b0000 > keyname: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Eventlog' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2011/12/13 17:45:36.800082, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.800172, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2011/12/13 17:45:36.800208, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2011/12/13 17:45:36.800245, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2011/12/13 17:45:36.800277, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2011/12/13 17:45:36.800310, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.800341, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM] >[2011/12/13 17:45:36.800394, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2011/12/13 17:45:36.800432, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2011/12/13 17:45:36.800470, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.800505, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.800538, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.800569, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet] >[2011/12/13 17:45:36.800622, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2011/12/13 17:45:36.800659, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2011/12/13 17:45:36.800720, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.800758, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.800793, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.800824, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2011/12/13 17:45:36.800888, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Eventlog] >[2011/12/13 17:45:36.800926, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2011/12/13 17:45:36.800964, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:36.800999, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:36.801034, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2011/12/13 17:45:36.801065, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0xb77df800 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:36.801116, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2011/12/13 17:45:36.801153, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2011/12/13 17:45:36.801187, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2011/12/13 17:45:36.801222, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.801299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-e74e-30819f7b0000 > result : WERR_OK >[2011/12/13 17:45:36.801461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-e74e-30819f7b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2011/12/13 17:45:36.801657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.801737, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0xb77df800) >[2011/12/13 17:45:36.801772, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:36.801823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2011/12/13 17:45:36.801861, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2011/12/13 17:45:36.801897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2011/12/13 17:45:36.801949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000002 (2) > max_valnamelen : * > max_valnamelen : 0x0000001a (26) > max_valbufsize : * > max_valbufsize : 0x00000014 (20) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2011/12/13 17:45:36.802343, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-e74e-30819f7b0000 >[2011/12/13 17:45:36.802464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.802542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 E7 4E 30 81 ........ .....N0. > [0010] 9F 7B 00 00 .{.. >[2011/12/13 17:45:36.802625, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:36.802659, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2011/12/13 17:45:36.802694, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2011/12/13 17:45:36.802862, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2011/12/13 17:45:36.802918, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2011/12/13 17:45:36.802974, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9787b58 >[2011/12/13 17:45:36.803079, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2011/12/13 17:45:36.803136, 5] printing/print_cups.c:408(cups_pcap_load_async) > cups_pcap_load_async: asynchronously loading cups printers >[2011/12/13 17:45:36.803374, 10] printing/print_cups.c:425(cups_pcap_load_async) > cups_pcap_load_async: child pid = 31653 >[2011/12/13 17:45:36.803454, 10] printing/print_cups.c:545(cups_cache_reload) > cups_cache_reload: async read on fd 26 >[2011/12/13 17:45:36.803496, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2011/12/13 17:45:36.803548, 3] printing/printing.c:1644(start_background_queue) > start_background_queue: Starting background LPQ thread >[2011/12/13 17:45:36.803915, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2011/12/13 17:45:36.803983, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.804244, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.804535, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2011/12/13 17:45:36.804582, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.804869, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.805155, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2011/12/13 17:45:36.805201, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.805458, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.805736, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2011/12/13 17:45:36.805781, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.806027, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 16384 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:36.806418, 5] printing/printing.c:1667(start_background_queue) > start_background_queue: background LPQ thread started >[2011/12/13 17:45:36.806755, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A67B0000FFFFFFFF >[2011/12/13 17:45:36.806823, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97747e0 >[2011/12/13 17:45:36.806878, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A67B0000FFFFFFFF >[2011/12/13 17:45:36.806939, 5] printing/printing.c:1703(start_background_queue) > start_background_queue: background LPQ thread waiting for messages >[2011/12/13 17:45:36.807270, 5] printing/print_cups.c:277(cups_cache_reload_async) > reloading cups printcap cache >[2011/12/13 17:45:36.808244, 10] printing/print_cups.c:89(cups_connect) > connecting to cups server master.x86err300s3.qa:631 >[2011/12/13 17:45:36.806291, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 9F7B0000FFFFFFFF >[2011/12/13 17:45:36.810210, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9786728 >[2011/12/13 17:45:36.810267, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 9F7B0000FFFFFFFF >[2011/12/13 17:45:36.810320, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(parent_housekeeping) 0xb97867d0 >[2011/12/13 17:45:36.810358, 5] lib/messages.c:300(messaging_register) > Overriding messaging pointer for type 1 - private_data=(nil) >[2011/12/13 17:45:36.810438, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2011/12/13 17:45:36.810479, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2011/12/13 17:45:36.810519, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2011/12/13 17:45:36.810588, 2] smbd/server.c:842(smbd_parent_loop) > waiting for connections >[2011/12/13 17:45:36.813498, 0] printing/print_cups.c:318(cups_cache_reload_async) > Unable to get printer list - client-error-forbidden >[2011/12/13 17:45:36.813608, 5] printing/print_cups.c:471(cups_async_callback) > cups_async_callback: callback received for printer data. fd = 26 >[2011/12/13 17:45:36.813675, 10] printing/print_cups.c:155(recv_pcap_blob) > successfully recvd blob of len 12 >[2011/12/13 17:45:36.813721, 0] printing/print_cups.c:487(cups_async_callback) > failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL >[2011/12/13 17:45:36.813776, 10] printing/print_cups.c:130(send_pcap_blob) > successfully sent blob of len 12 >[2011/12/13 17:45:36.814055, 2] smbd/server.c:301(remove_child_pid) > Could not find child 31653 -- ignoring >[2011/12/13 17:45:44.752195, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A97B0000FFFFFFFF >[2011/12/13 17:45:44.752322, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9785058 >[2011/12/13 17:45:44.752383, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A97B0000FFFFFFFF >[2011/12/13 17:45:44.752441, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:44.752695, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:44.753045, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:44.753306, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) >[2011/12/13 17:45:44.753341, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:127.0.0.1:50397 to ipv4:127.0.0.1:445 >[2011/12/13 17:45:44.753401, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2011/12/13 17:45:44.753494, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2011/12/13 17:45:44.753538, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2011/12/13 17:45:44.753585, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb9785a88 >[2011/12/13 17:45:44.753623, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb9773a60 >[2011/12/13 17:45:44.753660, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb9751f10 >[2011/12/13 17:45:44.753733, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2011/12/13 17:45:44.753781, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2011/12/13 17:45:44.753817, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2011/12/13 17:45:44.753850, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:44.753871, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=31656 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2011/12/13 17:45:44.754033, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2011/12/13 17:45:44.754374, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 31657) conn 0x0 >[2011/12/13 17:45:44.754415, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.754452, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.754488, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.754550, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:44.754889, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2011/12/13 17:45:44.754949, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2011/12/13 17:45:44.754985, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2011/12/13 17:45:44.755019, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2011/12/13 17:45:44.755054, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2011/12/13 17:45:44.755087, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2011/12/13 17:45:44.755121, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2011/12/13 17:45:44.755156, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2011/12/13 17:45:44.755190, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2011/12/13 17:45:44.755224, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2011/12/13 17:45:44.755262, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2011/12/13 17:45:44.755306, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:44.755543, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A97B0000FFFFFFFF >[2011/12/13 17:45:44.755583, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97921e0 >[2011/12/13 17:45:44.755627, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A97B0000FFFFFFFF >[2011/12/13 17:45:44.755679, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:44.755950, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2011/12/13 17:45:44.755985, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2011/12/13 17:45:44.756017, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2011/12/13 17:45:44.756049, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:44.756078, 5] lib/util.c:342(show_msg) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=31656 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]=65280 (0xFF00) > smb_vwv[ 4]= 255 (0xFF) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=43264 (0xA900) > smb_vwv[ 8]= 123 (0x7B) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]=65408 (0xFF80) > smb_vwv[12]=26947 (0x6943) > smb_vwv[13]=46760 (0xB6A8) > smb_vwv[14]=52409 (0xCCB9) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2011/12/13 17:45:44.756444, 10] ../lib/util/util.c:415(dump_data) > [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ > [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2011/12/13 17:45:44.756903, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 164 >[2011/12/13 17:45:44.756959, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2011/12/13 17:45:44.756994, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 168 (0 toread) >[2011/12/13 17:45:44.757027, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:44.757047, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31656 > smb_uid=0 > smb_mid=2 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 83 (0x53) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=105 >[2011/12/13 17:45:44.757356, 10] ../lib/util/util.c:415(dump_data) > [0000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. > [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 > [0020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .1NTLMSS P....... > [0030] 08 60 0B 00 0B 00 20 00 00 00 06 00 06 00 2B 00 .`.... . ......+. > [0040] 00 00 58 38 36 45 52 52 33 30 30 53 33 4D 41 53 ..X86ERR 300S3MAS > [0050] 54 45 52 55 00 6E 00 69 00 78 00 00 00 53 00 61 TERU.n.i .x...S.a > [0060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . >[2011/12/13 17:45:44.757586, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 31657) conn 0x0 >[2011/12/13 17:45:44.757621, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.757654, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.757685, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.757735, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:44.757773, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2011/12/13 17:45:44.757812, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2011/12/13 17:45:44.757849, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2011/12/13 17:45:44.757886, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2011/12/13 17:45:44.757952, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >[2011/12/13 17:45:44.757988, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 49 >[2011/12/13 17:45:44.758221, 5] auth/auth.c:528(make_auth_context_subsystem) > Using specified auth order >[2011/12/13 17:45:44.758282, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2011/12/13 17:45:44.758317, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2011/12/13 17:45:44.758348, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2011/12/13 17:45:44.758381, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2011/12/13 17:45:44.758414, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend unix >[2011/12/13 17:45:44.758447, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'unix' >[2011/12/13 17:45:44.758477, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2011/12/13 17:45:44.758510, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2011/12/13 17:45:44.758541, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend wbc >[2011/12/13 17:45:44.758573, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'wbc' >[2011/12/13 17:45:44.758605, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend smbserver >[2011/12/13 17:45:44.758638, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'smbserver' >[2011/12/13 17:45:44.758671, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend trustdomain >[2011/12/13 17:45:44.758704, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'trustdomain' >[2011/12/13 17:45:44.758734, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend ntdomain >[2011/12/13 17:45:44.758767, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'ntdomain' >[2011/12/13 17:45:44.758799, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2011/12/13 17:45:44.758846, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2011/12/13 17:45:44.758878, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2011/12/13 17:45:44.758911, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2011/12/13 17:45:44.758944, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2011/12/13 17:45:44.758976, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2011/12/13 17:45:44.759008, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind >[2011/12/13 17:45:44.759040, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2011/12/13 17:45:44.759087, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2011/12/13 17:45:44.759240, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x000b (11) > DomainNameMaxLen : 0x000b (11) > DomainName : * > DomainName : 'X86ERR300S3' > WorkstationLen : 0x0006 (6) > WorkstationMaxLen : 0x0006 (6) > Workstation : * > Workstation : 'MASTER' >[2011/12/13 17:45:44.759826, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module guest did not want to specify a challenge >[2011/12/13 17:45:44.759861, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module sam did not want to specify a challenge >[2011/12/13 17:45:44.759893, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module winbind did not want to specify a challenge >[2011/12/13 17:45:44.759931, 5] auth/auth.c:134(get_ntlm_challenge) > auth_context challenge created by random >[2011/12/13 17:45:44.759964, 5] auth/auth.c:135(get_ntlm_challenge) > challenge is: >[2011/12/13 17:45:44.759995, 5] ../lib/util/util.c:415(dump_data) > [0000] 77 78 6A 2D A9 B7 10 82 wxj-.... >[2011/12/13 17:45:44.760063, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0016 (22) > TargetNameMaxLen : 0x0016 (22) > TargetName : * > TargetName : 'X86ERR300S3' > NegotiateFlags : 0x60898215 (1619624469) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : 77786a2da9b71082 > Reserved : 0000000000000000 > TargetInfoLen : 0x007c (124) > TargetNameInfoMaxLen : 0x007c (124) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0016 (22) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'X86ERR300S3' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000c (12) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'MASTER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001c (28) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002a (42) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'master.x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) >[2011/12/13 17:45:44.761119, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:44.761144, 5] lib/util.c:342(show_msg) > size=326 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=31656 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 225 (0xE1) > smb_bcc=283 >[2011/12/13 17:45:44.761353, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 81 DE 30 81 DB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [0010] 06 01 04 01 82 37 02 02 0A A2 81 C5 04 81 C2 4E .....7.. .......N > [0020] 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 00 30 TLMSSP.. .......0 > [0030] 00 00 00 15 82 89 60 77 78 6A 2D A9 B7 10 82 00 ......`w xj-..... > [0040] 00 00 00 00 00 00 00 7C 00 7C 00 46 00 00 00 58 .......| .|.F...X > [0050] 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 30 .8.6.E.R .R.3.0.0 > [0060] 00 53 00 33 00 02 00 16 00 58 00 38 00 36 00 45 .S.3.... .X.8.6.E > [0070] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 .R.R.3.0 .0.S.3.. > [0080] 00 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 ...M.A.S .T.E.R.. > [0090] 00 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 ...x.8.6 .e.r.r.3 > [00A0] 00 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 .0.0.s.3 ...q.a.. > [00B0] 00 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E .*.m.a.s .t.e.r.. > [00C0] 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 .x.8.6.e .r.r.3.0 > [00D0] 00 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 .0.s.3.. .q.a.... > [00E0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [00F0] 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E 00 36 .b.a. .3 ...6...6 > [0100] 00 00 00 58 00 38 00 36 00 45 00 52 00 52 00 33 ...X.8.6 .E.R.R.3 > [0110] 00 30 00 30 00 53 00 33 00 00 00 .0.0.S.3 ... >[2011/12/13 17:45:44.762144, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 430 >[2011/12/13 17:45:44.762198, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1ae >[2011/12/13 17:45:44.762233, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 434 (0 toread) >[2011/12/13 17:45:44.762265, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:44.762284, 5] lib/util.c:342(show_msg) > size=430 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31656 > smb_uid=100 > smb_mid=3 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 348 (0x15C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=371 >[2011/12/13 17:45:44.762599, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 82 01 58 30 82 01 54 A2 82 01 50 04 82 01 4C ...X0..T ...P...L > [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ > [0020] 40 00 00 00 A8 00 A8 00 58 00 00 00 16 00 16 00 @....... X....... > [0030] 00 01 00 00 1A 00 1A 00 16 01 00 00 0C 00 0C 00 ........ ........ > [0040] 30 01 00 00 10 00 10 00 3C 01 00 00 15 82 08 60 0....... <......` > [0050] FF 59 BC 87 3D B1 AC E1 E3 44 91 CC 6A CB 1F 86 .Y..=... .D..j... > [0060] 50 44 F6 D2 11 D5 0F E0 20 5A A3 2F B5 5C 6C 7A PD...... Z./.\lz > [0070] A7 26 6C BF 1B FD 96 37 01 01 00 00 00 00 00 00 .&l....7 ........ > [0080] 00 EC F5 A7 B6 B9 CC 01 9B A2 74 2D 57 1D 4F 34 ........ ..t-W.O4 > [0090] 00 00 00 00 02 00 16 00 58 00 38 00 36 00 45 00 ........ X.8.6.E. > [00A0] 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 00 R.R.3.0. 0.S.3... > [00B0] 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 00 ..M.A.S. T.E.R... > [00C0] 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 ..x.8.6. e.r.r.3. > [00D0] 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 00 0.0.s.3. ..q.a... > [00E0] 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E 00 *.m.a.s. t.e.r... > [00F0] 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 00 x.8.6.e. r.r.3.0. > [0100] 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 00 0.s.3... q.a..... > [0110] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. > [0120] 30 00 53 00 33 00 41 00 64 00 6D 00 69 00 6E 00 0.S.3.A. d.m.i.n. > [0130] 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 i.s.t.r. a.t.o.r. > [0140] 4D 00 41 00 53 00 54 00 45 00 52 00 A5 B5 9F 4D M.A.S.T. E.R....M > [0150] CA E2 17 A0 C1 5C 97 18 0E 8E 27 33 00 55 00 6E .....\.. ..'3.U.n > [0160] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [0170] 00 00 00 ... >[2011/12/13 17:45:44.763306, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 31657) conn 0x0 >[2011/12/13 17:45:44.763343, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.763375, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.763406, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.763456, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:44.763491, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2011/12/13 17:45:44.763524, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2011/12/13 17:45:44.763558, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2011/12/13 17:45:44.763635, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : ff59bc873db1ace1e34491cc6acb1f865044f6d211d50fe0 > NtChallengeResponseLen : 0x00a8 (168) > NtChallengeResponseMaxLen: 0x00a8 (168) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 168) > v2: struct NTLMv2_RESPONSE > Response : 205aa32fb55c6c7aa7266cbf1bfd9637 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Di Dez 13 17:45:44 2011 CET > ChallengeFromClient : 9ba2742d571d4f34 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0016 (22) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'X86ERR300S3' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000c (12) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'MASTER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001c (28) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002a (42) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'master.x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0016 (22) > DomainNameMaxLen : 0x0016 (22) > DomainName : * > DomainName : 'X86ERR300S3' > UserNameLen : 0x001a (26) > UserNameMaxLen : 0x001a (26) > UserName : * > UserName : 'Administrator' > WorkstationLen : 0x000c (12) > WorkstationMaxLen : 0x000c (12) > Workstation : * > Workstation : 'MASTER' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] A5 B5 9F 4D CA E2 17 A0 C1 5C 97 18 0E 8E 27 33 ...M.... .\....'3 > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 >[2011/12/13 17:45:44.765249, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) > Got user=[Administrator] domain=[X86ERR300S3] workstation=[MASTER] len1=24 len2=168 >[2011/12/13 17:45:44.765313, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:44.765554, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [X86ERR300S3]\[Administrator] from workstation [MASTER] >[2011/12/13 17:45:44.765593, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for Administrator (Administrator) >[2011/12/13 17:45:44.765629, 5] auth/user_info.c:70(make_user_info) > making strings for Administrator's user_info struct >[2011/12/13 17:45:44.765662, 5] auth/user_info.c:87(make_user_info) > making blobs for Administrator's user_info struct >[2011/12/13 17:45:44.765694, 10] auth/user_info.c:123(make_user_info) > made a user_info for Administrator (Administrator) >[2011/12/13 17:45:44.765726, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [X86ERR300S3]\[Administrator]@[MASTER] with the new password interface >[2011/12/13 17:45:44.765759, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [X86ERR300S3]\[Administrator]@[MASTER] >[2011/12/13 17:45:44.765791, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2011/12/13 17:45:44.765823, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2011/12/13 17:45:44.765853, 5] ../lib/util/util.c:415(dump_data) > [0000] 77 78 6A 2D A9 B7 10 82 wxj-.... >[2011/12/13 17:45:44.765903, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [Administrator] >[2011/12/13 17:45:44.765933, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2011/12/13 17:45:44.765968, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [Administrator] >[2011/12/13 17:45:44.765999, 8] lib/util.c:1521(is_myname) > is_myname("X86ERR300S3") returns 0 >[2011/12/13 17:45:44.766036, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.766071, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.766104, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.766135, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.766166, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.766257, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=Administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:44.767055, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2011/12/13 17:45:44.767110, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 >[2011/12/13 17:45:44.772148, 3] lib/smbldap.c:803(smb_ldap_start_tls) > StartTLS issued: using a TLS connection >[2011/12/13 17:45:44.772205, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2011/12/13 17:45:44.772239, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" >[2011/12/13 17:45:44.773509, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2011/12/13 17:45:44.773582, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2011/12/13 17:45:44.774197, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Administrator >[2011/12/13 17:45:44.774254, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:44.774295, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:44.774329, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:44.774373, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:44.774412, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:44.774463, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:44.774504, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:44.774543, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:44.774581, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:44.774620, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:44.774660, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:44.774701, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:44.774734, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:44.774774, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:44.774827, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:44.774874, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:44.774909, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:44.774949, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:44.774988, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:44.775030, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:44.775069, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:44.775107, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:44.775159, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.775195, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.775239, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.775271, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.775303, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.775391, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 > (-1323794744 seconds in the past) >[2011/12/13 17:45:44.775485, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2011/12/13 17:45:44.775525, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] >[2011/12/13 17:45:44.775930, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2011/12/13 17:45:44.775985, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Tue Dec 13 17:46:44 2011 > (60 seconds ahead) >[2011/12/13 17:45:44.776060, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.776111, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:44.776152, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:44.776191, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:44.776269, 5] passdb/login_cache.c:47(login_cache_init) > Opening cache file at /var/cache/samba/login_cache.tdb >[2011/12/13 17:45:44.776330, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user Administrator >[2011/12/13 17:45:44.776369, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:44.776402, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:44.776445, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.776480, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.776512, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.776544, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.776576, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.776638, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Jan 1 01:00:00 1970 > (-1323794744 seconds in the past) >[2011/12/13 17:45:44.776737, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2011/12/13 17:45:44.776782, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] >[2011/12/13 17:45:44.777182, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2011/12/13 17:45:44.777238, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Tue Dec 13 17:46:44 2011 > (60 seconds ahead) >[2011/12/13 17:45:44.777310, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.777359, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:44.777393, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:44.777537, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:44.777603, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:44.777652, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.777688, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.777722, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.777755, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.777786, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.777851, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.777901, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:44.777937, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:44.777970, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:44.778003, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:44.778043, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:44.778078, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:44.778113, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:44.778153, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:44.778189, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:44.778224, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.778258, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.778290, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.778322, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.778354, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.778414, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.778454, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:44.778491, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 >[2011/12/13 17:45:44.778545, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:44.778589, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.778628, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [X86ERR300S3] >[2011/12/13 17:45:44.778687, 4] auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user Administrator >[2011/12/13 17:45:44.778733, 5] auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user Administrator allowed to logon at this time (Tue Dec 13 16:45:44 2011 > ) >[2011/12/13 17:45:44.778788, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.778838, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.778871, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.778903, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.778935, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.778996, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.779035, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.779068, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.779100, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.779132, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.779164, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.779214, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:44.779248, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:44.779283, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:44.779322, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.779356, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.779388, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.779420, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.779451, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.779513, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Jan 1 01:00:00 1970 > (-1323794744 seconds in the past) >[2011/12/13 17:45:44.779585, 10] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2011/12/13 17:45:44.779623, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(objectClass=sambaDomain)], scope => [0] >[2011/12/13 17:45:44.780027, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2011/12/13 17:45:44.780081, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Tue Dec 13 17:46:44 2011 > (60 seconds ahead) >[2011/12/13 17:45:44.780155, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.780193, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.780226, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.780259, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:44.780291, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.780322, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.780383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.780423, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:44.780466, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:44.780502, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:44.780556, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [Administrator] >[2011/12/13 17:45:44.790493, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5001 -> sid S-1-5-21-861941570-1634457251-3974523304-513 >[2011/12/13 17:45:44.790563, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5005 -> sid S-1-5-21-861941570-1634457251-3974523304-11012 >[2011/12/13 17:45:44.790617, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 1005 -> sid S-1-5-21-861941570-1634457251-3974523304-11011 >[2011/12/13 17:45:44.790666, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5020 -> sid S-1-5-11 >[2011/12/13 17:45:44.790715, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5006 -> sid S-1-5-21-861941570-1634457251-3974523304-11013 >[2011/12/13 17:45:44.790765, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5007 -> sid S-1-5-21-861941570-1634457251-3974523304-11015 >[2011/12/13 17:45:44.790820, 5] auth/server_info_sam.c:120(make_server_info_sam) > make_server_info_sam: made server info for user Administrator -> Administrator >[2011/12/13 17:45:44.790866, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.790909, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: sam authentication for user [Administrator] succeeded >[2011/12/13 17:45:44.790945, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.790978, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.791011, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.791043, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.791074, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.791127, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: Administrator >[2011/12/13 17:45:44.793834, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 127.0.0.1 >[2011/12/13 17:45:44.793883, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:44.793918, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: Administrator >[2011/12/13 17:45:44.793951, 4] auth/pampass.c:567(smb_pam_account) > smb_pam_account: PAM: Account Management for User: Administrator >[2011/12/13 17:45:44.832972, 4] auth/pampass.c:586(smb_pam_account) > smb_pam_account: PAM: Account OK for User: Administrator >[2011/12/13 17:45:44.833195, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:44.833247, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.833283, 5] auth/auth.c:296(check_ntlm_password) > check_ntlm_password: PAM Account for user [Administrator] succeeded >[2011/12/13 17:45:44.833316, 2] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded >[2011/12/13 17:45:44.833355, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for Administrator >[2011/12/13 17:45:44.833432, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-21-861941570-1634457251-3974523304-500 > Privilege set: 0x20 >[2011/12/13 17:45:44.833492, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-512] >[2011/12/13 17:45:44.833536, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] >[2011/12/13 17:45:44.833593, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11012] >[2011/12/13 17:45:44.833637, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11011] >[2011/12/13 17:45:44.833680, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11013] >[2011/12/13 17:45:44.833722, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-11015] >[2011/12/13 17:45:44.833763, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2011/12/13 17:45:44.833804, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2011/12/13 17:45:44.833856, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2011/12/13 17:45:44.833896, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2011/12/13 17:45:44.837348, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.837407, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.837442, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:44.837475, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:44.837507, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:44.837573, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2011/12/13 17:45:44.837954, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2011/12/13 17:45:44.838015, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:44.838053, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:44.838089, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:44.838127, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2011/12/13 17:45:44.838171, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:44.838537, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2002 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:44.838684, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) > Got NT session key of length 16 >[2011/12/13 17:45:44.838728, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) > Got LM session key of length 8 >[2011/12/13 17:45:44.838761, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2011/12/13 17:45:44.838800, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: >[2011/12/13 17:45:44.838850, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2011/12/13 17:45:44.838997, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (2002,5000) Administrator Administrator X86ERR300S3 guest=0 >[2011/12/13 17:45:44.839035, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: Administrator Real name: Administrator >[2011/12/13 17:45:44.839067, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 2002 is UNIX user Administrator, and will be vuid 100 >[2011/12/13 17:45:44.839114, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F33313635372F31 >[2011/12/13 17:45:44.839159, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97720c0 >[2011/12/13 17:45:44.839196, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: Administrator >[2011/12/13 17:45:44.841571, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 127.0.0.1 >[2011/12/13 17:45:44.841616, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:44.841650, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: Administrator >[2011/12/13 17:45:44.841684, 4] auth/pampass.c:646(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/31657/100 >[2011/12/13 17:45:46.302806, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:46.303231, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F33313635372F31 >[2011/12/13 17:45:46.303326, 7] param/loadparm.c:9857(lp_servicenumber) > lp_servicenumber: couldn't find Administrator >[2011/12/13 17:45:46.303366, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:46.303400, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:46.303437, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:46.303470, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'Administrator' using home directory: '/home/Administrator' >[2011/12/13 17:45:46.303547, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 5 for Administrator >[2011/12/13 17:45:46.303585, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 5 for service name Administrator >[2011/12/13 17:45:46.303627, 3] param/loadparm.c:6605(lp_add_home) > adding home's share [Administrator] for user 'Administrator' at '/home/Administrator' >[2011/12/13 17:45:46.303690, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:46.303961, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.303994, 5] lib/util.c:342(show_msg) > size=110 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=31656 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=67 >[2011/12/13 17:45:46.304208, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [0020] 00 2E 00 36 00 2E 00 36 00 00 00 58 00 38 00 36 ...6...6 ...X.8.6 > [0030] 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 33 .E.R.R.3 .0.0.S.3 > [0040] 00 00 00 ... >[2011/12/13 17:45:46.304633, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2011/12/13 17:45:46.304688, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2011/12/13 17:45:46.304769, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 86 (0 toread) >[2011/12/13 17:45:46.304805, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.304825, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31656 > smb_uid=100 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2011/12/13 17:45:46.305037, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 31 00 32 00 37 00 2E 00 30 00 2E .\.\.1.2 .7...0.. > [0010] 00 30 00 2E 00 31 00 5C 00 49 00 50 00 43 00 24 .0...1.\ .I.P.C.$ > [0020] 00 00 00 49 50 43 00 ...IPC. >[2011/12/13 17:45:46.305148, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 31657) conn 0x0 >[2011/12/13 17:45:46.305184, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.305218, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.305251, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.305308, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.305357, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [IPC] for share [IPC$] >[2011/12/13 17:45:46.305410, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2011/12/13 17:45:46.305453, 3] lib/access.c:338(allow_access) > Allowed connection from 127.0.0.1 (127.0.0.1) >[2011/12/13 17:45:46.305493, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user Administrator >[2011/12/13 17:45:46.305541, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:46.305576, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:46.305610, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:46.305650, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:46.305686, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2011/12/13 17:45:46.305744, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:46.305787, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2011/12/13 17:45:46.305827, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2011/12/13 17:45:46.305865, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2011/12/13 17:45:46.305899, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2011/12/13 17:45:46.305943, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2011/12/13 17:45:46.305977, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2011/12/13 17:45:46.306009, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2011/12/13 17:45:46.306042, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2011/12/13 17:45:46.306094, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2011/12/13 17:45:46.306188, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A97B0000FFFFFFFFA765 >[2011/12/13 17:45:46.306229, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9792230 >[2011/12/13 17:45:46.306438, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A97B0000FFFFFFFFA765 >[2011/12/13 17:45:46.306575, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:46.306620, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user Administrator >[2011/12/13 17:45:46.306657, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user Administrator >[2011/12/13 17:45:46.306701, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:46.306741, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID administrator is not in a valid format >[2011/12/13 17:45:46.306781, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] >[2011/12/13 17:45:46.306837, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:46.306877, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.306912, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.306945, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.306977, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.307008, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.307085, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:46.307885, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Administrator >[2011/12/13 17:45:46.307941, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:46.307978, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:46.308012, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:46.308055, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:46.308092, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:46.308143, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:46.308184, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:46.308222, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:46.308271, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:46.308311, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:46.308350, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:46.308392, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:46.308424, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:46.308464, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:46.308504, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:46.308545, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:46.308579, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:46.308619, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:46.308658, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:46.308743, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:46.308793, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:46.308832, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:46.308883, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.308919, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.308952, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.308985, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.309016, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.309084, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.309134, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:46.309175, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:46.309214, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:46.309266, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user Administrator >[2011/12/13 17:45:46.309305, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:46.309338, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:46.309377, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.309410, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.309443, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.309475, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.309506, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.309565, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.309605, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:46.309647, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:46.309682, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:46.309720, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.309754, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.309786, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.309817, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.309848, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.309908, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.309952, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:46.309987, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:46.310019, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:46.310052, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:46.310091, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:46.310126, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:46.310160, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:46.310199, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:46.310234, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:46.310269, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.310302, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.310334, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.310366, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.310398, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.310458, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.310496, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:46.310533, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 >[2011/12/13 17:45:46.310585, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:46.310634, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.310688, 2] smbd/uid.c:180(check_user_ok) > check_user_ok: user Administrator is an admin user. Setting uid as 0 >[2011/12/13 17:45:46.310729, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.310764, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.311144, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.311298, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.311337, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.311370, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.311402, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.311451, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.311490, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:46.311537, 3] smbd/service.c:1114(make_connection_snum) > master (127.0.0.1) connect to service IPC$ initially as user Administrator (uid=0, gid=5000) (pid 31657) >[2011/12/13 17:45:46.311582, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2011/12/13 17:45:46.311813, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2011/12/13 17:45:46.311867, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2011/12/13 17:45:46.311902, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 106 (0 toread) >[2011/12/13 17:45:46.311935, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.311954, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=5 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=19 >[2011/12/13 17:45:46.312413, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 00 00 ... >[2011/12/13 17:45:46.312489, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.312534, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.312571, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.312967, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.313118, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.313158, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2011/12/13 17:45:46.313210, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc >[2011/12/13 17:45:46.313255, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2011/12/13 17:45:46.313298, 5] smbd/files.c:140(file_new) > allocated file structure 23011, fnum = 27107 (1 used) >[2011/12/13 17:45:46.313338, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/lsarpc hash 0xa9e2e929 >[2011/12/13 17:45:46.313386, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2011/12/13 17:45:46.313437, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \lsarpc >[2011/12/13 17:45:46.313472, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc >[2011/12/13 17:45:46.313513, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2011/12/13 17:45:46.313550, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2011/12/13 17:45:46.313773, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:46.313827, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:46.313862, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 160 (0 toread) >[2011/12/13 17:45:46.313895, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.313915, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27107 (0x69E3) > smb_bcc=89 >[2011/12/13 17:45:46.314276, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:46.314479, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.314532, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.314571, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.314938, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.315091, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.315137, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:46.315176, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.315207, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.315242, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.315276, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e3) >[2011/12/13 17:45:46.315311, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.315345, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:46.315381, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:46.315414, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:46.315447, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.315481, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.315512, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:46.315544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:46.315580, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.315612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:46.315644, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:46.315679, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.315725, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:46.316236, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:46.316276, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:46.316312, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:46.316344, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \lsarpc >[2011/12/13 17:45:46.316381, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:46.316432, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\lsarpc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:46.316948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:46.317003, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.317043, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2011/12/13 17:45:46.317080, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:46.317143, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2011/12/13 17:45:46.317181, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2011/12/13 17:45:46.317215, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.317235, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2011/12/13 17:45:46.317518, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2011/12/13 17:45:46.317890, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 144 >[2011/12/13 17:45:46.317945, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2011/12/13 17:45:46.317980, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 148 (0 toread) >[2011/12/13 17:45:46.318013, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.318033, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27107 (0x69E3) > smb_bcc=77 >[2011/12/13 17:45:46.318395, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .$...... .....\.. > [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ..... >[2011/12/13 17:45:46.318567, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.318611, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.318648, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.319116, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.319281, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.319323, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2011/12/13 17:45:46.319360, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.319391, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.319423, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.319455, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e3) >[2011/12/13 17:45:46.319488, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.319521, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2011/12/13 17:45:46.319554, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2011/12/13 17:45:46.319586, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 >[2011/12/13 17:45:46.319618, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.319652, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.319683, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:46.319714, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:46.319748, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.319779, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:46.319810, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 >[2011/12/13 17:45:46.319843, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.319879, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 02 .... >[2011/12/13 17:45:46.320339, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.320372, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.320416, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.320453, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2011/12/13 17:45:46.320492, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[6].fn == 0xb7147920 >[2011/12/13 17:45:46.320534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : NULL > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2011/12/13 17:45:46.321047, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff >[2011/12/13 17:45:46.321094, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) >[2011/12/13 17:45:46.321140, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.321215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-3a81a97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.321352, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.321390, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2011/12/13 17:45:46.321433, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.321470, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.321514, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:46.321915, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:46.321960, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.321996, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.322029, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.322049, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.322328, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... > [0030] 00 . >[2011/12/13 17:45:46.322629, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 130 >[2011/12/13 17:45:46.322683, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x82 >[2011/12/13 17:45:46.322718, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 134 (0 toread) >[2011/12/13 17:45:46.322751, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.322771, 5] lib/util.c:342(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27107 (0x69E3) > smb_bcc=63 >[2011/12/13 17:45:46.323142, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 05 00 ......N: ..{.... >[2011/12/13 17:45:46.323288, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.323326, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.323362, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.323728, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.323879, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.323919, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2011/12/13 17:45:46.323955, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.323986, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.324017, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.324048, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e3) >[2011/12/13 17:45:46.324082, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.324115, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 46 >[2011/12/13 17:45:46.324148, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2011/12/13 17:45:46.324180, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 >[2011/12/13 17:45:46.324212, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.324245, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.324276, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:46.324308, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 >[2011/12/13 17:45:46.324341, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.324372, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:46.324404, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 >[2011/12/13 17:45:46.324437, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.324472, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002e (46) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=22 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 05 00 .{.... >[2011/12/13 17:45:46.324937, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.324973, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.325006, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.325041, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2011/12/13 17:45:46.325076, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[7].fn == 0xb7147620 >[2011/12/13 17:45:46.325115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-3a81a97b0000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2011/12/13 17:45:46.325253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.325334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0016 (22) > size : 0x0018 (24) > string : * > string : 'X86ERR300S3' > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304 > result : NT_STATUS_OK >[2011/12/13 17:45:46.325583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.325623, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2011/12/13 17:45:46.325668, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.325705, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. >[2011/12/13 17:45:46.325746, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0070 (112) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000058 (88) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=88 > [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ > [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ > [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. > [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ > [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka > [0050] A8 69 E6 EC 00 00 00 00 .i...... >[2011/12/13 17:45:46.326298, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 68 >[2011/12/13 17:45:46.326342, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 112 bytes. There is no more data outstanding >[2011/12/13 17:45:46.326377, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..112] (align 0) >[2011/12/13 17:45:46.326411, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.326430, 5] lib/util.c:342(show_msg) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2011/12/13 17:45:46.326709, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 ........ .p...... > [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ > [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ > [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E > [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. > [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... > [0070] 00 . >[2011/12/13 17:45:46.327149, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2011/12/13 17:45:46.327203, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2011/12/13 17:45:46.327238, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 132 (0 toread) >[2011/12/13 17:45:46.327271, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.327290, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27107 (0x69E3) > smb_bcc=61 >[2011/12/13 17:45:46.327648, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. >[2011/12/13 17:45:46.327790, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.327828, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.327864, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.328227, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.328378, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.328419, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2011/12/13 17:45:46.328455, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.328486, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.328517, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.328548, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e3) >[2011/12/13 17:45:46.328582, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.328615, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2011/12/13 17:45:46.328648, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:46.328679, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:46.328744, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.328780, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.328812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.328843, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2011/12/13 17:45:46.328877, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.328908, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.328939, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2011/12/13 17:45:46.328972, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.329008, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.329437, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.329470, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.329503, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.329537, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2011/12/13 17:45:46.329573, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0xb71489f0 >[2011/12/13 17:45:46.329611, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-3a81a97b0000 >[2011/12/13 17:45:46.329730, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.329807, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.329881, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:46.329914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.330202, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.330244, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2011/12/13 17:45:46.330289, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.330327, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.330368, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:46.330760, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:46.330824, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.330864, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.330898, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.330918, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.331198, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2011/12/13 17:45:46.331486, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:46.331540, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:46.331575, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 45 (0 toread) >[2011/12/13 17:45:46.331608, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.331628, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=10 > smt_wct=3 > smb_vwv[ 0]=27107 (0x69E3) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:46.331827, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.331849, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.331887, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.331923, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.332280, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.332433, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.332474, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27107 (numopen=1) >[2011/12/13 17:45:46.332513, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:46.332562, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2011/12/13 17:45:46.332601, 5] smbd/files.c:482(file_free) > freed files structure 27107 (0 used) >[2011/12/13 17:45:46.332646, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.332667, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:46.332857, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.333012, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2011/12/13 17:45:46.333065, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2011/12/13 17:45:46.333100, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 106 (0 toread) >[2011/12/13 17:45:46.333132, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.333152, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=11 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=19 >[2011/12/13 17:45:46.333609, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 00 00 ... >[2011/12/13 17:45:46.333685, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.333723, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.333759, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.334118, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.334271, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.334311, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc >[2011/12/13 17:45:46.334349, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2011/12/13 17:45:46.334384, 5] smbd/files.c:140(file_new) > allocated file structure 23012, fnum = 27108 (1 used) >[2011/12/13 17:45:46.334422, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/lsarpc hash 0xa9e2e929 >[2011/12/13 17:45:46.334470, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2011/12/13 17:45:46.334510, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \lsarpc >[2011/12/13 17:45:46.334544, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc >[2011/12/13 17:45:46.334585, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2011/12/13 17:45:46.334622, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2011/12/13 17:45:46.334813, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:46.334868, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:46.334904, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 160 (0 toread) >[2011/12/13 17:45:46.334937, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.334957, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=89 >[2011/12/13 17:45:46.335318, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:46.335519, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.335557, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.335593, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.335947, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.336099, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.336139, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:46.336175, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.336215, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.336248, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.336279, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.336312, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.336345, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:46.336379, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:46.336410, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:46.336443, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.336475, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.336507, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:46.336538, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:46.336571, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.336602, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:46.336633, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:46.336666, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.336729, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:46.337229, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:46.337264, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:46.337297, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:46.337329, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \lsarpc >[2011/12/13 17:45:46.337372, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:46.337416, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\lsarpc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:46.337885, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:46.337931, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.337968, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2011/12/13 17:45:46.338003, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:46.338043, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2011/12/13 17:45:46.338078, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2011/12/13 17:45:46.338112, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.338131, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2011/12/13 17:45:46.338415, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 05 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2011/12/13 17:45:46.338763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 152 >[2011/12/13 17:45:46.338830, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x98 >[2011/12/13 17:45:46.338867, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 156 (0 toread) >[2011/12/13 17:45:46.338900, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.338920, 5] lib/util.c:342(show_msg) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=85 >[2011/12/13 17:45:46.339288, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... > [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. > [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ > [0050] 00 00 00 00 02 ..... >[2011/12/13 17:45:46.339484, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.339522, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.339557, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.339910, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.340061, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.340102, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=68 params=0 setup=2 >[2011/12/13 17:45:46.340139, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.340169, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.340201, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.340233, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.340266, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.340300, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 68 >[2011/12/13 17:45:46.340333, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 68 >[2011/12/13 17:45:46.340365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 68 >[2011/12/13 17:45:46.340397, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.340430, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.340462, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2011/12/13 17:45:46.340502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 52 >[2011/12/13 17:45:46.340536, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.340567, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2011/12/13 17:45:46.340598, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 52, incoming data = 52 >[2011/12/13 17:45:46.340631, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.340666, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ > [0020] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... >[2011/12/13 17:45:46.341164, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.341199, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.341232, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.341267, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2011/12/13 17:45:46.341303, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[6].fn == 0xb7147920 >[2011/12/13 17:45:46.341338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2011/12/13 17:45:46.341824, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff >[2011/12/13 17:45:46.341866, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) >[2011/12/13 17:45:46.341906, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.341983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-e74e-3a81a97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.342113, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.342151, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 52 >[2011/12/13 17:45:46.342194, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.342231, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.342271, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:46.342660, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:46.342704, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.342740, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.342774, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.342794, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.343097, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... > [0030] 00 . >[2011/12/13 17:45:46.343408, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 184 >[2011/12/13 17:45:46.343462, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb8 >[2011/12/13 17:45:46.343497, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 188 (0 toread) >[2011/12/13 17:45:46.343531, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.343550, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=117 >[2011/12/13 17:45:46.343913, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 07 00 00 ........ .d...... > [0020] 00 4C 00 00 00 00 00 0E 00 00 00 00 00 0E 00 00 .L...... ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 01 00 00 ......N: ..{..... > [0040] 00 01 00 00 00 0A 00 0A 00 00 00 02 00 05 00 00 ........ ........ > [0050] 00 00 00 00 00 05 00 00 00 75 00 73 00 65 00 72 ........ .u.s.e.r > [0060] 00 31 00 00 00 00 00 00 00 00 00 00 00 01 00 00 .1...... ........ > [0070] 00 00 00 00 00 ..... >[2011/12/13 17:45:46.344171, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.344209, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.344244, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.344598, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.344783, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.344826, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=100 params=0 setup=2 >[2011/12/13 17:45:46.344862, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.344894, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.344935, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.344967, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.345001, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.345034, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 100 >[2011/12/13 17:45:46.345067, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2011/12/13 17:45:46.345099, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 100 >[2011/12/13 17:45:46.345131, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.345164, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.345196, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 84 >[2011/12/13 17:45:46.345227, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 84 >[2011/12/13 17:45:46.345261, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.345292, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 84 >[2011/12/13 17:45:46.345323, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 84, incoming data = 84 >[2011/12/13 17:45:46.345357, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.345392, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0064 (100) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000004c (76) > context_id : 0x0000 (0) > opnum : 0x000e (14) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=76 > [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 01 00 00 00 01 00 00 00 0A 00 0A 00 .{...... ........ > [0020] 00 00 02 00 05 00 00 00 00 00 00 00 05 00 00 00 ........ ........ > [0030] 75 00 73 00 65 00 72 00 31 00 00 00 00 00 00 00 u.s.e.r. 1....... > [0040] 00 00 00 00 01 00 00 00 00 00 00 00 ........ .... >[2011/12/13 17:45:46.345930, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.345964, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.345996, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.346031, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0xe - api_rpcTNP: rpc command: LSA_LOOKUPNAMES >[2011/12/13 17:45:46.346067, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[14].fn == 0xb71461e0 >[2011/12/13 17:45:46.346113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_LookupNames: struct lsa_LookupNames > in: struct lsa_LookupNames > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-e74e-3a81a97b0000 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x000a (10) > size : 0x000a (10) > string : * > string : 'user1' > sids : * > sids: struct lsa_TransSidArray > count : 0x00000000 (0) > sids : NULL > level : LSA_LOOKUP_NAMES_ALL (1) > count : * > count : 0x00000000 (0) >[2011/12/13 17:45:46.346448, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.346527, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 5000) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.346564, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.346597, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.346629, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.346661, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.346711, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) > lookup_lsa_rids: looking up name user1 >[2011/12/13 17:45:46.346749, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: user1 => domain=[], name=[user1] >[2011/12/13 17:45:46.346781, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:46.346830, 10] lib/util_wellknown.c:152(lookup_wellknown_name) > map_name_to_wellknown_sid: looking up user1 >[2011/12/13 17:45:46.346871, 10] passdb/pdb_ldap.c:6170(ldapsam_get_trusteddom_pw) > ldapsam_get_trusteddom_pw called for domain user1 >[2011/12/13 17:45:46.346914, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=user1,sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=user1))], scope => [2] >[2011/12/13 17:45:46.347341, 10] lib/smbldap.c:1504(smbldap_search_ext) > Failed search for base: sambaDomainName=user1,sambaDomainName=X86ERR300S3,cn=samba,dc=x86err300s3,dc=qa, error: 32 (No such object) (unknown) >[2011/12/13 17:45:46.347414, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.347451, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.347484, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.347517, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.347549, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.347620, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=user1)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:46.348222, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: user1 >[2011/12/13 17:45:46.348275, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username user1, was >[2011/12/13 17:45:46.348400, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:46.348437, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username user1, was >[2011/12/13 17:45:46.348480, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:46.348515, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:46.348566, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:46.348607, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:46.348646, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:46.348685, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:46.348753, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:46.348794, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name univention, was >[2011/12/13 17:45:46.348836, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:46.348868, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:46.348908, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:46.348946, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\user1, was >[2011/12/13 17:45:46.348987, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:46.349021, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:46.349061, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:46.349100, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was >[2011/12/13 17:45:46.349142, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:46.349182, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:46.349237, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.349273, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.349305, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.349337, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.349368, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.349433, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.349481, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:46.349523, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:46.349562, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:46.349610, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user user1 >[2011/12/13 17:45:46.349647, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:46.349680, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:46.349727, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.349761, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.349793, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.349825, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.349856, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.349917, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.349956, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:46.349989, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:46.351707, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:46.351764, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.351801, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.351834, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.351867, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.351899, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.351964, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.352009, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username user1, was >[2011/12/13 17:45:46.352044, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:46.352077, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username user1, was >[2011/12/13 17:45:46.352110, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name univention, was >[2011/12/13 17:45:46.352150, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\user1, was >[2011/12/13 17:45:46.352185, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:46.352219, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:46.352258, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was >[2011/12/13 17:45:46.352294, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:46.352329, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.352362, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.352395, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:46.352427, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.352458, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.352519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:46.352557, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:46.352594, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 from rid 5014 >[2011/12/13 17:45:46.352656, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-513 >[2011/12/13 17:45:46.352730, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:46.352780, 5] rpc_server/lsa/srv_lsa_nt.c:219(lookup_lsa_rids) > init_lsa_rids: user1 found >[2011/12/13 17:45:46.352823, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.352859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_LookupNames: struct lsa_LookupNames > out: struct lsa_LookupNames > domains : * > domains : * > domains: struct lsa_RefDomainList > count : 0x00000001 (1) > domains : * > domains: ARRAY(1) > domains: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0016 (22) > size : 0x0018 (24) > string : * > string : 'X86ERR300S3' > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304 > max_size : 0x00000020 (32) > sids : * > sids: struct lsa_TransSidArray > count : 0x00000001 (1) > sids : * > sids: ARRAY(1) > sids: struct lsa_TranslatedSid > sid_type : SID_NAME_USER (1) > rid : 0x00001396 (5014) > sid_index : 0x00000000 (0) > count : * > count : 0x00000001 (1) > result : NT_STATUS_OK >[2011/12/13 17:45:46.353331, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.353373, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 84 >[2011/12/13 17:45:46.353421, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.353458, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 128. >[2011/12/13 17:45:46.353499, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0098 (152) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000080 (128) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=128 > [0000] 04 00 02 00 01 00 00 00 08 00 02 00 20 00 00 00 ........ .... ... > [0010] 01 00 00 00 16 00 18 00 0C 00 02 00 10 00 02 00 ........ ........ > [0020] 0C 00 00 00 00 00 00 00 0B 00 00 00 58 00 38 00 ........ ....X.8. > [0030] 36 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 6.E.R.R. 3.0.0.S. > [0040] 33 00 00 00 04 00 00 00 01 04 00 00 00 00 00 05 3....... ........ > [0050] 15 00 00 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC ....B/`3 ..ka.i.. > [0060] 01 00 00 00 14 00 02 00 01 00 00 00 01 00 00 00 ........ ........ > [0070] 96 13 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ >[2011/12/13 17:45:46.354135, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 140 >[2011/12/13 17:45:46.354181, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 152 bytes. There is no more data outstanding >[2011/12/13 17:45:46.354217, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..152] (align 0) >[2011/12/13 17:45:46.354251, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.354270, 5] lib/util.c:342(show_msg) > size=208 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 152 (0x98) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 152 (0x98) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=153 >[2011/12/13 17:45:46.354555, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 98 00 00 00 07 00 00 ........ ........ > [0010] 00 80 00 00 00 00 00 00 00 04 00 02 00 01 00 00 ........ ........ > [0020] 00 08 00 02 00 20 00 00 00 01 00 00 00 16 00 18 ..... .. ........ > [0030] 00 0C 00 02 00 10 00 02 00 0C 00 00 00 00 00 00 ........ ........ > [0040] 00 0B 00 00 00 58 00 38 00 36 00 45 00 52 00 52 .....X.8 .6.E.R.R > [0050] 00 33 00 30 00 30 00 53 00 33 00 00 00 04 00 00 .3.0.0.S .3...... > [0060] 00 01 04 00 00 00 00 00 05 15 00 00 00 42 2F 60 ........ .....B/` > [0070] 33 A3 D6 6B 61 A8 69 E6 EC 01 00 00 00 14 00 02 3..ka.i. ........ > [0080] 00 01 00 00 00 01 00 00 00 96 13 00 00 00 00 00 ........ ........ > [0090] 00 01 00 00 00 00 00 00 00 ........ . >[2011/12/13 17:45:46.355076, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2011/12/13 17:45:46.355130, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2011/12/13 17:45:46.355166, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 132 (0 toread) >[2011/12/13 17:45:46.355198, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.355218, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=61 >[2011/12/13 17:45:46.355575, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. >[2011/12/13 17:45:46.355716, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.355753, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.355789, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.356151, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.356300, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.356342, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2011/12/13 17:45:46.356378, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.356408, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.356439, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.356470, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.356504, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.356537, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2011/12/13 17:45:46.356570, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:46.356601, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:46.356633, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.356666, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.356728, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.356767, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2011/12/13 17:45:46.356801, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.356833, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.356864, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2011/12/13 17:45:46.356897, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.356933, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.357349, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.357383, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.357415, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.357449, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2011/12/13 17:45:46.357484, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0xb71489f0 >[2011/12/13 17:45:46.357517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-e74e-3a81a97b0000 >[2011/12/13 17:45:46.357629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.357703, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.357773, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:46.357805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.357931, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.357972, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2011/12/13 17:45:46.358020, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.358058, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.358098, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:46.358489, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:46.358532, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.358568, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.358602, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.358621, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.358912, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2011/12/13 17:45:46.359215, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 184 >[2011/12/13 17:45:46.359269, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb8 >[2011/12/13 17:45:46.359304, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 188 (0 toread) >[2011/12/13 17:45:46.359337, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.359357, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=117 >[2011/12/13 17:45:46.359716, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 09 00 00 ........ .d...... > [0020] 00 4C 00 00 00 00 00 2C 00 00 00 02 00 0C 00 00 .L....., ........ > [0030] 00 00 00 00 00 0C 00 00 00 5C 00 5C 00 31 00 32 ........ .\.\.1.2 > [0040] 00 37 00 2E 00 30 00 2E 00 30 00 2E 00 31 00 00 .7...0.. .0...1.. > [0050] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ > [0070] 00 00 00 00 02 ..... >[2011/12/13 17:45:46.359971, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.360009, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.360045, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.360412, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.360562, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.360603, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=100 params=0 setup=2 >[2011/12/13 17:45:46.360639, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.360670, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.360732, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.360767, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.360801, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.360835, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 100 >[2011/12/13 17:45:46.360868, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 100 >[2011/12/13 17:45:46.360900, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 100 >[2011/12/13 17:45:46.360932, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.360965, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.360997, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 84 >[2011/12/13 17:45:46.361028, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 84 >[2011/12/13 17:45:46.361062, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.361093, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 84 >[2011/12/13 17:45:46.361124, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 84, incoming data = 84 >[2011/12/13 17:45:46.361157, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.361192, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0064 (100) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000004c (76) > context_id : 0x0000 (0) > opnum : 0x002c (44) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=76 > [0000] 00 00 02 00 0C 00 00 00 00 00 00 00 0C 00 00 00 ........ ........ > [0010] 5C 00 5C 00 31 00 32 00 37 00 2E 00 30 00 2E 00 \.\.1.2. 7...0... > [0020] 30 00 2E 00 31 00 00 00 18 00 00 00 00 00 00 00 0...1... ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ > [0040] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... >[2011/12/13 17:45:46.361743, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.361777, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.361809, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.361845, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2011/12/13 17:45:46.361881, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[44].fn == 0xb7140d00 >[2011/12/13 17:45:46.361920, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : '\\127.0.0.1' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2011/12/13 17:45:46.362393, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff >[2011/12/13 17:45:46.362435, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) >[2011/12/13 17:45:46.362474, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.362551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-3a81a97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.362680, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.362718, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 84 >[2011/12/13 17:45:46.362768, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.362819, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.362862, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:46.363251, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:46.363295, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.363331, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.363364, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.363384, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.363664, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 00 00 00 ......N: ..{..... > [0030] 00 . >[2011/12/13 17:45:46.363969, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 242 >[2011/12/13 17:45:46.364024, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xf2 >[2011/12/13 17:45:46.364059, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 246 (0 toread) >[2011/12/13 17:45:46.364092, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.364111, 5] lib/util.c:342(show_msg) > size=242 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 158 (0x9E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 158 (0x9E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=175 >[2011/12/13 17:45:46.364473, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 9E 00 00 00 0A 00 00 ........ ........ > [0020] 00 86 00 00 00 00 00 25 00 00 00 00 00 0F 00 00 .......% ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 05 00 00 ......N: ..{..... > [0040] 00 01 05 00 00 00 00 00 05 15 00 00 00 42 2F 60 ........ .....B/` > [0050] 33 A3 D6 6B 61 A8 69 E6 EC 96 13 00 00 01 00 00 3..ka.i. ........ > [0060] 00 00 00 02 00 01 00 00 00 32 00 34 00 04 00 02 ........ .2.4.... > [0070] 00 1A 00 00 00 00 00 00 00 19 00 00 00 53 00 65 ........ .....S.e > [0080] 00 4D 00 61 00 63 00 68 00 69 00 6E 00 65 00 41 .M.a.c.h .i.n.e.A > [0090] 00 63 00 63 00 6F 00 75 00 6E 00 74 00 50 00 72 .c.c.o.u .n.t.P.r > [00A0] 00 69 00 76 00 69 00 6C 00 65 00 67 00 65 00 .i.v.i.l .e.g.e. >[2011/12/13 17:45:46.364868, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.364909, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.364945, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.365299, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.365448, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.365489, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=158 params=0 setup=2 >[2011/12/13 17:45:46.365525, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.365556, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.365587, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.365618, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.365651, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.365684, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 158 >[2011/12/13 17:45:46.365717, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 158 >[2011/12/13 17:45:46.365749, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 158 >[2011/12/13 17:45:46.365781, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 158, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.365814, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.365845, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 142 >[2011/12/13 17:45:46.365876, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 142 >[2011/12/13 17:45:46.365909, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.365948, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 142 >[2011/12/13 17:45:46.365981, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 142, incoming data = 142 >[2011/12/13 17:45:46.366014, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.366050, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x009e (158) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000086 (134) > context_id : 0x0000 (0) > opnum : 0x0025 (37) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=134 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 05 00 00 00 01 05 00 00 00 00 00 05 .{...... ........ > [0020] 15 00 00 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC ....B/`3 ..ka.i.. > [0030] 96 13 00 00 01 00 00 00 00 00 02 00 01 00 00 00 ........ ........ > [0040] 32 00 34 00 04 00 02 00 1A 00 00 00 00 00 00 00 2.4..... ........ > [0050] 19 00 00 00 53 00 65 00 4D 00 61 00 63 00 68 00 ....S.e. M.a.c.h. > [0060] 69 00 6E 00 65 00 41 00 63 00 63 00 6F 00 75 00 i.n.e.A. c.c.o.u. > [0070] 6E 00 74 00 50 00 72 00 69 00 76 00 69 00 6C 00 n.t.P.r. i.v.i.l. > [0080] 65 00 67 00 65 00 e.g.e. >[2011/12/13 17:45:46.366743, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.366776, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.366822, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.366859, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x25 - api_rpcTNP: rpc command: LSA_ADDACCOUNTRIGHTS >[2011/12/13 17:45:46.366895, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[37].fn == 0xb7142030 >[2011/12/13 17:45:46.366939, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_AddAccountRights: struct lsa_AddAccountRights > in: struct lsa_AddAccountRights > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-3a81a97b0000 > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304-5014 > rights : * > rights: struct lsa_RightSet > count : 0x00000001 (1) > names : * > names: ARRAY(1) > names: struct lsa_StringLarge > length : 0x0032 (50) > size : 0x0034 (52) > string : * > string : 'SeMachineAccountPrivilege' >[2011/12/13 17:45:46.367251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.367345, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_AddAccountRights: access GRANTED (requested: 0x0000000b, granted: 0x0000000b) >[2011/12/13 17:45:46.367397, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-5014] >[2011/12/13 17:45:46.367435, 10] lib/privileges.c:338(grant_privilege_bitmap) > grant_privilege: S-1-5-21-861941570-1634457251-3974523304-5014 > original privilege mask: 0x10 > new privilege mask: 0x10 >[2011/12/13 17:45:46.367508, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 505249565F532D312D35 >[2011/12/13 17:45:46.367547, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9778280 >[2011/12/13 17:45:46.367601, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 505249565F532D312D35 >[2011/12/13 17:45:46.367652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_AddAccountRights: struct lsa_AddAccountRights > out: struct lsa_AddAccountRights > result : NT_STATUS_OK >[2011/12/13 17:45:46.367720, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.367757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 142 >[2011/12/13 17:45:46.367801, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.367837, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. >[2011/12/13 17:45:46.367878, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x001c (28) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000004 (4) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4 > [0000] 00 00 00 00 .... >[2011/12/13 17:45:46.368224, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:46.368267, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 28 bytes. There is no more data outstanding >[2011/12/13 17:45:46.368303, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..28] (align 0) >[2011/12/13 17:45:46.368337, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.368356, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2011/12/13 17:45:46.368638, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 0A 00 00 ........ ........ > [0010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2011/12/13 17:45:46.369145, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2011/12/13 17:45:46.369202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2011/12/13 17:45:46.369237, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 132 (0 toread) >[2011/12/13 17:45:46.369271, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.369290, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27108 (0x69E4) > smb_bcc=61 >[2011/12/13 17:45:46.369647, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 3A 81 A9 7B 00 00 ......N: ..{.. >[2011/12/13 17:45:46.369789, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.369826, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.369861, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.370214, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.370364, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.370405, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2011/12/13 17:45:46.370441, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:46.370472, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:46.370503, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:46.370535, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 69e4) >[2011/12/13 17:45:46.370568, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9786d10 max_trans_reply: 4280 >[2011/12/13 17:45:46.370601, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2011/12/13 17:45:46.370634, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:46.370666, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:46.370707, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:46.370742, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:46.370772, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.370817, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2011/12/13 17:45:46.370852, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:46.370883, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:46.370914, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2011/12/13 17:45:46.370947, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:46.370983, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.371398, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:46.371431, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:46.371463, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:46.371498, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2011/12/13 17:45:46.371533, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0xb71489f0 >[2011/12/13 17:45:46.371567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-3a81a97b0000 >[2011/12/13 17:45:46.371680, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.371757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 3A 81 ........ .....N:. > [0010] A9 7B 00 00 .{.. >[2011/12/13 17:45:46.371831, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:46.371864, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2011/12/13 17:45:46.372003, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:46.372040, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2011/12/13 17:45:46.372085, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:46.372122, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:46.372162, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:46.372546, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:46.372588, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:46.372624, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:46.372657, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.372676, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:46.373347, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2011/12/13 17:45:46.373634, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:46.373688, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:46.373723, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 45 (0 toread) >[2011/12/13 17:45:46.373755, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.373775, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=19 > smt_wct=3 > smb_vwv[ 0]=27108 (0x69E4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:46.373982, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.374004, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.374042, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 5000) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.374077, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (20): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-500 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-512 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 3]: S-1-5-21-861941570-1634457251-3974523304-11012 > SID[ 4]: S-1-5-21-861941570-1634457251-3974523304-11011 > SID[ 5]: S-1-5-21-861941570-1634457251-3974523304-11013 > SID[ 6]: S-1-5-21-861941570-1634457251-3974523304-11015 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-1-0 > SID[ 9]: S-1-5-2 > SID[ 10]: S-1-5-11 > SID[ 11]: S-1-22-1-2002 > SID[ 12]: S-1-22-2-5000 > SID[ 13]: S-1-22-2-5001 > SID[ 14]: S-1-22-2-5005 > SID[ 15]: S-1-22-2-1005 > SID[ 16]: S-1-22-2-5006 > SID[ 17]: S-1-22-2-5007 > SID[ 18]: S-1-22-2-5020 > SID[ 19]: S-1-22-2-5022 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2011/12/13 17:45:46.374429, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 5000 and contains 8 supplementary groups > Group[ 0]: 5000 > Group[ 1]: 5001 > Group[ 2]: 5005 > Group[ 3]: 1005 > Group[ 4]: 5006 > Group[ 5]: 5007 > Group[ 6]: 5020 > Group[ 7]: 5022 >[2011/12/13 17:45:46.374577, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,0), gid=(0,5000) >[2011/12/13 17:45:46.374614, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27108 (numopen=1) >[2011/12/13 17:45:46.374648, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:46.374859, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2011/12/13 17:45:46.374900, 5] smbd/files.c:482(file_free) > freed files structure 27108 (0 used) >[2011/12/13 17:45:46.374937, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.374957, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=19 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:46.375117, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.375254, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 35 >[2011/12/13 17:45:46.375307, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2011/12/13 17:45:46.375341, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 39 (0 toread) >[2011/12/13 17:45:46.375374, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.375393, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=20 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:46.375553, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.375574, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 31657) conn 0xb9787de8 >[2011/12/13 17:45:46.375608, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.375641, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.375672, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.375724, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.375760, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.375793, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.375835, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.375884, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.375918, 3] smbd/service.c:1378(close_cnum) > master (127.0.0.1) closed connection to service IPC$ >[2011/12/13 17:45:46.375957, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ >[2011/12/13 17:45:46.376048, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A97B0000FFFFFFFFA765 >[2011/12/13 17:45:46.376088, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9777a00 >[2011/12/13 17:45:46.376129, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A97B0000FFFFFFFFA765 >[2011/12/13 17:45:46.376224, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2011/12/13 17:45:46.376262, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.376294, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.376325, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.376374, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.376416, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:46.376438, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31656 > smb_uid=100 > smb_mid=20 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:46.376598, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:46.377200, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2011/12/13 17:45:46.377255, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. >[2011/12/13 17:45:46.377296, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:46.377332, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:46.377364, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:46.377415, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:46.377457, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F33313635372F31 >[2011/12/13 17:45:46.377500, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9788af0 >[2011/12/13 17:45:46.377535, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: Administrator >[2011/12/13 17:45:46.380827, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 127.0.0.1 >[2011/12/13 17:45:46.578983, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:46.579031, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: Administrator >[2011/12/13 17:45:46.579065, 4] auth/pampass.c:646(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/31657/100 >[2011/12/13 17:45:46.579607, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:46.579675, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F33313635372F31 >[2011/12/13 17:45:46.579800, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (failed to receive smb request) >[2011/12/13 17:45:46.581778, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key A97B0000FFFFFFFF >[2011/12/13 17:45:46.581862, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9773e78 >[2011/12/13 17:45:46.581914, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key A97B0000FFFFFFFF >[2011/12/13 17:45:57.355429, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F87B0000FFFFFFFF >[2011/12/13 17:45:57.355547, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9785058 >[2011/12/13 17:45:57.355606, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F87B0000FFFFFFFF >[2011/12/13 17:45:57.355672, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:57.355928, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:57.356236, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.356491, 3] lib/access.c:338(allow_access) > Allowed connection from 10.200.8.180 (10.200.8.180) >[2011/12/13 17:45:57.356526, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:10.200.8.180:59693 to ipv4:10.200.8.180:445 >[2011/12/13 17:45:57.356587, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2011/12/13 17:45:57.356681, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2011/12/13 17:45:57.356759, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2011/12/13 17:45:57.356808, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb9785a88 >[2011/12/13 17:45:57.356847, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb9774830 >[2011/12/13 17:45:57.356885, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb97541f0 >[2011/12/13 17:45:57.356960, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2011/12/13 17:45:57.357008, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2011/12/13 17:45:57.357043, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2011/12/13 17:45:57.357076, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.357097, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=31735 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2011/12/13 17:45:57.357258, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2011/12/13 17:45:57.357589, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 31736) conn 0x0 >[2011/12/13 17:45:57.357629, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.357665, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.357701, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.357762, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.358082, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2011/12/13 17:45:57.358140, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2011/12/13 17:45:57.358176, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2011/12/13 17:45:57.358211, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2011/12/13 17:45:57.358246, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2011/12/13 17:45:57.358279, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2011/12/13 17:45:57.358313, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2011/12/13 17:45:57.358349, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2011/12/13 17:45:57.358384, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2011/12/13 17:45:57.358418, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2011/12/13 17:45:57.358457, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2011/12/13 17:45:57.358500, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.358737, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F87B0000FFFFFFFF >[2011/12/13 17:45:57.358775, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97921e0 >[2011/12/13 17:45:57.358832, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F87B0000FFFFFFFF >[2011/12/13 17:45:57.358889, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.359161, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2011/12/13 17:45:57.359197, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2011/12/13 17:45:57.359229, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2011/12/13 17:45:57.359261, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.359281, 5] lib/util.c:342(show_msg) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=31735 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]=65280 (0xFF00) > smb_vwv[ 4]= 255 (0xFF) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=63488 (0xF800) > smb_vwv[ 8]= 123 (0x7B) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]=61824 (0xF180) > smb_vwv[12]=60508 (0xEC5C) > smb_vwv[13]=46767 (0xB6AF) > smb_vwv[14]=52409 (0xCCB9) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2011/12/13 17:45:57.359649, 10] ../lib/util/util.c:415(dump_data) > [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ > [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2011/12/13 17:45:57.359965, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 88 >[2011/12/13 17:45:57.360019, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x58 >[2011/12/13 17:45:57.360054, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 92 (0 toread) >[2011/12/13 17:45:57.360086, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.360105, 5] lib/util.c:342(show_msg) > size=88 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31735 > smb_uid=0 > smb_mid=2 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]=31735 (0x7BF7) > smb_vwv[ 5]=31736 (0x7BF8) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=49244 (0xC05C) > smb_vwv[12]= 0 (0x0) > smb_bcc=27 >[2011/12/13 17:45:57.360421, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [0010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... >[2011/12/13 17:45:57.360501, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 31736) conn 0x0 >[2011/12/13 17:45:57.360535, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.360568, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.360599, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.360649, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.360687, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=13 flg2=0xc801 >[2011/12/13 17:45:57.360766, 3] smbd/sesssetup.c:1536(reply_sesssetup_and_X) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null] >[2011/12/13 17:45:57.360803, 3] smbd/sesssetup.c:1552(reply_sesssetup_and_X) > sesssetupX:name=[]\[]@[10.200.8.180] >[2011/12/13 17:45:57.360849, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.361078, 3] smbd/sesssetup.c:151(check_guest_password) > Got anonymous request >[2011/12/13 17:45:57.361115, 5] auth/auth.c:528(make_auth_context_subsystem) > Using specified auth order >[2011/12/13 17:45:57.361151, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2011/12/13 17:45:57.361193, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2011/12/13 17:45:57.361225, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2011/12/13 17:45:57.361257, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2011/12/13 17:45:57.361289, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend unix >[2011/12/13 17:45:57.361322, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'unix' >[2011/12/13 17:45:57.361353, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2011/12/13 17:45:57.361384, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2011/12/13 17:45:57.361415, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend wbc >[2011/12/13 17:45:57.361447, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'wbc' >[2011/12/13 17:45:57.361479, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend smbserver >[2011/12/13 17:45:57.361511, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'smbserver' >[2011/12/13 17:45:57.361544, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend trustdomain >[2011/12/13 17:45:57.361576, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'trustdomain' >[2011/12/13 17:45:57.361607, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend ntdomain >[2011/12/13 17:45:57.361639, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'ntdomain' >[2011/12/13 17:45:57.361671, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2011/12/13 17:45:57.361703, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2011/12/13 17:45:57.361734, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2011/12/13 17:45:57.361767, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2011/12/13 17:45:57.361799, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2011/12/13 17:45:57.361831, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2011/12/13 17:45:57.361863, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind >[2011/12/13 17:45:57.361895, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2011/12/13 17:45:57.361931, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for () >[2011/12/13 17:45:57.361966, 5] auth/user_info.c:70(make_user_info) > making strings for 's user_info struct >[2011/12/13 17:45:57.361998, 5] auth/user_info.c:87(make_user_info) > making blobs for 's user_info struct >[2011/12/13 17:45:57.362029, 10] auth/user_info.c:123(make_user_info) > made a user_info for () >[2011/12/13 17:45:57.362062, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2011/12/13 17:45:57.362094, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: []\[]@[] >[2011/12/13 17:45:57.362126, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by fixed >[2011/12/13 17:45:57.362157, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2011/12/13 17:45:57.362189, 5] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:57.362239, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [] >[2011/12/13 17:45:57.362283, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: guest authentication for user [] succeeded >[2011/12/13 17:45:57.362316, 5] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2011/12/13 17:45:57.362372, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2011/12/13 17:45:57.362409, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (65534,65534) nobody nobody X86ERR300S3 guest=1 >[2011/12/13 17:45:57.362443, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: nobody Real name: >[2011/12/13 17:45:57.362474, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2011/12/13 17:45:57.362522, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.362921, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 76 >[2011/12/13 17:45:57.362974, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4c >[2011/12/13 17:45:57.363009, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 80 (0 toread) >[2011/12/13 17:45:57.363042, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.363061, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31735 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2011/12/13 17:45:57.363269, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 4D 00 41 00 53 00 54 00 45 00 52 .\.\.M.A .S.T.E.R > [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [0020] 00 . >[2011/12/13 17:45:57.363374, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 31736) conn 0x0 >[2011/12/13 17:45:57.363417, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.363452, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.363483, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.363534, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.363577, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [IPC] for share [IPC$] >[2011/12/13 17:45:57.363624, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2011/12/13 17:45:57.363664, 3] lib/access.c:338(allow_access) > Allowed connection from 10.200.8.180 (10.200.8.180) >[2011/12/13 17:45:57.363711, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2011/12/13 17:45:57.363751, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2011/12/13 17:45:57.363786, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2011/12/13 17:45:57.363827, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:57.363863, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2011/12/13 17:45:57.363918, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:57.363961, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2011/12/13 17:45:57.364014, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2011/12/13 17:45:57.364052, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2011/12/13 17:45:57.364086, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2011/12/13 17:45:57.364120, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2011/12/13 17:45:57.364153, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2011/12/13 17:45:57.364184, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2011/12/13 17:45:57.364218, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2011/12/13 17:45:57.364268, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2011/12/13 17:45:57.364360, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F87B0000FFFFFFFF0567 >[2011/12/13 17:45:57.364401, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9792190 >[2011/12/13 17:45:57.364468, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F87B0000FFFFFFFF0567 >[2011/12/13 17:45:57.364595, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:57.364640, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user nobody >[2011/12/13 17:45:57.364677, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2011/12/13 17:45:57.364757, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:57.364799, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID administrator is not in a valid format >[2011/12/13 17:45:57.364842, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] >[2011/12/13 17:45:57.364878, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:57.364917, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.364951, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.364984, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.365016, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.365048, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.365137, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:57.365605, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2011/12/13 17:45:57.365658, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 >[2011/12/13 17:45:57.370647, 3] lib/smbldap.c:803(smb_ldap_start_tls) > StartTLS issued: using a TLS connection >[2011/12/13 17:45:57.370708, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2011/12/13 17:45:57.370743, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" >[2011/12/13 17:45:57.371849, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2011/12/13 17:45:57.371932, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2011/12/13 17:45:57.372554, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Administrator >[2011/12/13 17:45:57.372611, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:57.372651, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.372686, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:57.372767, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:57.372806, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:57.372857, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:57.372899, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:57.372938, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:57.372977, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:57.373016, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:57.373057, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:57.373099, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:57.373132, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.373174, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:57.373215, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:57.373257, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:57.373293, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.373334, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:57.373373, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:57.373415, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:57.373455, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:57.373494, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:57.373546, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.373583, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.373616, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.373648, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.373680, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.373769, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.373822, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:57.373874, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:57.373916, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:57.373997, 5] passdb/login_cache.c:47(login_cache_init) > Opening cache file at /var/cache/samba/login_cache.tdb >[2011/12/13 17:45:57.374058, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user Administrator >[2011/12/13 17:45:57.374097, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:57.374130, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:57.374174, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.374209, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.374241, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.374273, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.374305, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.374370, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.374415, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:57.374450, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:57.374590, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:57.374658, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:57.374704, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.374740, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.374773, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.374817, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.374853, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.374919, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.374970, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:57.375007, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.375040, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:57.375074, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:57.375114, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:57.375150, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.375368, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.375415, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:57.375451, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:57.375488, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.375522, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.375566, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.375599, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.375631, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.375696, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.375737, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:57.375776, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 >[2011/12/13 17:45:57.375830, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:57.375873, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.375919, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID join-backup is not in a valid format >[2011/12/13 17:45:57.375958, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\join-backup => domain=[X86ERR300S3], name=[join-backup] >[2011/12/13 17:45:57.375991, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:57.376025, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.376059, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.376091, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.376124, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.376155, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.376227, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=join-backup)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:57.376838, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: join-backup >[2011/12/13 17:45:57.376891, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username join-backup, was >[2011/12/13 17:45:57.376928, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.376962, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username join-backup, was >[2011/12/13 17:45:57.377004, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:57.377040, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:57.377091, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:57.377133, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:57.377173, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:57.377213, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:57.377252, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:57.377291, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Joinuser, was >[2011/12/13 17:45:57.377333, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:57.377376, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.377418, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:57.377458, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\join-backup, was >[2011/12/13 17:45:57.377501, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:57.377536, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.377577, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:57.377616, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was >[2011/12/13 17:45:57.377658, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:57.377698, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:57.377738, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:57.377786, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.377823, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.377856, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.377889, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.377921, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.377988, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.378038, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:57.378081, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:57.378121, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:57.378171, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user join-backup >[2011/12/13 17:45:57.378208, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:57.378242, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:57.378280, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.378315, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.378347, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.378380, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.378412, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.378476, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.378515, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user join-backup >[2011/12/13 17:45:57.378549, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is join-backup >[2011/12/13 17:45:57.378669, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [join-backup]! >[2011/12/13 17:45:57.378732, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5008 -> sid S-1-5-21-861941570-1634457251-3974523304-11017 >[2011/12/13 17:45:57.378776, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) > do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11017) for group of user join-backup >[2011/12/13 17:45:57.378838, 10] passdb/lookup_sid.c:964(lookup_sid) > lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11017' >[2011/12/13 17:45:57.378885, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) > Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 >[2011/12/13 17:45:57.378923, 10] passdb/lookup_sid.c:482(lookup_rids) > lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' >[2011/12/13 17:45:57.378962, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.378996, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.379028, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.379062, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.379094, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.379146, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 11017. >[2011/12/13 17:45:57.379185, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:57.379219, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.379251, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:57.379283, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.379314, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.379386, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:57.379826, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11017] count=0 >[2011/12/13 17:45:57.379897, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017))], scope => [2] >[2011/12/13 17:45:57.380356, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5008 >[2011/12/13 17:45:57.380420, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2011/12/13 17:45:57.380475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.380514, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) > lookup_rids: Backup Join:2 >[2011/12/13 17:45:57.380551, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.380587, 10] passdb/lookup_sid.c:999(lookup_sid) > Sid S-1-5-21-861941570-1634457251-3974523304-11017 -> X86ERR300S3\Backup Join(2) >[2011/12/13 17:45:57.380628, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.380664, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.380728, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.380769, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.380802, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.380869, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.380913, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username join-backup, was >[2011/12/13 17:45:57.380959, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.380993, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username join-backup, was >[2011/12/13 17:45:57.381026, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Joinuser, was >[2011/12/13 17:45:57.381066, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\join-backup, was >[2011/12/13 17:45:57.381101, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.381136, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.381175, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was >[2011/12/13 17:45:57.381210, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:57.381246, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.381280, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.381313, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.381345, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.381377, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.381441, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.381480, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:57.381517, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 from rid 5006 >[2011/12/13 17:45:57.381570, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11017 >[2011/12/13 17:45:57.381613, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.381667, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.381706, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-65534 > SID[ 7]: S-1-22-2-5001 > SID[ 8]: S-1-22-2-5022 > SID[ 9]: S-1-22-2-5012 > Privileges (0x 0): > Rights (0x 0): >[2011/12/13 17:45:57.381913, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 65534 > Primary group is 65534 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5012 >[2011/12/13 17:45:57.382004, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,65534), gid=(0,65534) >[2011/12/13 17:45:57.382044, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.382077, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.382109, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.382161, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.382201, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:57.382258, 3] smbd/service.c:1114(make_connection_snum) > 10.200.8.180 (10.200.8.180) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 31736) >[2011/12/13 17:45:57.382305, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2011/12/13 17:45:57.382595, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2011/12/13 17:45:57.382650, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2011/12/13 17:45:57.382686, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 106 (0 toread) >[2011/12/13 17:45:57.382719, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.382739, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=4 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=19 >[2011/12/13 17:45:57.383213, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 00 00 ... >[2011/12/13 17:45:57.383291, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.383329, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.383365, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (10): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-501 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-5-21-861941570-1634457251-3974523304-546 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-65534 > SID[ 7]: S-1-22-2-5001 > SID[ 8]: S-1-22-2-5022 > SID[ 9]: S-1-22-2-5012 > Privileges (0x 0): > Rights (0x 0): >[2011/12/13 17:45:57.383568, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 65534 > Primary group is 65534 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5012 >[2011/12/13 17:45:57.383660, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,65534), gid=(0,65534) >[2011/12/13 17:45:57.383700, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2011/12/13 17:45:57.383752, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc >[2011/12/13 17:45:57.383798, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2011/12/13 17:45:57.383845, 5] smbd/files.c:140(file_new) > allocated file structure 23053, fnum = 27149 (1 used) >[2011/12/13 17:45:57.383885, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/lsarpc hash 0xa9e2e929 >[2011/12/13 17:45:57.383933, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2011/12/13 17:45:57.383986, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \lsarpc >[2011/12/13 17:45:57.384021, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc >[2011/12/13 17:45:57.384062, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2011/12/13 17:45:57.384109, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2011/12/13 17:45:57.384339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:57.384394, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:57.384430, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 160 (0 toread) >[2011/12/13 17:45:57.384463, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.384483, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27149 (0x6A0D) > smb_bcc=89 >[2011/12/13 17:45:57.384878, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:57.385079, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.385115, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.385157, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:57.385197, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:57.385229, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:57.385264, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:57.385299, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) >[2011/12/13 17:45:57.385334, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9785568 max_trans_reply: 4280 >[2011/12/13 17:45:57.385368, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:57.385404, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:57.385437, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:57.385470, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:57.385504, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:57.385536, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:57.385568, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:57.385604, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:57.385636, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:57.385668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:57.385704, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:57.385763, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:57.386273, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:57.386313, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:57.386349, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:57.386382, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \lsarpc >[2011/12/13 17:45:57.386419, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:57.386471, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\lsarpc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:57.387483, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:57.387549, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:57.387588, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2011/12/13 17:45:57.387625, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:57.387676, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2011/12/13 17:45:57.387713, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2011/12/13 17:45:57.387748, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.387768, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2011/12/13 17:45:57.388049, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2011/12/13 17:45:57.388431, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 144 >[2011/12/13 17:45:57.388487, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2011/12/13 17:45:57.388523, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 148 (0 toread) >[2011/12/13 17:45:57.388557, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.388578, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27149 (0x6A0D) > smb_bcc=77 >[2011/12/13 17:45:57.388971, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .$...... .....\.. > [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ..... >[2011/12/13 17:45:57.389145, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.389182, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.389219, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2011/12/13 17:45:57.389256, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:57.389288, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:57.389320, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:57.389353, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) >[2011/12/13 17:45:57.389388, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9785568 max_trans_reply: 4280 >[2011/12/13 17:45:57.389422, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2011/12/13 17:45:57.389540, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2011/12/13 17:45:57.389576, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 >[2011/12/13 17:45:57.389610, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:57.389644, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:57.389675, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:57.389707, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:57.389741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:57.389772, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:57.389804, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 >[2011/12/13 17:45:57.389837, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:57.389874, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 02 .... >[2011/12/13 17:45:57.390337, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:57.390372, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:57.390408, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:57.390444, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2011/12/13 17:45:57.390483, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[6].fn == 0xb7147920 >[2011/12/13 17:45:57.390526, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : NULL > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2011/12/13 17:45:57.390964, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xa0000000 to 0x00020807 >[2011/12/13 17:45:57.391011, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x00020807, granted: 0x00020807) >[2011/12/13 17:45:57.391057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 .{.. >[2011/12/13 17:45:57.391136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4581f87b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:57.391274, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:57.391313, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2011/12/13 17:45:57.391357, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:57.391394, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:57.391437, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:57.391830, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:57.391875, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:57.391912, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:57.391947, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.391967, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:57.392254, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 00 00 00 ......NE ..{..... > [0030] 00 . >[2011/12/13 17:45:57.392557, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 130 >[2011/12/13 17:45:57.392611, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x82 >[2011/12/13 17:45:57.392648, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 134 (0 toread) >[2011/12/13 17:45:57.392681, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.392729, 5] lib/util.c:342(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27149 (0x6A0D) > smb_bcc=63 >[2011/12/13 17:45:57.393095, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 05 00 ......NE ..{.... >[2011/12/13 17:45:57.393238, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.393274, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.393312, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2011/12/13 17:45:57.393348, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:57.393380, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:57.393412, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:57.393444, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) >[2011/12/13 17:45:57.393479, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9785568 max_trans_reply: 4280 >[2011/12/13 17:45:57.393513, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 46 >[2011/12/13 17:45:57.393546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2011/12/13 17:45:57.393579, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 >[2011/12/13 17:45:57.393612, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:57.393646, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:57.393678, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:57.393711, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 >[2011/12/13 17:45:57.393745, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:57.393786, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:57.393820, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 >[2011/12/13 17:45:57.393854, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:57.393890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002e (46) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=22 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 05 00 .{.... >[2011/12/13 17:45:57.394306, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:57.394340, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:57.394373, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:57.394409, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2011/12/13 17:45:57.394444, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[7].fn == 0xb7147620 >[2011/12/13 17:45:57.394483, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4581f87b0000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2011/12/13 17:45:57.394624, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 .{.. >[2011/12/13 17:45:57.394704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0016 (22) > size : 0x0018 (24) > string : * > string : 'X86ERR300S3' > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304 > result : NT_STATUS_OK >[2011/12/13 17:45:57.394968, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:57.395016, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2011/12/13 17:45:57.395063, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:57.395101, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. >[2011/12/13 17:45:57.395142, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0070 (112) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000058 (88) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=88 > [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ > [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ > [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. > [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ > [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka > [0050] A8 69 E6 EC 00 00 00 00 .i...... >[2011/12/13 17:45:57.395684, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 68 >[2011/12/13 17:45:57.395727, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 112 bytes. There is no more data outstanding >[2011/12/13 17:45:57.395763, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..112] (align 0) >[2011/12/13 17:45:57.395798, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.395818, 5] lib/util.c:342(show_msg) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2011/12/13 17:45:57.396100, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 03 00 00 ........ .p...... > [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ > [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ > [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E > [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. > [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... > [0070] 00 . >[2011/12/13 17:45:57.396529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2011/12/13 17:45:57.396584, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2011/12/13 17:45:57.396620, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 132 (0 toread) >[2011/12/13 17:45:57.396654, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.396674, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27149 (0x6A0D) > smb_bcc=61 >[2011/12/13 17:45:57.397071, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 45 81 F8 7B 00 00 ......NE ..{.. >[2011/12/13 17:45:57.397216, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.397252, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.397289, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2011/12/13 17:45:57.397327, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:57.397358, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:57.397391, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:57.397423, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0d) >[2011/12/13 17:45:57.397458, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9785568 max_trans_reply: 4280 >[2011/12/13 17:45:57.397492, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2011/12/13 17:45:57.397525, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:57.397558, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:57.397591, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:57.397625, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:57.397656, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:57.397688, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2011/12/13 17:45:57.397722, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:57.397754, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:57.397786, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2011/12/13 17:45:57.397820, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:57.397856, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 .{.. >[2011/12/13 17:45:57.398281, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:57.398316, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:57.398349, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:57.398384, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2011/12/13 17:45:57.398420, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0xb71489f0 >[2011/12/13 17:45:57.398459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4581f87b0000 >[2011/12/13 17:45:57.398577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 .{.. >[2011/12/13 17:45:57.398654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 45 81 ........ .....NE. > [0010] F8 7B 00 00 .{.. >[2011/12/13 17:45:57.398728, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:57.398761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2011/12/13 17:45:57.398906, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:57.398946, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2011/12/13 17:45:57.398991, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:57.399029, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:57.399070, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:57.399466, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:57.399510, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:57.399546, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:57.399581, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.399601, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:57.399881, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2011/12/13 17:45:57.400168, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:57.400222, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:57.400258, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 45 (0 toread) >[2011/12/13 17:45:57.400292, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.400312, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=9 > smt_wct=3 > smb_vwv[ 0]=27149 (0x6A0D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:57.400510, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.400532, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.400567, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.400605, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27149 (numopen=1) >[2011/12/13 17:45:57.400643, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:57.400727, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2011/12/13 17:45:57.400773, 5] smbd/files.c:482(file_free) > freed files structure 27149 (0 used) >[2011/12/13 17:45:57.400810, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.400831, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=9 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:57.401070, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.401228, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 106 >[2011/12/13 17:45:57.401281, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x6a >[2011/12/13 17:45:57.401317, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 110 (0 toread) >[2011/12/13 17:45:57.401351, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.401371, 5] lib/util.c:342(show_msg) > size=106 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=10 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 5120 (0x1400) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=23 >[2011/12/13 17:45:57.401830, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 6E 00 65 00 74 00 6C 00 6F 00 67 00 6F .\.n.e.t .l.o.g.o > [0010] 00 6E 00 00 00 00 00 .n..... >[2011/12/13 17:45:57.401907, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.401942, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.401978, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = netlogon >[2011/12/13 17:45:57.402016, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \netlogon. >[2011/12/13 17:45:57.402052, 5] smbd/files.c:140(file_new) > allocated file structure 23054, fnum = 27150 (1 used) >[2011/12/13 17:45:57.402090, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/netlogon hash 0x502cbad6 >[2011/12/13 17:45:57.402129, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \netlogon >[2011/12/13 17:45:57.402169, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \netlogon >[2011/12/13 17:45:57.402203, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon >[2011/12/13 17:45:57.402243, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \netlogon (pipes_open=0) >[2011/12/13 17:45:57.402280, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \netlogon >[2011/12/13 17:45:57.402458, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:57.402512, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:57.402548, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 160 (0 toread) >[2011/12/13 17:45:57.402581, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.402601, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27150 (0x6A0E) > smb_bcc=89 >[2011/12/13 17:45:57.402975, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [0040] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:57.403176, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.403212, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.403249, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:57.403286, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:57.403326, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:57.403359, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:57.403391, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "netlogon" (pnum 6a0e) >[2011/12/13 17:45:57.403425, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9785568 max_trans_reply: 4280 >[2011/12/13 17:45:57.403458, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:57.403491, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:57.403523, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:57.403555, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:57.403588, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:57.403620, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:57.403651, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:57.403685, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:57.403716, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:57.403747, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:57.403780, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:57.403817, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-01234567cffb > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:57.404299, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:57.404334, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon >[2011/12/13 17:45:57.404367, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:57.404399, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \netlogon >[2011/12/13 17:45:57.404442, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\netlogon -> \PIPE\netlogon >[2011/12/13 17:45:57.404486, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000f (15) > secondary_address : '\PIPE\netlogon' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:57.404984, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:57.405032, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \netlogon len: 4280 >[2011/12/13 17:45:57.405070, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. >[2011/12/13 17:45:57.405107, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 26 >[2011/12/13 17:45:57.405147, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 72 bytes. There is no more data outstanding >[2011/12/13 17:45:57.405183, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..72] (align 0) >[2011/12/13 17:45:57.405218, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.405238, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2011/12/13 17:45:57.405524, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... > [0030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:57.413571, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:57.413646, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:57.413684, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 45 (0 toread) >[2011/12/13 17:45:57.413718, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.413739, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=12 > smt_wct=3 > smb_vwv[ 0]=27150 (0x6A0E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:57.413957, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.413981, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.414017, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:57.414052, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27150 (numopen=1) >[2011/12/13 17:45:57.414086, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:57.414129, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \netlogon >[2011/12/13 17:45:57.414170, 5] smbd/files.c:482(file_free) > freed files structure 27150 (0 used) >[2011/12/13 17:45:57.414206, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.414226, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=12 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:57.414385, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.414523, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 35 >[2011/12/13 17:45:57.414576, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2011/12/13 17:45:57.414612, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 39 (0 toread) >[2011/12/13 17:45:57.414645, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.414665, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:57.414840, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.414863, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 31736) conn 0xb9784ee0 >[2011/12/13 17:45:57.414899, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.414933, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.414965, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.415021, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.415059, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.415092, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.415125, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.415174, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.415209, 3] smbd/service.c:1378(close_cnum) > 10.200.8.180 (10.200.8.180) closed connection to service IPC$ >[2011/12/13 17:45:57.415250, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ >[2011/12/13 17:45:57.415343, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F87B0000FFFFFFFF0567 >[2011/12/13 17:45:57.415388, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9774b48 >[2011/12/13 17:45:57.415430, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F87B0000FFFFFFFF0567 >[2011/12/13 17:45:57.415526, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2011/12/13 17:45:57.415565, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.415599, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.415631, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.415692, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.415735, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.415756, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=13 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:57.415917, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:57.416734, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2011/12/13 17:45:57.416789, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 10.200.8.180 read error = NT_STATUS_END_OF_FILE. >[2011/12/13 17:45:57.416828, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.416862, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.416894, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.416945, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.417044, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (failed to receive smb request) >[2011/12/13 17:45:57.418085, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F97B0000FFFFFFFF >[2011/12/13 17:45:57.433841, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9785058 >[2011/12/13 17:45:57.434122, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F97B0000FFFFFFFF >[2011/12/13 17:45:57.434419, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:57.436321, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 50700 > SO_RCVBUF = 87520 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2011/12/13 17:45:57.437519, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > >[2011/12/13 17:45:57.439866, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F87B0000FFFFFFFF >[2011/12/13 17:45:57.439943, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9773bb0 >[2011/12/13 17:45:57.439995, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F87B0000FFFFFFFF > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.440415, 3] lib/access.c:338(allow_access) > Allowed connection from 10.200.8.180 (10.200.8.180) >[2011/12/13 17:45:57.440451, 10] smbd/process.c:3019(smbd_process) > Connection allowed from ipv4:10.200.8.180:59695 to ipv4:10.200.8.180:445 >[2011/12/13 17:45:57.440514, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2011/12/13 17:45:57.440614, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2011/12/13 17:45:57.440681, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2011/12/13 17:45:57.440795, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(keepalive) 0xb9773a60 >[2011/12/13 17:45:57.440836, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(deadtime) 0xb9754448 >[2011/12/13 17:45:57.440875, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(housekeeping) 0xb97541f0 >[2011/12/13 17:45:57.440951, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 190 >[2011/12/13 17:45:57.441000, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbe >[2011/12/13 17:45:57.441036, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 194 (0 toread) >[2011/12/13 17:45:57.441069, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.441091, 5] lib/util.c:342(show_msg) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=31735 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2011/12/13 17:45:57.441253, 10] ../lib/util/util.c:415(dump_data) > [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2011/12/13 17:45:57.441578, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 31737) conn 0x0 >[2011/12/13 17:45:57.441617, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.441654, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.441691, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.441751, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.442076, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2011/12/13 17:45:57.442134, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2011/12/13 17:45:57.442170, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2011/12/13 17:45:57.442205, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2011/12/13 17:45:57.442240, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2011/12/13 17:45:57.442274, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [DOS LANMAN2.1] >[2011/12/13 17:45:57.442308, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2011/12/13 17:45:57.442344, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Samba] >[2011/12/13 17:45:57.442379, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LANMAN 1.0] >[2011/12/13 17:45:57.442413, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2011/12/13 17:45:57.442452, 10] lib/util.c:1624(set_remote_arch) > set_remote_arch: Client arch is 'Samba' >[2011/12/13 17:45:57.442496, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.442744, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F97B0000FFFFFFFF >[2011/12/13 17:45:57.442784, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97921e0 >[2011/12/13 17:45:57.442844, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F97B0000FFFFFFFF >[2011/12/13 17:45:57.442900, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.443171, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2011/12/13 17:45:57.443207, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LANMAN 1.0 >[2011/12/13 17:45:57.443239, 5] smbd/negprot.c:711(reply_negprot) > negprot index=8 >[2011/12/13 17:45:57.443272, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.443291, 5] lib/util.c:342(show_msg) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=31735 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]=65280 (0xFF00) > smb_vwv[ 4]= 255 (0xFF) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=63744 (0xF900) > smb_vwv[ 8]= 123 (0x7B) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]=39552 (0x9A80) > smb_vwv[12]=63790 (0xF92E) > smb_vwv[13]=46767 (0xB6AF) > smb_vwv[14]=52409 (0xCCB9) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2011/12/13 17:45:57.443662, 10] ../lib/util/util.c:415(dump_data) > [0000] 6D 61 73 74 65 72 00 00 00 00 00 00 00 00 00 00 master.. ........ > [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2011/12/13 17:45:57.444103, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 164 >[2011/12/13 17:45:57.444157, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2011/12/13 17:45:57.444193, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 168 (0 toread) >[2011/12/13 17:45:57.444226, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.444246, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31735 > smb_uid=0 > smb_mid=2 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 83 (0x53) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=105 >[2011/12/13 17:45:57.444556, 10] ../lib/util/util.c:415(dump_data) > [0000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. > [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 > [0020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .1NTLMSS P....... > [0030] 08 60 0B 00 0B 00 20 00 00 00 06 00 06 00 2B 00 .`.... . ......+. > [0040] 00 00 58 38 36 45 52 52 33 30 30 53 33 4D 41 53 ..X86ERR 300S3MAS > [0050] 54 45 52 55 00 6E 00 69 00 78 00 00 00 53 00 61 TERU.n.i .x...S.a > [0060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . >[2011/12/13 17:45:57.444839, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 31737) conn 0x0 >[2011/12/13 17:45:57.444877, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.444910, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.444942, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.444992, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.445030, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2011/12/13 17:45:57.445067, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2011/12/13 17:45:57.445105, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2011/12/13 17:45:57.445141, 10] smbd/password.c:199(register_initial_vuid) > register_initial_vuid: allocated vuid = 100 >[2011/12/13 17:45:57.445207, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >[2011/12/13 17:45:57.445244, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 49 >[2011/12/13 17:45:57.445481, 5] auth/auth.c:528(make_auth_context_subsystem) > Using specified auth order >[2011/12/13 17:45:57.445533, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam >[2011/12/13 17:45:57.445567, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam' >[2011/12/13 17:45:57.445599, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend sam_ignoredomain >[2011/12/13 17:45:57.445632, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' >[2011/12/13 17:45:57.445665, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend unix >[2011/12/13 17:45:57.445698, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'unix' >[2011/12/13 17:45:57.445730, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend winbind >[2011/12/13 17:45:57.445762, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'winbind' >[2011/12/13 17:45:57.445794, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend wbc >[2011/12/13 17:45:57.445827, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'wbc' >[2011/12/13 17:45:57.445859, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend smbserver >[2011/12/13 17:45:57.445893, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'smbserver' >[2011/12/13 17:45:57.445926, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend trustdomain >[2011/12/13 17:45:57.445959, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'trustdomain' >[2011/12/13 17:45:57.445990, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend ntdomain >[2011/12/13 17:45:57.446022, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'ntdomain' >[2011/12/13 17:45:57.446055, 5] auth/auth.c:48(smb_register_auth) > Attempting to register auth backend guest >[2011/12/13 17:45:57.446088, 5] auth/auth.c:60(smb_register_auth) > Successfully added auth method 'guest' >[2011/12/13 17:45:57.446119, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match guest >[2011/12/13 17:45:57.446152, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method guest has a valid init >[2011/12/13 17:45:57.446185, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match sam >[2011/12/13 17:45:57.446225, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method sam has a valid init >[2011/12/13 17:45:57.446259, 5] auth/auth.c:385(load_auth_module) > load_auth_module: Attempting to find an auth method to match winbind >[2011/12/13 17:45:57.446292, 5] auth/auth.c:410(load_auth_module) > load_auth_module: auth method winbind has a valid init >[2011/12/13 17:45:57.446339, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2011/12/13 17:45:57.446489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x000b (11) > DomainNameMaxLen : 0x000b (11) > DomainName : * > DomainName : 'X86ERR300S3' > WorkstationLen : 0x0006 (6) > WorkstationMaxLen : 0x0006 (6) > Workstation : * > Workstation : 'MASTER' >[2011/12/13 17:45:57.447085, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module guest did not want to specify a challenge >[2011/12/13 17:45:57.447120, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module sam did not want to specify a challenge >[2011/12/13 17:45:57.447152, 5] auth/auth.c:99(get_ntlm_challenge) > auth_get_challenge: module winbind did not want to specify a challenge >[2011/12/13 17:45:57.447191, 5] auth/auth.c:134(get_ntlm_challenge) > auth_context challenge created by random >[2011/12/13 17:45:57.447225, 5] auth/auth.c:135(get_ntlm_challenge) > challenge is: >[2011/12/13 17:45:57.447257, 5] ../lib/util/util.c:415(dump_data) > [0000] 57 77 8F 85 E7 49 BA 9B Ww...I.. >[2011/12/13 17:45:57.447326, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0016 (22) > TargetNameMaxLen : 0x0016 (22) > TargetName : * > TargetName : 'X86ERR300S3' > NegotiateFlags : 0x60898215 (1619624469) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : 57778f85e749ba9b > Reserved : 0000000000000000 > TargetInfoLen : 0x007c (124) > TargetNameInfoMaxLen : 0x007c (124) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0016 (22) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'X86ERR300S3' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000c (12) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'MASTER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001c (28) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002a (42) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'master.x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) >[2011/12/13 17:45:57.448349, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.448373, 5] lib/util.c:342(show_msg) > size=326 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=31735 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 225 (0xE1) > smb_bcc=283 >[2011/12/13 17:45:57.448586, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 81 DE 30 81 DB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [0010] 06 01 04 01 82 37 02 02 0A A2 81 C5 04 81 C2 4E .....7.. .......N > [0020] 54 4C 4D 53 53 50 00 02 00 00 00 16 00 16 00 30 TLMSSP.. .......0 > [0030] 00 00 00 15 82 89 60 57 77 8F 85 E7 49 BA 9B 00 ......`W w...I... > [0040] 00 00 00 00 00 00 00 7C 00 7C 00 46 00 00 00 58 .......| .|.F...X > [0050] 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 30 .8.6.E.R .R.3.0.0 > [0060] 00 53 00 33 00 02 00 16 00 58 00 38 00 36 00 45 .S.3.... .X.8.6.E > [0070] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 .R.R.3.0 .0.S.3.. > [0080] 00 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 ...M.A.S .T.E.R.. > [0090] 00 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 ...x.8.6 .e.r.r.3 > [00A0] 00 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 .0.0.s.3 ...q.a.. > [00B0] 00 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E .*.m.a.s .t.e.r.. > [00C0] 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 .x.8.6.e .r.r.3.0 > [00D0] 00 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 .0.s.3.. .q.a.... > [00E0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [00F0] 00 62 00 61 00 20 00 33 00 2E 00 36 00 2E 00 36 .b.a. .3 ...6...6 > [0100] 00 00 00 58 00 38 00 36 00 45 00 52 00 52 00 33 ...X.8.6 .E.R.R.3 > [0110] 00 30 00 30 00 53 00 33 00 00 00 .0.0.S.3 ... >[2011/12/13 17:45:57.449402, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 414 >[2011/12/13 17:45:57.449455, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x19e >[2011/12/13 17:45:57.449490, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 418 (0 toread) >[2011/12/13 17:45:57.449523, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:57.449542, 5] lib/util.c:342(show_msg) > size=414 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31735 > smb_uid=100 > smb_mid=3 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 332 (0x14C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]=49244 (0xC05C) > smb_vwv[11]=32768 (0x8000) > smb_bcc=355 >[2011/12/13 17:45:57.449846, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 82 01 48 30 82 01 44 A2 82 01 40 04 82 01 3C ...H0..D ...@...< > [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ > [0020] 40 00 00 00 A8 00 A8 00 58 00 00 00 16 00 16 00 @....... X....... > [0030] 00 01 00 00 0A 00 0A 00 16 01 00 00 0C 00 0C 00 ........ ........ > [0040] 20 01 00 00 10 00 10 00 2C 01 00 00 15 82 08 60 ....... ,......` > [0050] 3F BA AB 45 3A DF E5 58 7A 0E 7B 83 58 59 97 D8 ?..E:..X z.{.XY.. > [0060] 87 1C 29 30 12 31 FE CF 6B 7D 1B 3F 6C 2D DB 9B ..)0.1.. k}.?l-.. > [0070] 09 03 3A 57 53 AC 0E 84 01 01 00 00 00 00 00 00 ..:WS... ........ > [0080] 80 90 B5 AF B6 B9 CC 01 55 8D 6E 72 66 52 48 FE ........ U.nrfRH. > [0090] 00 00 00 00 02 00 16 00 58 00 38 00 36 00 45 00 ........ X.8.6.E. > [00A0] 52 00 52 00 33 00 30 00 30 00 53 00 33 00 01 00 R.R.3.0. 0.S.3... > [00B0] 0C 00 4D 00 41 00 53 00 54 00 45 00 52 00 04 00 ..M.A.S. T.E.R... > [00C0] 1C 00 78 00 38 00 36 00 65 00 72 00 72 00 33 00 ..x.8.6. e.r.r.3. > [00D0] 30 00 30 00 73 00 33 00 2E 00 71 00 61 00 03 00 0.0.s.3. ..q.a... > [00E0] 2A 00 6D 00 61 00 73 00 74 00 65 00 72 00 2E 00 *.m.a.s. t.e.r... > [00F0] 78 00 38 00 36 00 65 00 72 00 72 00 33 00 30 00 x.8.6.e. r.r.3.0. > [0100] 30 00 73 00 33 00 2E 00 71 00 61 00 00 00 00 00 0.s.3... q.a..... > [0110] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. > [0120] 30 00 53 00 33 00 75 00 73 00 65 00 72 00 31 00 0.S.3.u. s.e.r.1. > [0130] 4D 00 41 00 53 00 54 00 45 00 52 00 32 98 B8 A1 M.A.S.T. E.R.2... > [0140] A5 9C 6A 9E 20 96 EB 8A 23 65 73 F6 00 55 00 6E ..j. ... #es..U.n > [0150] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [0160] 00 00 00 ... >[2011/12/13 17:45:57.450543, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 31737) conn 0x0 >[2011/12/13 17:45:57.450578, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.450611, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.450642, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.450702, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:57.450738, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc801 >[2011/12/13 17:45:57.450770, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2011/12/13 17:45:57.450804, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2011/12/13 17:45:57.450914, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : 3fbaab453adfe5587a0e7b83585997d8871c29301231fecf > NtChallengeResponseLen : 0x00a8 (168) > NtChallengeResponseMaxLen: 0x00a8 (168) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 168) > v2: struct NTLMv2_RESPONSE > Response : 6b7d1b3f6c2ddb9b09033a5753ac0e84 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Di Dez 13 17:45:57 2011 CET > ChallengeFromClient : 558d6e72665248fe > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0016 (22) > Value : union ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'X86ERR300S3' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x000c (12) > Value : union ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'MASTER' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x001c (28) > Value : union ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName (0x3) > AvLen : 0x002a (42) > Value : union ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'master.x86err300s3.qa' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0016 (22) > DomainNameMaxLen : 0x0016 (22) > DomainName : * > DomainName : 'X86ERR300S3' > UserNameLen : 0x000a (10) > UserNameMaxLen : 0x000a (10) > UserName : * > UserName : 'user1' > WorkstationLen : 0x000c (12) > WorkstationMaxLen : 0x000c (12) > Workstation : * > Workstation : 'MASTER' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] 32 98 B8 A1 A5 9C 6A 9E 20 96 EB 8A 23 65 73 F6 2.....j. ...#es. > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 >[2011/12/13 17:45:57.452501, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) > Got user=[user1] domain=[X86ERR300S3] workstation=[MASTER] len1=24 len2=168 >[2011/12/13 17:45:57.452557, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:57.452836, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [X86ERR300S3]\[user1] from workstation [MASTER] >[2011/12/13 17:45:57.452877, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for user1 (user1) >[2011/12/13 17:45:57.452913, 5] auth/user_info.c:70(make_user_info) > making strings for user1's user_info struct >[2011/12/13 17:45:57.452946, 5] auth/user_info.c:87(make_user_info) > making blobs for user1's user_info struct >[2011/12/13 17:45:57.452979, 10] auth/user_info.c:123(make_user_info) > made a user_info for user1 (user1) >[2011/12/13 17:45:57.453011, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [X86ERR300S3]\[user1]@[MASTER] with the new password interface >[2011/12/13 17:45:57.453045, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [X86ERR300S3]\[user1]@[MASTER] >[2011/12/13 17:45:57.453077, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2011/12/13 17:45:57.453109, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2011/12/13 17:45:57.453149, 5] ../lib/util/util.c:415(dump_data) > [0000] 57 77 8F 85 E7 49 BA 9B Ww...I.. >[2011/12/13 17:45:57.453200, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [user1] >[2011/12/13 17:45:57.453232, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2011/12/13 17:45:57.453267, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [user1] >[2011/12/13 17:45:57.453298, 8] lib/util.c:1521(is_myname) > is_myname("X86ERR300S3") returns 0 >[2011/12/13 17:45:57.453336, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.453372, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.453405, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.453437, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.453468, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.453559, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=user1)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:57.454030, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2011/12/13 17:45:57.454080, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://master.x86err300s3.qa:7389 >[2011/12/13 17:45:57.459599, 3] lib/smbldap.c:803(smb_ldap_start_tls) > StartTLS issued: using a TLS connection >[2011/12/13 17:45:57.459656, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2011/12/13 17:45:57.459691, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://master.x86err300s3.qa:7389 as "cn=admin,dc=x86err300s3,dc=qa" >[2011/12/13 17:45:57.460804, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2011/12/13 17:45:57.460875, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2011/12/13 17:45:57.461509, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: user1 >[2011/12/13 17:45:57.461566, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username user1, was >[2011/12/13 17:45:57.461606, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.461640, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username user1, was >[2011/12/13 17:45:57.461684, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:57.461723, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:57.461775, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:57.461817, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:57.461856, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:57.461896, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:57.461935, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:57.461975, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name univention, was >[2011/12/13 17:45:57.462017, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:57.462061, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.462103, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:57.462143, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\user1, was >[2011/12/13 17:45:57.462186, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:57.462220, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.462261, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:57.462300, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was >[2011/12/13 17:45:57.462342, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:57.462381, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:57.462442, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.462479, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.462511, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.462543, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.462575, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.462663, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.462714, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:57.462756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:57.462795, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:57.462895, 5] passdb/login_cache.c:47(login_cache_init) > Opening cache file at /var/cache/samba/login_cache.tdb >[2011/12/13 17:45:57.462956, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user user1 >[2011/12/13 17:45:57.462996, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:57.463029, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:57.463073, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.463108, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.463141, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.463173, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.463205, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.463272, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.463319, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:57.463352, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:57.463495, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:57.463562, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5001 -> sid S-1-5-21-861941570-1634457251-3974523304-513 >[2011/12/13 17:45:57.463612, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.463656, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.463691, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.463724, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.463755, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.463819, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.463869, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username user1, was >[2011/12/13 17:45:57.463904, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:57.463938, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username user1, was >[2011/12/13 17:45:57.463971, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name univention, was >[2011/12/13 17:45:57.464011, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\user1, was >[2011/12/13 17:45:57.464046, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:57.464081, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:57.464121, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\user1\windows-profiles\Samba, was >[2011/12/13 17:45:57.464157, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:57.464193, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.464227, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.464260, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.464293, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.464325, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.464389, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.464429, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 >[2011/12/13 17:45:57.464467, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5014 from rid 5014 >[2011/12/13 17:45:57.464521, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-513 >[2011/12/13 17:45:57.464564, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.464602, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [X86ERR300S3] >[2011/12/13 17:45:57.464660, 4] auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user user1 >[2011/12/13 17:45:57.464732, 5] auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user user1 allowed to logon at this time (Tue Dec 13 16:45:57 2011 > ) >[2011/12/13 17:45:57.464785, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.464820, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.464853, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.464885, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.464917, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.464992, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.465031, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465065, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.465097, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465130, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.465162, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.465213, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:57.465248, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:57.465283, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:57.465321, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.465356, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465388, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.465421, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.465452, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.465516, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465554, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.465587, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465620, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:57.465652, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.465684, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.465746, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.465786, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:57.465819, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:57.465853, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:57.465908, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [user1] >[2011/12/13 17:45:57.470780, 5] auth/server_info_sam.c:120(make_server_info_sam) > make_server_info_sam: made server info for user user1 -> user1 >[2011/12/13 17:45:57.470851, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.470896, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: sam authentication for user [user1] succeeded >[2011/12/13 17:45:57.470933, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.470967, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.471000, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.471032, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.471063, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.471117, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: user1 >[2011/12/13 17:45:57.473789, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 10.200.8.180 >[2011/12/13 17:45:57.473838, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:57.473874, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: user1 >[2011/12/13 17:45:57.473906, 4] auth/pampass.c:567(smb_pam_account) > smb_pam_account: PAM: Account Management for User: user1 >[2011/12/13 17:45:57.512969, 4] auth/pampass.c:586(smb_pam_account) > smb_pam_account: PAM: Account OK for User: user1 >[2011/12/13 17:45:57.513209, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:57.513264, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.513301, 5] auth/auth.c:296(check_ntlm_password) > check_ntlm_password: PAM Account for user [user1] succeeded >[2011/12/13 17:45:57.513335, 2] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: authentication for user [user1] -> [user1] -> [user1] succeeded >[2011/12/13 17:45:57.513375, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for user1 >[2011/12/13 17:45:57.513443, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-21-861941570-1634457251-3974523304-5014 > Privilege set: 0x10 >[2011/12/13 17:45:57.513502, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-861941570-1634457251-3974523304-513] >[2011/12/13 17:45:57.513546, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2011/12/13 17:45:57.513598, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2011/12/13 17:45:57.513640, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2011/12/13 17:45:57.517125, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.517184, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.517220, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:57.517254, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:57.517286, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:57.517359, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2011/12/13 17:45:57.517744, 4] passdb/pdb_ldap.c:2540(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2011/12/13 17:45:57.517806, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:57.517843, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:57.517879, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2011/12/13 17:45:57.517916, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2011/12/13 17:45:57.517956, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-2007 > SID[ 6]: S-1-22-2-5001 > SID[ 7]: S-1-22-2-5022 > SID[ 8]: S-1-22-2-5020 > Privileges (0x 10): > Privilege[ 0]: SeMachineAccountPrivilege > Rights (0x 0): >[2011/12/13 17:45:57.518163, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2007 > Primary group is 5001 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5020 >[2011/12/13 17:45:57.518270, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) > Got NT session key of length 16 >[2011/12/13 17:45:57.518307, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) > Got LM session key of length 8 >[2011/12/13 17:45:57.518340, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2011/12/13 17:45:57.518380, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: >[2011/12/13 17:45:57.518414, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2011/12/13 17:45:57.518568, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (2007,5001) user1 user1 X86ERR300S3 guest=0 >[2011/12/13 17:45:57.518606, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: user1 Real name: univention >[2011/12/13 17:45:57.518639, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 2007 is UNIX user user1, and will be vuid 100 >[2011/12/13 17:45:57.518686, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F33313733372F31 >[2011/12/13 17:45:57.518732, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9772338 >[2011/12/13 17:45:57.518770, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: user1 >[2011/12/13 17:45:57.521189, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 10.200.8.180 >[2011/12/13 17:45:57.521235, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:57.521269, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: user1 >[2011/12/13 17:45:57.521304, 4] auth/pampass.c:646(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/31737/100 >[2011/12/13 17:45:58.991310, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:58.991455, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F33313733372F31 >[2011/12/13 17:45:58.991570, 7] param/loadparm.c:9857(lp_servicenumber) > lp_servicenumber: couldn't find user1 >[2011/12/13 17:45:58.991610, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:58.991644, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:58.991681, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:58.991714, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'user1' using home directory: '/home/user1' >[2011/12/13 17:45:58.991794, 8] param/loadparm.c:6503(add_a_service) > add_a_service: Creating snum = 5 for user1 >[2011/12/13 17:45:58.991832, 10] param/loadparm.c:6550(hash_a_service) > hash_a_service: hashing index 5 for service name user1 >[2011/12/13 17:45:58.991872, 3] param/loadparm.c:6605(lp_add_home) > adding home's share [user1] for user 'user1' at '/home/user1' >[2011/12/13 17:45:58.991934, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/local.conf -> /etc/samba/local.conf last mod_time: Tue Dec 13 12:29:40 2011 > > file /etc/samba/printers.conf -> /etc/samba/printers.conf last mod_time: Tue Dec 13 15:18:52 2011 > > file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/installs.conf -> /etc/samba/installs.conf last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:58.992226, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:58.992250, 5] lib/util.c:342(show_msg) > size=110 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=31735 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=67 >[2011/12/13 17:45:58.992466, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [0020] 00 2E 00 36 00 2E 00 36 00 00 00 58 00 38 00 36 ...6...6 ...X.8.6 > [0030] 00 45 00 52 00 52 00 33 00 30 00 30 00 53 00 33 .E.R.R.3 .0.0.S.3 > [0040] 00 00 00 ... >[2011/12/13 17:45:58.992938, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 76 >[2011/12/13 17:45:58.992993, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4c >[2011/12/13 17:45:58.993030, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 80 (0 toread) >[2011/12/13 17:45:58.993064, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:58.993084, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=65535 > smb_pid=31735 > smb_uid=100 > smb_mid=4 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2011/12/13 17:45:58.993299, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 4D 00 41 00 53 00 54 00 45 00 52 .\.\.M.A .S.T.E.R > [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 49 50 43 .\.I.P.C .$...IPC > [0020] 00 . >[2011/12/13 17:45:58.993406, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 31737) conn 0x0 >[2011/12/13 17:45:58.993442, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:58.993476, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.993509, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.993568, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:58.993616, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [IPC] for share [IPC$] >[2011/12/13 17:45:58.993670, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2011/12/13 17:45:58.993713, 3] lib/access.c:338(allow_access) > Allowed connection from 10.200.8.180 (10.200.8.180) >[2011/12/13 17:45:58.993755, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user user1 >[2011/12/13 17:45:58.993802, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user user1 >[2011/12/13 17:45:58.993836, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is user1 >[2011/12/13 17:45:58.993871, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [user1]! >[2011/12/13 17:45:58.993911, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:58.993948, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2011/12/13 17:45:58.994006, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:58.994049, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2011/12/13 17:45:58.994089, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2011/12/13 17:45:58.994127, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2011/12/13 17:45:58.994170, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2011/12/13 17:45:58.994207, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2011/12/13 17:45:58.994241, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2011/12/13 17:45:58.994272, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2011/12/13 17:45:58.994306, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2011/12/13 17:45:58.994358, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2011/12/13 17:45:58.994452, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F97B0000FFFFFFFF12FF >[2011/12/13 17:45:58.994494, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9792210 >[2011/12/13 17:45:58.994562, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F97B0000FFFFFFFF12FF >[2011/12/13 17:45:58.994691, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:58.994736, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user user1 >[2011/12/13 17:45:58.994772, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user user1 >[2011/12/13 17:45:58.994832, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2011/12/13 17:45:58.994874, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID administrator is not in a valid format >[2011/12/13 17:45:58.994914, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\administrator => domain=[X86ERR300S3], name=[administrator] >[2011/12/13 17:45:58.994947, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:58.994984, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.995019, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:58.995051, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.995084, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.995116, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.995195, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=administrator)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:58.996007, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Administrator >[2011/12/13 17:45:58.996062, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:58.996099, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:58.996134, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:58.996176, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:58.996213, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:58.996265, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:58.996307, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:58.996346, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:58.996397, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:58.996437, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:58.996476, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:58.996518, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:58.996551, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:58.996592, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:58.996633, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:58.996675, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:58.996760, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:58.996805, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:58.996847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:58.996889, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:58.996929, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:58.996968, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:58.997018, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.997055, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.997089, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.997121, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.997153, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.997226, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.997276, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:58.997318, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:58.997358, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:58.997412, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user Administrator >[2011/12/13 17:45:58.997450, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:58.997484, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:58.997523, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.997557, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.997590, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.997622, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.997654, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.997717, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.997766, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user Administrator >[2011/12/13 17:45:58.997801, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2011/12/13 17:45:58.997933, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [Administrator]! >[2011/12/13 17:45:58.997997, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5000 -> sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:58.998043, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.998079, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.998113, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.998146, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.998178, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.998242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.998288, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username Administrator, was >[2011/12/13 17:45:58.998325, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:58.998358, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username Administrator, was >[2011/12/13 17:45:58.998391, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Administrator, was >[2011/12/13 17:45:58.998432, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\administrator, was >[2011/12/13 17:45:58.998467, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:58.998502, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:58.998541, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\administrator\windows-profiles\Samba, was >[2011/12/13 17:45:58.998577, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:58.998613, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.998647, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.998680, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:58.998713, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.998744, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.998821, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.998864, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-500 >[2011/12/13 17:45:58.998902, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-500 from rid 500 >[2011/12/13 17:45:58.998956, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-512 >[2011/12/13 17:45:58.999000, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:58.999045, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID join-backup is not in a valid format >[2011/12/13 17:45:58.999090, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: X86ERR300S3\join-backup => domain=[X86ERR300S3], name=[join-backup] >[2011/12/13 17:45:58.999131, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2011/12/13 17:45:58.999167, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.999200, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:58.999233, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:58.999265, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:58.999296, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:58.999365, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=join-backup)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:58.999931, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: join-backup >[2011/12/13 17:45:58.999984, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username join-backup, was >[2011/12/13 17:45:59.000020, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.000054, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username join-backup, was >[2011/12/13 17:45:59.000097, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:59.000133, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:59.000183, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:59.000224, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:59.000264, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:59.000303, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:59.000343, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:59.000382, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Joinuser, was >[2011/12/13 17:45:59.000423, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:59.000456, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.000497, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:59.000536, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\join-backup, was >[2011/12/13 17:45:59.000578, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:59.000613, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.000654, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:59.000722, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was >[2011/12/13 17:45:59.000775, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:59.000816, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:59.000857, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:59.000906, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.000953, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.000986, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.001019, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.001051, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.001118, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.001169, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:59.001211, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:59.001251, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:59.001301, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user join-backup >[2011/12/13 17:45:59.001339, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:59.001372, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:59.001410, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.001444, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.001477, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.001510, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.001542, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.001605, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.001644, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user join-backup >[2011/12/13 17:45:59.001678, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is join-backup >[2011/12/13 17:45:59.001789, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [join-backup]! >[2011/12/13 17:45:59.001852, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5008 -> sid S-1-5-21-861941570-1634457251-3974523304-11017 >[2011/12/13 17:45:59.001896, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) > do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11017) for group of user join-backup >[2011/12/13 17:45:59.001934, 10] passdb/lookup_sid.c:964(lookup_sid) > lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11017' >[2011/12/13 17:45:59.001975, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) > Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 >[2011/12/13 17:45:59.002014, 10] passdb/lookup_sid.c:482(lookup_rids) > lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' >[2011/12/13 17:45:59.002052, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.002086, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.002119, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.002152, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.002184, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.002235, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 11017. >[2011/12/13 17:45:59.002275, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.002318, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.002352, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.002385, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.002417, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.002489, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:59.002936, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11017] count=0 >[2011/12/13 17:45:59.003014, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11017))], scope => [2] >[2011/12/13 17:45:59.003485, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5008 >[2011/12/13 17:45:59.003549, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2011/12/13 17:45:59.003604, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.003643, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) > lookup_rids: Backup Join:2 >[2011/12/13 17:45:59.003680, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.003716, 10] passdb/lookup_sid.c:999(lookup_sid) > Sid S-1-5-21-861941570-1634457251-3974523304-11017 -> X86ERR300S3\Backup Join(2) >[2011/12/13 17:45:59.003757, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.003792, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.003826, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.003858, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.003891, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.003958, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.004002, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username join-backup, was >[2011/12/13 17:45:59.004038, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.004071, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username join-backup, was >[2011/12/13 17:45:59.004105, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name Joinuser, was >[2011/12/13 17:45:59.004145, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\join-backup, was >[2011/12/13 17:45:59.004180, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.004215, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.004254, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\join-backup\windows-profiles\Samba, was >[2011/12/13 17:45:59.004290, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:59.004326, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.004360, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.004486, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.004533, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.004565, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.004637, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.004678, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 >[2011/12/13 17:45:59.004754, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5006 from rid 5006 >[2011/12/13 17:45:59.004810, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11017 >[2011/12/13 17:45:59.004855, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.004909, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2007, 5001) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.004949, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-2007 > SID[ 6]: S-1-22-2-5001 > SID[ 7]: S-1-22-2-5022 > SID[ 8]: S-1-22-2-5020 > Privileges (0x 10): > Privilege[ 0]: SeMachineAccountPrivilege > Rights (0x 0): >[2011/12/13 17:45:59.005149, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2007 > Primary group is 5001 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5020 >[2011/12/13 17:45:59.005241, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2007), gid=(0,5001) >[2011/12/13 17:45:59.005281, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.005314, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.005346, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.005396, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:59.005436, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2011/12/13 17:45:59.005483, 3] smbd/service.c:1114(make_connection_snum) > master (10.200.8.180) connect to service IPC$ initially as user user1 (uid=2007, gid=5001) (pid 31737) >[2011/12/13 17:45:59.005529, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2011/12/13 17:45:59.005769, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2011/12/13 17:45:59.005822, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2011/12/13 17:45:59.005857, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 106 (0 toread) >[2011/12/13 17:45:59.005891, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.005910, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=5 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=19 >[2011/12/13 17:45:59.006376, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 00 00 ... >[2011/12/13 17:45:59.006451, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.006495, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (2007, 5001) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.006533, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (9): > SID[ 0]: S-1-5-21-861941570-1634457251-3974523304-5014 > SID[ 1]: S-1-5-21-861941570-1634457251-3974523304-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-1-2007 > SID[ 6]: S-1-22-2-5001 > SID[ 7]: S-1-22-2-5022 > SID[ 8]: S-1-22-2-5020 > Privileges (0x 10): > Privilege[ 0]: SeMachineAccountPrivilege > Rights (0x 0): >[2011/12/13 17:45:59.006734, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 2007 > Primary group is 5001 and contains 3 supplementary groups > Group[ 0]: 5001 > Group[ 1]: 5022 > Group[ 2]: 5020 >[2011/12/13 17:45:59.006839, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,2007), gid=(0,5001) >[2011/12/13 17:45:59.006881, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2011/12/13 17:45:59.006936, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc >[2011/12/13 17:45:59.006982, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2011/12/13 17:45:59.007027, 5] smbd/files.c:140(file_new) > allocated file structure 23054, fnum = 27150 (1 used) >[2011/12/13 17:45:59.007068, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/lsarpc hash 0xa9e2e929 >[2011/12/13 17:45:59.007117, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2011/12/13 17:45:59.007169, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \lsarpc >[2011/12/13 17:45:59.007204, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc >[2011/12/13 17:45:59.007245, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2011/12/13 17:45:59.007283, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2011/12/13 17:45:59.007479, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:59.007533, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:59.007569, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 160 (0 toread) >[2011/12/13 17:45:59.007603, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.007623, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27150 (0x6A0E) > smb_bcc=89 >[2011/12/13 17:45:59.007987, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 06 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:59.008197, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.008234, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.008276, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:59.008321, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.008355, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.008391, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.008426, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) >[2011/12/13 17:45:59.008462, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.008497, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:59.008532, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:59.008565, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:59.008599, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.008633, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.008665, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:59.008728, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:59.008772, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.008806, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:59.008838, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:59.008875, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.008921, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:59.009434, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:59.009475, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:59.009512, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:59.009544, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \lsarpc >[2011/12/13 17:45:59.009581, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2011/12/13 17:45:59.009632, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000d (13) > secondary_address : '\PIPE\lsarpc' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:59.010100, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:59.010154, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:59.010193, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2011/12/13 17:45:59.010230, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:59.010285, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2011/12/13 17:45:59.010325, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2011/12/13 17:45:59.010362, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.010383, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2011/12/13 17:45:59.010665, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 06 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2011/12/13 17:45:59.011044, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 152 >[2011/12/13 17:45:59.011100, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x98 >[2011/12/13 17:45:59.011136, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 156 (0 toread) >[2011/12/13 17:45:59.011169, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.011190, 5] lib/util.c:342(show_msg) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=7 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27150 (0x6A0E) > smb_bcc=85 >[2011/12/13 17:45:59.011550, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 44 00 00 00 07 00 00 ........ .D...... > [0020] 00 2C 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 .,...... .....\.. > [0030] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 ........ ........ > [0050] 00 00 00 00 02 ..... >[2011/12/13 17:45:59.011749, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.011785, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.011823, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=68 params=0 setup=2 >[2011/12/13 17:45:59.011860, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.011892, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.011924, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.011957, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) >[2011/12/13 17:45:59.011991, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.012025, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 68 >[2011/12/13 17:45:59.012059, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 68 >[2011/12/13 17:45:59.012091, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 68 >[2011/12/13 17:45:59.012124, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.012158, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.012190, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2011/12/13 17:45:59.012223, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 52 >[2011/12/13 17:45:59.012257, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.012289, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2011/12/13 17:45:59.012321, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 52, incoming data = 52 >[2011/12/13 17:45:59.012356, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.012392, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=44 > [0000] 00 00 02 00 5C 00 00 00 18 00 00 00 00 00 00 00 ....\... ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 04 00 02 00 ........ ........ > [0020] 0C 00 00 00 02 00 01 00 00 00 00 02 ........ .... >[2011/12/13 17:45:59.012908, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.012945, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.012981, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:59.013018, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2011/12/13 17:45:59.013057, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[6].fn == 0xb7147920 >[2011/12/13 17:45:59.013100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2011/12/13 17:45:59.013606, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xa0000000 to 0x00020807 >[2011/12/13 17:45:59.013649, 4] rpc_server/srv_access_check.c:104(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x00020807, granted: 0x00020807) >[2011/12/13 17:45:59.013695, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.013783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4781f97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:59.013922, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:59.013960, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 52 >[2011/12/13 17:45:59.014004, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:59.014041, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:59.014085, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:59.014474, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1076 >[2011/12/13 17:45:59.014518, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:59.014555, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:59.014589, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.014609, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=7 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:59.014907, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... > [0030] 00 . >[2011/12/13 17:45:59.015211, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 130 >[2011/12/13 17:45:59.015266, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x82 >[2011/12/13 17:45:59.015302, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 134 (0 toread) >[2011/12/13 17:45:59.015335, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.015364, 5] lib/util.c:342(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=8 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27150 (0x6A0E) > smb_bcc=63 >[2011/12/13 17:45:59.015724, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 05 00 ......NG ..{.... >[2011/12/13 17:45:59.015867, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.015903, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.015940, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2011/12/13 17:45:59.015977, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.016008, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.016039, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.016071, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) >[2011/12/13 17:45:59.016105, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.016138, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 46 >[2011/12/13 17:45:59.016172, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2011/12/13 17:45:59.016204, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 46 >[2011/12/13 17:45:59.016237, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.016270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.016301, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:59.016333, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 30 >[2011/12/13 17:45:59.016367, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.016399, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2011/12/13 17:45:59.016430, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 30, incoming data = 30 >[2011/12/13 17:45:59.016464, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.016500, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002e (46) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=22 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 05 00 .{.... >[2011/12/13 17:45:59.016961, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.016997, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.017031, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:59.017067, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2011/12/13 17:45:59.017103, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[7].fn == 0xb7147620 >[2011/12/13 17:45:59.017143, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4781f97b0000 > level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) >[2011/12/13 17:45:59.017282, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.017363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 5) > account_domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0016 (22) > size : 0x0018 (24) > string : * > string : 'X86ERR300S3' > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304 > result : NT_STATUS_OK >[2011/12/13 17:45:59.017615, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:59.017654, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2011/12/13 17:45:59.017699, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:59.017737, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 88. >[2011/12/13 17:45:59.017778, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0070 (112) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000058 (88) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=88 > [0000] 00 00 02 00 05 00 00 00 16 00 18 00 04 00 02 00 ........ ........ > [0010] 08 00 02 00 0C 00 00 00 00 00 00 00 0B 00 00 00 ........ ........ > [0020] 58 00 38 00 36 00 45 00 52 00 52 00 33 00 30 00 X.8.6.E. R.R.3.0. > [0030] 30 00 53 00 33 00 00 00 04 00 00 00 01 04 00 00 0.S.3... ........ > [0040] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka > [0050] A8 69 E6 EC 00 00 00 00 .i...... >[2011/12/13 17:45:59.018333, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 68 >[2011/12/13 17:45:59.018377, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 112 bytes. There is no more data outstanding >[2011/12/13 17:45:59.018414, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..112] (align 0) >[2011/12/13 17:45:59.018448, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.018468, 5] lib/util.c:342(show_msg) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=8 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2011/12/13 17:45:59.018751, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 70 00 00 00 08 00 00 ........ .p...... > [0010] 00 58 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .X...... ........ > [0020] 00 16 00 18 00 04 00 02 00 08 00 02 00 0C 00 00 ........ ........ > [0030] 00 00 00 00 00 0B 00 00 00 58 00 38 00 36 00 45 ........ .X.8.6.E > [0040] 00 52 00 52 00 33 00 30 00 30 00 53 00 33 00 00 .R.R.3.0 .0.S.3.. > [0050] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [0060] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC 00 00 00 .B/`3..k a.i..... > [0070] 00 . >[2011/12/13 17:45:59.019189, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2011/12/13 17:45:59.019244, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2011/12/13 17:45:59.019280, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 132 (0 toread) >[2011/12/13 17:45:59.019313, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.019333, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27150 (0x6A0E) > smb_bcc=61 >[2011/12/13 17:45:59.019697, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 ........ ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 ......NG ..{.. >[2011/12/13 17:45:59.019840, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.019876, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.019923, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2011/12/13 17:45:59.019961, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.019992, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.020024, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.020056, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 6a0e) >[2011/12/13 17:45:59.020090, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.020124, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2011/12/13 17:45:59.020157, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:59.020190, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:59.020223, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.020256, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.020288, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:59.020319, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2011/12/13 17:45:59.020353, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.020385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2011/12/13 17:45:59.020418, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2011/12/13 17:45:59.020452, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.020489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.020937, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.020973, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.021006, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2011/12/13 17:45:59.021041, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2011/12/13 17:45:59.021077, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0xb71489f0 >[2011/12/13 17:45:59.021116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000d-0000-0000-e74e-4781f97b0000 >[2011/12/13 17:45:59.021245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.021323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.021398, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2011/12/13 17:45:59.021432, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2011/12/13 17:45:59.021564, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2011/12/13 17:45:59.021603, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2011/12/13 17:45:59.021648, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 4280 >[2011/12/13 17:45:59.021686, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:59.021727, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000009 (9) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2011/12/13 17:45:59.022117, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 24 >[2011/12/13 17:45:59.022160, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:59.022197, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:59.022231, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.022251, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:59.022530, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2011/12/13 17:45:59.022825, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:59.022880, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:59.022916, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 45 (0 toread) >[2011/12/13 17:45:59.022950, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.022970, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=10 > smt_wct=3 > smb_vwv[ 0]=27150 (0x6A0E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:59.023169, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.023192, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.023227, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.023265, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27150 (numopen=1) >[2011/12/13 17:45:59.023304, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:59.023354, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2011/12/13 17:45:59.023394, 5] smbd/files.c:482(file_free) > freed files structure 27150 (0 used) >[2011/12/13 17:45:59.023430, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.023451, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=10 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:59.023612, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.023764, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 98 >[2011/12/13 17:45:59.023817, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x62 >[2011/12/13 17:45:59.023853, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 102 (0 toread) >[2011/12/13 17:45:59.023886, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.023906, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=11 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3072 (0xC00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=15 >[2011/12/13 17:45:59.024367, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 00 00 .\.s.a.m .r..... >[2011/12/13 17:45:59.024421, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.024457, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.024493, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = samr >[2011/12/13 17:45:59.024532, 4] smbd/nttrans.c:293(nt_open_pipe) > nt_open_pipe: Opening pipe \samr. >[2011/12/13 17:45:59.024577, 5] smbd/files.c:140(file_new) > allocated file structure 23055, fnum = 27151 (1 used) >[2011/12/13 17:45:59.024617, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/samr hash 0x6499a7ce >[2011/12/13 17:45:59.024657, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \samr >[2011/12/13 17:45:59.024725, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \samr >[2011/12/13 17:45:59.024767, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr >[2011/12/13 17:45:59.024809, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \samr (pipes_open=0) >[2011/12/13 17:45:59.024847, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \samr >[2011/12/13 17:45:59.025028, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 156 >[2011/12/13 17:45:59.025082, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x9c >[2011/12/13 17:45:59.025117, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 160 (0 toread) >[2011/12/13 17:45:59.025151, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.025171, 5] lib/util.c:342(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=89 >[2011/12/13 17:45:59.025536, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 0A 00 00 ........ .H...... > [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0040] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2011/12/13 17:45:59.025737, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.025773, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.025811, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2011/12/13 17:45:59.025848, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.025880, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.025912, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.025944, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.025978, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.026012, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 72 >[2011/12/13 17:45:59.026046, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:59.026079, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:59.026112, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.026146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.026178, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:59.026210, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 56 >[2011/12/13 17:45:59.026254, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.026287, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2011/12/13 17:45:59.026319, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 56, incoming data = 56 >[2011/12/13 17:45:59.026352, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.026389, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345778-1234-abcd-ef00-0123456789ac > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:59.026891, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2011/12/13 17:45:59.026927, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\samr -> \PIPE\samr >[2011/12/13 17:45:59.026961, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2011/12/13 17:45:59.026993, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \samr >[2011/12/13 17:45:59.027027, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\samr -> \PIPE\samr >[2011/12/13 17:45:59.027070, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x0000000a (10) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000b (11) > secondary_address : '\PIPE\samr' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2011/12/13 17:45:59.027541, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2011/12/13 17:45:59.027587, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.027625, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2011/12/13 17:45:59.027662, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 22 >[2011/12/13 17:45:59.027702, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2011/12/13 17:45:59.027738, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..68] (align 0) >[2011/12/13 17:45:59.027772, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.027792, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2011/12/13 17:45:59.028075, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0A 00 00 ........ .D...... > [0010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE > [0020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ > [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [0040] 60 02 00 00 00 `.... >[2011/12/13 17:45:59.028431, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 144 >[2011/12/13 17:45:59.028485, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2011/12/13 17:45:59.028522, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 148 (0 toread) >[2011/12/13 17:45:59.028555, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.028575, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=77 >[2011/12/13 17:45:59.028969, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 0B 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 39 00 00 00 02 00 07 00 00 .$.....9 ........ > [0030] 00 00 00 00 00 07 00 00 00 4D 00 41 00 53 00 54 ........ .M.A.S.T > [0040] 00 45 00 52 00 00 00 00 00 30 00 00 00 .E.R.... .0... >[2011/12/13 17:45:59.029144, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.029180, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.029227, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2011/12/13 17:45:59.029265, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.029297, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.029329, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.029361, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.029395, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.029429, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2011/12/13 17:45:59.029462, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2011/12/13 17:45:59.029494, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 >[2011/12/13 17:45:59.029527, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.029561, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.029593, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:59.029625, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 >[2011/12/13 17:45:59.029659, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.029691, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2011/12/13 17:45:59.029722, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 >[2011/12/13 17:45:59.029756, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.029791, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > opnum : 0x0039 (57) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 00 ........ ........ > [0010] 4D 00 41 00 53 00 54 00 45 00 52 00 00 00 00 00 M.A.S.T. E.R..... > [0020] 30 00 00 00 0... >[2011/12/13 17:45:59.030408, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.030445, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.030479, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.030515, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT2 >[2011/12/13 17:45:59.030555, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[57].fn == 0xb71dc070 >[2011/12/13 17:45:59.030598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_Connect2: struct samr_Connect2 > in: struct samr_Connect2 > system_name : * > system_name : 'MASTER' > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN >[2011/12/13 17:45:59.030808, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) > _samr_Connect2: 3932 >[2011/12/13 17:45:59.030857, 4] rpc_server/srv_access_check.c:104(access_check_object) > _samr_Connect2: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2011/12/13 17:45:59.030895, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.030972, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) > _samr_Connect2: 3961 >[2011/12/13 17:45:59.031005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_Connect2: struct samr_Connect2 > out: struct samr_Connect2 > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-e74e-4781f97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:59.031145, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.031185, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2011/12/13 17:45:59.031231, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.031269, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:59.031310, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000b (11) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:59.031701, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1006 >[2011/12/13 17:45:59.031745, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:59.031782, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:59.031816, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.031836, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:59.032128, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... > [0030] 00 . >[2011/12/13 17:45:59.032432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 160 >[2011/12/13 17:45:59.032487, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa0 >[2011/12/13 17:45:59.032522, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 164 (0 toread) >[2011/12/13 17:45:59.032555, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.032575, 5] lib/util.c:342(show_msg) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=14 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=93 >[2011/12/13 17:45:59.032964, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 0C 00 00 ........ .L...... > [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 0E 00 00 .4...... ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 11 02 00 ......NG ..{..... > [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [0050] 00 42 2F 60 33 A3 D6 6B 61 A8 69 E6 EC .B/`3..k a.i.. >[2011/12/13 17:45:59.033168, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.033204, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.033241, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=76 params=0 setup=2 >[2011/12/13 17:45:59.033278, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.033309, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.033341, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.033373, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.033407, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.033440, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 76 >[2011/12/13 17:45:59.033473, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 76 >[2011/12/13 17:45:59.033506, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 76 >[2011/12/13 17:45:59.033539, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.033572, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.033604, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2011/12/13 17:45:59.033636, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 60 >[2011/12/13 17:45:59.033670, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.033712, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2011/12/13 17:45:59.033745, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 60, incoming data = 60 >[2011/12/13 17:45:59.033778, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.033814, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x004c (76) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000034 (52) > context_id : 0x0000 (0) > opnum : 0x0007 (7) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=52 > [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 11 02 00 00 04 00 00 00 01 04 00 00 .{...... ........ > [0020] 00 00 00 05 15 00 00 00 42 2F 60 33 A3 D6 6B 61 ........ B/`3..ka > [0030] A8 69 E6 EC .i.. >[2011/12/13 17:45:59.034313, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.034347, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.034380, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.034416, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN >[2011/12/13 17:45:59.034452, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[7].fn == 0xb71e5360 >[2011/12/13 17:45:59.034492, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000e-0000-0000-e74e-4781f97b0000 > access_mask : 0x00000211 (529) > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-21-861941570-1634457251-3974523304 >[2011/12/13 17:45:59.034833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.034918, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) > found handle of type struct samr_connect_info >[2011/12/13 17:45:59.034968, 4] rpc_server/srv_access_check.c:68(access_check_object) > access_check_object: user rights access mask [0x10] >[2011/12/13 17:45:59.035004, 4] rpc_server/srv_access_check.c:104(access_check_object) > _samr_OpenDomain: access GRANTED (requested: 0x00000201, granted: 0x00000211) >[2011/12/13 17:45:59.035040, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.035122, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) > _samr_OpenDomain: 500 >[2011/12/13 17:45:59.035158, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-4781f97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:59.035289, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.035332, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 60 >[2011/12/13 17:45:59.035377, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.035414, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:59.035455, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000c (12) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:59.035845, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1006 >[2011/12/13 17:45:59.035888, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:59.035925, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:59.035960, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.035979, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=14 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:59.036265, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 0F 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... > [0030] 00 . >[2011/12/13 17:45:59.036905, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2011/12/13 17:45:59.036960, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2011/12/13 17:45:59.036996, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 176 (0 toread) >[2011/12/13 17:45:59.037029, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.037049, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=15 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=105 >[2011/12/13 17:45:59.037407, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 0D 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 32 00 00 00 00 00 0F 00 00 .@.....2 ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 0E 00 0E ......NG ..{..... > [0040] 00 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0050] 00 6D 00 61 00 73 00 74 00 65 00 72 00 24 00 00 .m.a.s.t .e.r.$.. > [0060] 00 00 01 00 00 B0 00 05 E0 ........ . >[2011/12/13 17:45:59.037636, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.037672, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.037709, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2011/12/13 17:45:59.037747, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.037778, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.037811, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.037843, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.037877, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.037911, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2011/12/13 17:45:59.037945, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2011/12/13 17:45:59.037977, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2011/12/13 17:45:59.038010, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.038044, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.038076, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:59.038108, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2011/12/13 17:45:59.038142, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.038174, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2011/12/13 17:45:59.038206, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2011/12/13 17:45:59.038240, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.038285, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x0032 (50) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 0E 00 0E 00 00 00 02 00 07 00 00 00 .{...... ........ > [0020] 00 00 00 00 07 00 00 00 6D 00 61 00 73 00 74 00 ........ m.a.s.t. > [0030] 65 00 72 00 24 00 00 00 00 01 00 00 B0 00 05 E0 e.r.$... ........ >[2011/12/13 17:45:59.038804, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.038842, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.038876, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.038911, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATEUSER2 >[2011/12/13 17:45:59.038948, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[50].fn == 0xb71dd480 >[2011/12/13 17:45:59.038992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_CreateUser2: struct samr_CreateUser2 > in: struct samr_CreateUser2 > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-4781f97b0000 > account_name : * > account_name: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'master$' > acct_flags : 0x00000100 (256) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 0: ACB_WSTRUST > 1: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION > 0: ACB_NO_AUTH_DATA_REQD > 0: ACB_PARTIAL_SECRETS_ACCOUNT > 0: ACB_USE_AES_KEYS > access_mask : 0xe00500b0 (3758424240) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP >[2011/12/13 17:45:59.039724, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.039803, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) > found handle of type struct samr_domain_info >[2011/12/13 17:45:59.039836, 10] rpc_server/samr/srv_samr_nt.c:3668(can_create) > Checking whether [master$] can be created >[2011/12/13 17:45:59.039870, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.039907, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.039941, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.039974, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.040006, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.040060, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: master$ => domain=[], name=[master$] >[2011/12/13 17:45:59.040096, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x071 >[2011/12/13 17:45:59.040129, 10] lib/util_wellknown.c:152(lookup_wellknown_name) > map_name_to_wellknown_sid: looking up master$ >[2011/12/13 17:45:59.040170, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.040203, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.040236, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.040268, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.040299, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.040440, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=master$)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:59.041068, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: master$ >[2011/12/13 17:45:59.041122, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username master$, was >[2011/12/13 17:45:59.041158, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.041192, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username master$, was >[2011/12/13 17:45:59.041233, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.041269, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.041320, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:59.041362, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:59.041401, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:59.041449, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:59.041489, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:59.041528, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name master, was >[2011/12/13 17:45:59.041569, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:59.041602, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.041641, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:59.041681, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\master_, was >[2011/12/13 17:45:59.041723, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:59.041758, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.041798, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:59.041837, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was >[2011/12/13 17:45:59.041879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:59.041919, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:59.041958, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:59.042009, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.042046, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.042079, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.042112, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.042143, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.042211, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.042260, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:59.042302, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:59.042342, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:59.042390, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user master$ >[2011/12/13 17:45:59.042428, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:59.042462, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:59.042500, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.042534, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.042567, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.042600, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.042631, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.042695, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.042734, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user master$ >[2011/12/13 17:45:59.042777, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is master$ >[2011/12/13 17:45:59.042924, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [master$]! >[2011/12/13 17:45:59.042987, 10] passdb/lookup_sid.c:1392(gid_to_sid) > gid 5005 -> sid S-1-5-21-861941570-1634457251-3974523304-11012 >[2011/12/13 17:45:59.043030, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) > do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11012) for group of user master$ >[2011/12/13 17:45:59.043068, 10] passdb/lookup_sid.c:964(lookup_sid) > lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11012' >[2011/12/13 17:45:59.043108, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) > Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 >[2011/12/13 17:45:59.043146, 10] passdb/lookup_sid.c:482(lookup_rids) > lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' >[2011/12/13 17:45:59.043184, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.043218, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.043251, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.043283, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.043315, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.043366, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 11012. >[2011/12/13 17:45:59.043403, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2011/12/13 17:45:59.043437, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.043469, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2011/12/13 17:45:59.043501, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.043532, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.043602, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:59.044016, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11012] count=0 >[2011/12/13 17:45:59.044086, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012))], scope => [2] >[2011/12/13 17:45:59.044550, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5005 >[2011/12/13 17:45:59.044614, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2011/12/13 17:45:59.044656, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:59.044729, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.044773, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) > lookup_rids: DC Backup Hosts:2 >[2011/12/13 17:45:59.044810, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.044846, 10] passdb/lookup_sid.c:999(lookup_sid) > Sid S-1-5-21-861941570-1634457251-3974523304-11012 -> X86ERR300S3\DC Backup Hosts(2) >[2011/12/13 17:45:59.044887, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.044921, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.044962, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.044997, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.045028, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.045094, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.045139, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username master$, was >[2011/12/13 17:45:59.045175, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.045208, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username master$, was >[2011/12/13 17:45:59.045241, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name master, was >[2011/12/13 17:45:59.045281, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\master_, was >[2011/12/13 17:45:59.045316, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.045350, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.045390, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was >[2011/12/13 17:45:59.045426, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:59.045462, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.045495, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.045528, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.045560, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.045593, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.045656, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.045694, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.045732, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 >[2011/12/13 17:45:59.045785, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 >[2011/12/13 17:45:59.045829, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.045876, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.045914, 5] rpc_server/samr/srv_samr_nt.c:3683(can_create) > trying to create master$, exists as User >[2011/12/13 17:45:59.045948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_CreateUser2: struct samr_CreateUser2 > out: struct samr_CreateUser2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > access_granted : * > access_granted : 0x00000000 (0) > rid : * > rid : 0x00000000 (0) > result : NT_STATUS_USER_EXISTS >[2011/12/13 17:45:59.046143, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.046193, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2011/12/13 17:45:59.046245, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.046284, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 32. >[2011/12/13 17:45:59.046325, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x0000000d (13) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 C0 ........ ....c... >[2011/12/13 17:45:59.046719, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 22 >[2011/12/13 17:45:59.046763, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 56 bytes. There is no more data outstanding >[2011/12/13 17:45:59.046813, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..56] (align 0) >[2011/12/13 17:45:59.046849, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.046869, 5] lib/util.c:342(show_msg) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=15 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2011/12/13 17:45:59.047160, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 38 00 00 00 0D 00 00 ........ .8...... > [0010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 63 00 00 C0 .....c.. . >[2011/12/13 17:45:59.047477, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 178 >[2011/12/13 17:45:59.047532, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb2 >[2011/12/13 17:45:59.047567, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 182 (0 toread) >[2011/12/13 17:45:59.047600, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.047620, 5] lib/util.c:342(show_msg) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=111 >[2011/12/13 17:45:59.047976, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 5E 00 00 00 0E 00 00 ........ .^...... > [0020] 00 46 00 00 00 00 00 11 00 00 00 00 00 0F 00 00 .F...... ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 01 00 00 ......NG ..{..... > [0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 0E 00 0E ........ ........ > [0050] 00 00 00 02 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0060] 00 6D 00 61 00 73 00 74 00 65 00 72 00 24 00 .m.a.s.t .e.r.$. >[2011/12/13 17:45:59.048211, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.048249, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.048287, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=94 params=0 setup=2 >[2011/12/13 17:45:59.048323, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.048354, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.048386, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.048418, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.048452, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.048485, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 94 >[2011/12/13 17:45:59.048519, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 94 >[2011/12/13 17:45:59.048552, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 94 >[2011/12/13 17:45:59.048585, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.048619, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.048650, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 78 >[2011/12/13 17:45:59.048682, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 78 >[2011/12/13 17:45:59.048752, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.048786, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 78 >[2011/12/13 17:45:59.048818, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 78, incoming data = 78 >[2011/12/13 17:45:59.048853, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.048889, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x005e (94) > auth_length : 0x0000 (0) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000046 (70) > context_id : 0x0000 (0) > opnum : 0x0011 (17) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=70 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 01 00 00 00 E8 03 00 00 00 00 00 00 .{...... ........ > [0020] 01 00 00 00 0E 00 0E 00 00 00 02 00 07 00 00 00 ........ ........ > [0030] 00 00 00 00 07 00 00 00 6D 00 61 00 73 00 74 00 ........ m.a.s.t. > [0040] 65 00 72 00 24 00 e.r.$. >[2011/12/13 17:45:59.049436, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.049471, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.049504, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.049540, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES >[2011/12/13 17:45:59.049576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[17].fn == 0xb71e3400 >[2011/12/13 17:45:59.049622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-4781f97b0000 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'master$' >[2011/12/13 17:45:59.049849, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) > _samr_LookupNames: 1636 >[2011/12/13 17:45:59.049886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.049963, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) > found handle of type struct samr_domain_info >[2011/12/13 17:45:59.049996, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) > _samr_LookupNames: looking name on SID S-1-5-21-861941570-1634457251-3974523304 >[2011/12/13 17:45:59.050034, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.050072, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.050105, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.050138, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.050169, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.050241, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(&(uid=master$)(objectClass=person))(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:59.050806, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: master$ >[2011/12/13 17:45:59.050860, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username master$, was >[2011/12/13 17:45:59.050897, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.050930, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username master$, was >[2011/12/13 17:45:59.050971, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.051006, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.051057, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2011/12/13 17:45:59.051108, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2011/12/13 17:45:59.051148, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2011/12/13 17:45:59.051186, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2011/12/13 17:45:59.051224, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2011/12/13 17:45:59.051262, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name master, was >[2011/12/13 17:45:59.051303, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2011/12/13 17:45:59.051335, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.051375, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2011/12/13 17:45:59.051414, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\master_, was >[2011/12/13 17:45:59.051456, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2011/12/13 17:45:59.051490, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.051530, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2011/12/13 17:45:59.051569, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was >[2011/12/13 17:45:59.051611, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:59.051649, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2011/12/13 17:45:59.051688, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2011/12/13 17:45:59.051739, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.051776, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.051809, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.051842, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.051874, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.051942, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.051991, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2011/12/13 17:45:59.052033, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2011/12/13 17:45:59.052073, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2011/12/13 17:45:59.052122, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user master$ >[2011/12/13 17:45:59.052160, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2011/12/13 17:45:59.052194, 9] passdb/pdb_ldap.c:1108(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2011/12/13 17:45:59.052231, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.052266, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.052299, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.052332, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.052372, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.052438, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.052477, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user master$ >[2011/12/13 17:45:59.052510, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is master$ >[2011/12/13 17:45:59.052545, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [master$]! >[2011/12/13 17:45:59.052580, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) > do lookup_sid(S-1-5-21-861941570-1634457251-3974523304-11012) for group of user master$ >[2011/12/13 17:45:59.052617, 10] passdb/lookup_sid.c:964(lookup_sid) > lookup_sid called for SID 'S-1-5-21-861941570-1634457251-3974523304-11012' >[2011/12/13 17:45:59.052657, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) > Accepting SID S-1-5-21-861941570-1634457251-3974523304 in level 1 >[2011/12/13 17:45:59.052725, 10] passdb/lookup_sid.c:482(lookup_rids) > lookup_rids called for domain sid 'S-1-5-21-861941570-1634457251-3974523304' >[2011/12/13 17:45:59.052772, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.052807, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.052841, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.052874, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.052905, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.052957, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 11012. >[2011/12/13 17:45:59.052994, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.053028, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.053060, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2011/12/13 17:45:59.053093, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.053124, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.053195, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012)(objectclass=sambaSamAccount))], scope => [2] >[2011/12/13 17:45:59.053602, 4] passdb/pdb_ldap.c:1672(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-861941570-1634457251-3974523304-11012] count=0 >[2011/12/13 17:45:59.053673, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=x86err300s3,dc=qa], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-861941570-1634457251-3974523304-11012))], scope => [2] >[2011/12/13 17:45:59.054124, 2] passdb/pdb_ldap.c:2424(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5005 >[2011/12/13 17:45:59.054187, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2011/12/13 17:45:59.054230, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute description does not exist >[2011/12/13 17:45:59.054275, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.054313, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) > lookup_rids: DC Backup Hosts:2 >[2011/12/13 17:45:59.054350, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.054387, 10] passdb/lookup_sid.c:999(lookup_sid) > Sid S-1-5-21-861941570-1634457251-3974523304-11012 -> X86ERR300S3\DC Backup Hosts(2) >[2011/12/13 17:45:59.054436, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.054473, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.054574, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.054616, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.054648, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.054716, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.054761, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username master$, was >[2011/12/13 17:45:59.054811, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.054846, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username master$, was >[2011/12/13 17:45:59.054880, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name master, was >[2011/12/13 17:45:59.054920, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\master_, was >[2011/12/13 17:45:59.054956, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.054992, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.055032, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was >[2011/12/13 17:45:59.055069, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:59.055105, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.055140, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.055173, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.055207, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.055239, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.055304, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.055342, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.055380, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 >[2011/12/13 17:45:59.055434, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 >[2011/12/13 17:45:59.055483, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.055526, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) > _samr_LookupNames: 1703 >[2011/12/13 17:45:59.055560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_LookupNames: struct samr_LookupNames > out: struct samr_LookupNames > rids : * > rids: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x0000138a (5002) > types : * > types: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000001 (1) > result : NT_STATUS_OK >[2011/12/13 17:45:59.055820, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.055863, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 78 >[2011/12/13 17:45:59.055908, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.055945, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 36. >[2011/12/13 17:45:59.055987, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x0000000e (14) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 01 00 00 00 04 00 02 00 01 00 00 00 8A 13 00 00 ........ ........ > [0010] 01 00 00 00 08 00 02 00 01 00 00 00 01 00 00 00 ........ ........ > [0020] 00 00 00 00 .... >[2011/12/13 17:45:59.056414, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 34 >[2011/12/13 17:45:59.056458, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 60 bytes. There is no more data outstanding >[2011/12/13 17:45:59.056495, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..60] (align 0) >[2011/12/13 17:45:59.056529, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.056549, 5] lib/util.c:342(show_msg) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2011/12/13 17:45:59.056868, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 0E 00 00 ........ .<...... > [0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 02 .$...... ........ > [0020] 00 01 00 00 00 8A 13 00 00 01 00 00 00 08 00 02 ........ ........ > [0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2011/12/13 17:45:59.057187, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 136 >[2011/12/13 17:45:59.057241, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x88 >[2011/12/13 17:45:59.057277, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 140 (0 toread) >[2011/12/13 17:45:59.057310, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.057331, 5] lib/util.c:342(show_msg) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=69 >[2011/12/13 17:45:59.057697, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 0F 00 00 ........ .4...... > [0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 0F 00 00 ......." ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... > [0040] 02 8A 13 00 00 ..... >[2011/12/13 17:45:59.057862, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.057898, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.057935, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=52 params=0 setup=2 >[2011/12/13 17:45:59.057972, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.058003, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.058035, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.058067, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.058101, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.058134, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 52 >[2011/12/13 17:45:59.058168, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2011/12/13 17:45:59.058201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 52 >[2011/12/13 17:45:59.058234, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.058268, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.058300, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2011/12/13 17:45:59.058332, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 36 >[2011/12/13 17:45:59.058366, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.058399, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2011/12/13 17:45:59.058431, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 36, incoming data = 36 >[2011/12/13 17:45:59.058465, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.058501, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0034 (52) > auth_length : 0x0000 (0) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000001c (28) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=28 > [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 00 00 00 02 8A 13 00 00 .{...... .... >[2011/12/13 17:45:59.058950, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.058985, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.059019, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.059055, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER >[2011/12/13 17:45:59.059091, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0xb71e0400 >[2011/12/13 17:45:59.059129, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_OpenUser: struct samr_OpenUser > in: struct samr_OpenUser > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000f-0000-0000-e74e-4781f97b0000 > access_mask : 0x02000000 (33554432) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 0: SAMR_USER_ACCESS_GET_ATTRIBUTES > 0: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 0: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > rid : 0x0000138a (5002) >[2011/12/13 17:45:59.059434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.059511, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) > found handle of type struct samr_domain_info >[2011/12/13 17:45:59.059551, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0xa0000000 to 0x0002035b >[2011/12/13 17:45:59.059587, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(2007, 5001) : sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.059624, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.059657, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.059690, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.059722, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.059778, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.059814, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.059847, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.059879, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.059911, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.059976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.060016, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.060050, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.060083, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.060124, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.060157, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.060220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.060264, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username master$, was >[2011/12/13 17:45:59.060300, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain X86ERR300S3, was >[2011/12/13 17:45:59.060334, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username master$, was >[2011/12/13 17:45:59.060367, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name master, was >[2011/12/13 17:45:59.060406, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir \\master\master_, was >[2011/12/13 17:45:59.060442, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive I:, was NULL >[2011/12/13 17:45:59.060477, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2011/12/13 17:45:59.060516, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\master\master_\windows-profiles\Samba, was >[2011/12/13 17:45:59.060552, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2011/12/13 17:45:59.060588, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.060622, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.060655, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2011/12/13 17:45:59.060688, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.060755, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.060824, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2011/12/13 17:45:59.060863, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 >[2011/12/13 17:45:59.060901, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-861941570-1634457251-3974523304-5002 from rid 5002 >[2011/12/13 17:45:59.060955, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-861941570-1634457251-3974523304-11012 >[2011/12/13 17:45:59.060997, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (2007, 5001) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.061038, 4] rpc_server/srv_access_check.c:104(access_check_object) > _samr_OpenUser: access GRANTED (requested: 0x0002035b, granted: 0x0002035b) >[2011/12/13 17:45:59.061075, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.061153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_OpenUser: struct samr_OpenUser > out: struct samr_OpenUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-e74e-4781f97b0000 > result : NT_STATUS_OK >[2011/12/13 17:45:59.061285, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.061323, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 36 >[2011/12/13 17:45:59.061379, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.061417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2011/12/13 17:45:59.061459, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x0000000f (15) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 00 00 00 00 .{...... >[2011/12/13 17:45:59.061848, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1238 >[2011/12/13 17:45:59.061892, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2011/12/13 17:45:59.061929, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2011/12/13 17:45:59.061963, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.061983, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2011/12/13 17:45:59.062266, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ > [0020] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 00 00 00 ......NG ..{..... > [0030] 00 . >[2011/12/13 17:45:59.062646, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 649 >[2011/12/13 17:45:59.062702, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x289 >[2011/12/13 17:45:59.062739, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 653 (0 toread) >[2011/12/13 17:45:59.062772, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.062804, 5] lib/util.c:342(show_msg) > size=649 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 565 (0x235) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 565 (0x235) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=27151 (0x6A0F) > smb_bcc=582 >[2011/12/13 17:45:59.063172, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 35 02 00 00 10 00 00 ........ .5...... > [0020] 00 1D 02 00 00 00 00 3A 00 00 00 00 00 10 00 00 .......: ........ > [0030] 00 00 00 00 00 E7 4E 47 81 F9 7B 00 00 18 00 18 ......NG ..{..... > [0040] 00 A7 74 41 B8 96 0F 68 6D 8D DE 94 EC 46 BF F8 ..tA...h m....F.. > [0050] D0 2A 7F 48 EF 22 75 58 58 34 56 6F 38 48 75 80 .*.H."uX X4Vo8Hu. > [0060] CF 0B E1 D9 94 9A FD 13 D7 5F BD F2 4B 45 83 89 ........ ._..KE.. > [0070] 14 BB A9 78 1D 32 BB 14 C6 AD A7 5A E3 88 2B D0 ...x.2.. ...Z..+. > [0080] 04 8C 20 98 40 AD 69 DE 74 D9 E3 73 D6 28 53 06 .. .@.i. t..s.(S. > [0090] E4 BB 29 1D 56 8A E0 1B FE 16 64 9F 97 EC 57 7F ..).V... ..d...W. > [00A0] 09 CD 38 24 44 C5 91 D4 2E A4 46 79 97 E7 45 79 ..8$D... ..Fy..Ey > [00B0] 58 0B 4A 6B B6 83 B7 92 50 AA D0 84 AC 54 A9 7D X.Jk.... P....T.} > [00C0] 61 52 8B 03 64 7A BF F2 5E C9 1F 78 2E 1C F2 19 aR..dz.. ^..x.... > [00D0] CD 75 13 96 90 01 2C 5B F8 F8 3D D9 0C FE 21 F4 .u....,[ ..=...!. > [00E0] 3A 48 91 F9 9F 5A 6B 0B 67 1F 9C 02 2E BC C2 32 :H...Zk. g......2 > [00F0] 9C 03 76 EC 23 E6 3C 44 BC 6B D0 5E E2 87 EB 8C ..v.#.<D .k.^.... > [0100] 44 27 EE DC FE E7 38 AC 76 6E 14 61 2E 4D B8 50 D'....8. vn.a.M.P > [0110] D4 D1 B3 75 68 F1 0C 74 EB FA 14 CA F8 8E 3D 70 ...uh..t ......=p > [0120] 12 3D 18 43 8C 7A 71 0A 77 C4 2A B6 14 69 7B 25 .=.C.zq. w.*..i{% > [0130] C4 CE 20 3D 68 1F D4 19 29 E7 AB 7A FD 49 4D 93 .. =h... )..z.IM. > [0140] BF 02 1D 30 14 2F A6 01 A6 8A 56 AB 1A 43 64 23 ...0./.. ..V..Cd# > [0150] 94 0E 04 CE 9D 90 F0 6D 2C 46 14 2E 3C 1A ED 69 .......m ,F..<..i > [0160] E1 3D D3 9E EB 28 55 55 B1 AF 89 EF AF 00 3F 78 .=...(UU ......?x > [0170] 3A B8 11 08 0A 2F E7 BA 08 8F 15 BA 9F AB 77 F7 :..../.. ......w. > [0180] C6 75 69 B6 60 C8 7B 07 6A 44 AF 05 A0 46 8D EA .ui.`.{. jD...F.. > [0190] CB EE C1 62 DF D3 BC 25 43 EC EA D0 5A 6F 1D 78 ...b...% C...Zo.x > [01A0] E6 B3 B3 A7 CB EF E8 98 E5 91 3A C6 7B A4 88 F0 ........ ..:.{... > [01B0] 16 33 D4 F2 BA 62 0B F4 15 46 61 A7 29 85 1D D7 .3...b.. .Fa.)... > [01C0] F0 CA 41 BD BD 80 8D 86 06 34 6F F5 42 8F FD 0E ..A..... .4o.B... > [01D0] D0 40 E9 A2 52 E0 EC 0A 74 C5 0A C1 F3 1B 99 B9 .@..R... t....... > [01E0] DD 58 40 AC C4 0C 80 CD 51 BF 95 48 83 DE FF F5 .X@..... Q..H.... > [01F0] D4 CB D0 07 46 98 C9 FF 16 C2 6C E6 1E 1D 80 37 ....F... ..l....7 >[2011/12/13 17:45:59.064131, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.064168, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.064206, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=565 params=0 setup=2 >[2011/12/13 17:45:59.064242, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2011/12/13 17:45:59.064273, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2011/12/13 17:45:59.064304, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2011/12/13 17:45:59.064335, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 6a0f) >[2011/12/13 17:45:59.064368, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0xb9780610 max_trans_reply: 4280 >[2011/12/13 17:45:59.064401, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 565 >[2011/12/13 17:45:59.064435, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 565 >[2011/12/13 17:45:59.064466, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 565 >[2011/12/13 17:45:59.064499, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 565, len_needed_to_complete_hdr = 16, receive_len = 0 >[2011/12/13 17:45:59.064532, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2011/12/13 17:45:59.064564, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 549 >[2011/12/13 17:45:59.064595, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 549 >[2011/12/13 17:45:59.064638, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2011/12/13 17:45:59.064671, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 549 >[2011/12/13 17:45:59.064734, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 549, incoming data = 549 >[2011/12/13 17:45:59.064772, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2011/12/13 17:45:59.064809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0235 (565) > auth_length : 0x0000 (0) > call_id : 0x00000010 (16) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000021d (541) > context_id : 0x0000 (0) > opnum : 0x003a (58) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=541 > [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 18 00 18 00 A7 74 41 B8 96 0F 68 6D .{...... .tA...hm > [0020] 8D DE 94 EC 46 BF F8 D0 2A 7F 48 EF 22 75 58 58 ....F... *.H."uXX > [0030] 34 56 6F 38 48 75 80 CF 0B E1 D9 94 9A FD 13 D7 4Vo8Hu.. ........ > [0040] 5F BD F2 4B 45 83 89 14 BB A9 78 1D 32 BB 14 C6 _..KE... ..x.2... > [0050] AD A7 5A E3 88 2B D0 04 8C 20 98 40 AD 69 DE 74 ..Z..+.. . .@.i.t > [0060] D9 E3 73 D6 28 53 06 E4 BB 29 1D 56 8A E0 1B FE ..s.(S.. .).V.... > [0070] 16 64 9F 97 EC 57 7F 09 CD 38 24 44 C5 91 D4 2E .d...W.. .8$D.... > [0080] A4 46 79 97 E7 45 79 58 0B 4A 6B B6 83 B7 92 50 .Fy..EyX .Jk....P > [0090] AA D0 84 AC 54 A9 7D 61 52 8B 03 64 7A BF F2 5E ....T.}a R..dz..^ > [00A0] C9 1F 78 2E 1C F2 19 CD 75 13 96 90 01 2C 5B F8 ..x..... u....,[. > [00B0] F8 3D D9 0C FE 21 F4 3A 48 91 F9 9F 5A 6B 0B 67 .=...!.: H...Zk.g > [00C0] 1F 9C 02 2E BC C2 32 9C 03 76 EC 23 E6 3C 44 BC ......2. .v.#.<D. > [00D0] 6B D0 5E E2 87 EB 8C 44 27 EE DC FE E7 38 AC 76 k.^....D '....8.v > [00E0] 6E 14 61 2E 4D B8 50 D4 D1 B3 75 68 F1 0C 74 EB n.a.M.P. ..uh..t. > [00F0] FA 14 CA F8 8E 3D 70 12 3D 18 43 8C 7A 71 0A 77 .....=p. =.C.zq.w > [0100] C4 2A B6 14 69 7B 25 C4 CE 20 3D 68 1F D4 19 29 .*..i{%. . =h...) > [0110] E7 AB 7A FD 49 4D 93 BF 02 1D 30 14 2F A6 01 A6 ..z.IM.. ..0./... > [0120] 8A 56 AB 1A 43 64 23 94 0E 04 CE 9D 90 F0 6D 2C .V..Cd#. ......m, > [0130] 46 14 2E 3C 1A ED 69 E1 3D D3 9E EB 28 55 55 B1 F..<..i. =...(UU. > [0140] AF 89 EF AF 00 3F 78 3A B8 11 08 0A 2F E7 BA 08 .....?x: ..../... > [0150] 8F 15 BA 9F AB 77 F7 C6 75 69 B6 60 C8 7B 07 6A .....w.. ui.`.{.j > [0160] 44 AF 05 A0 46 8D EA CB EE C1 62 DF D3 BC 25 43 D...F... ..b...%C > [0170] EC EA D0 5A 6F 1D 78 E6 B3 B3 A7 CB EF E8 98 E5 ...Zo.x. ........ > [0180] 91 3A C6 7B A4 88 F0 16 33 D4 F2 BA 62 0B F4 15 .:.{.... 3...b... > [0190] 46 61 A7 29 85 1D D7 F0 CA 41 BD BD 80 8D 86 06 Fa.).... .A...... > [01A0] 34 6F F5 42 8F FD 0E D0 40 E9 A2 52 E0 EC 0A 74 4o.B.... @..R...t > [01B0] C5 0A C1 F3 1B 99 B9 DD 58 40 AC C4 0C 80 CD 51 ........ X@.....Q > [01C0] BF 95 48 83 DE FF F5 D4 CB D0 07 46 98 C9 FF 16 ..H..... ...F.... > [01D0] C2 6C E6 1E 1D 80 37 47 86 43 E6 AC 7F 7F 35 FC .l....7G .C....5. > [01E0] 0B 86 50 DB D1 9F 18 40 5E 95 75 E5 15 A0 18 22 ..P....@ ^.u...." > [01F0] 95 E3 9E 7A 27 1D E1 4F 09 73 97 49 38 BD 9D 77 ...z'..O .s.I8..w > [0200] BE FC 9C 12 1F 38 69 D8 96 2E 76 68 07 15 BE A0 .....8i. ..vh.... > [0210] 05 81 CC DF 33 0D AA FD 31 4B 57 CB 00 ....3... 1KW.. >[2011/12/13 17:45:59.066484, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2011/12/13 17:45:59.066519, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2011/12/13 17:45:59.066554, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\samr >[2011/12/13 17:45:59.066590, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \samr op 0x3a - api_rpcTNP: rpc command: SAMR_SETUSERINFO2 >[2011/12/13 17:45:59.066626, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[58].fn == 0xb71dbdd0 >[2011/12/13 17:45:59.066668, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_SetUserInfo2: struct samr_SetUserInfo2 > in: struct samr_SetUserInfo2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000010-0000-0000-e74e-4781f97b0000 > level : UserInternal5Information (24) > info : * > info : union samr_UserInfo(case 24) > info24: struct samr_UserInfo24 > password: struct samr_CryptPassword > data : a77441b8960f686d8dde94ec46bff8d02a7f48ef2275585834566f38487580cf0be1d9949afd13d75fbdf24b45838914bba9781d32bb14c6ada75ae3882bd0048c209840ad69de74d9e373d6285306e4bb291d568ae01bfe16649f97ec577f09cd382444c591d42ea4467997e74579580b4a6bb683b79250aad084ac54a97d61528b03647abff25ec91f782e1cf219cd75139690012c5bf8f83dd90cfe21f43a4891f99f5a6b0b671f9c022ebcc2329c0376ec23e63c44bc6bd05ee287eb8c4427eedcfee738ac766e14612e4db850d4d1b37568f10c74ebfa14caf88e3d70123d18438c7a710a77c42ab614697b25c4ce203d681fd41929e7ab7afd494d93bf021d30142fa601a68a56ab1a436423940e04ce9d90f06d2c46142e3c1aed69e13dd39eeb285555b1af89efaf003f783ab811080a2fe7ba088f15ba9fab77f7c67569b660c87b076a44af05a0468deacbeec162dfd3bc2543ecead05a6f1d78e6b3b3a7cbefe898e5913ac67ba488f01633d4f2ba620bf4154661a729851dd7f0ca41bdbd808d8606346ff5428ffd0ed040e9a252e0ec0a74c50ac1f31b99b9dd5840acc40c80cd51bf954883defff5d4cbd0074698c9ff16c26ce61e1d8037478643e6ac7f7f35fc0b8650dbd19f18405e9575e515a0182295e39e7a271de14f0973974938 +> > bd9d77befc9c121f3869d8962e76680715bea00581ccdf330daafd314b57cb > password_expired : 0x00 (0) >[2011/12/13 17:45:59.067059, 5] rpc_server/samr/srv_samr_nt.c:5008(_samr_SetUserInfo) > _samr_SetUserInfo: 5008 >[2011/12/13 17:45:59.067096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 E7 4E 47 81 ........ .....NG. > [0010] F9 7B 00 00 .{.. >[2011/12/13 17:45:59.067170, 2] rpc_server/rpc_handles.c:404(_policy_handle_find) > rpc_server/samr/srv_samr_nt.c:5063: ACCESS DENIED (granted: 0x0002035b; required: 0x00000080) >[2011/12/13 17:45:59.067205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > samr_SetUserInfo2: struct samr_SetUserInfo2 > out: struct samr_SetUserInfo2 > result : NT_STATUS_ACCESS_DENIED >[2011/12/13 17:45:59.067270, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2011/12/13 17:45:59.067308, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 549 >[2011/12/13 17:45:59.067355, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \samr len: 4280 >[2011/12/13 17:45:59.067393, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. >[2011/12/13 17:45:59.067444, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x001c (28) > auth_length : 0x0000 (0) > call_id : 0x00000010 (16) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000004 (4) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4 > [0000] 22 00 00 C0 "... >[2011/12/13 17:45:59.067793, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 22 >[2011/12/13 17:45:59.067836, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 28 bytes. There is no more data outstanding >[2011/12/13 17:45:59.067873, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..28] (align 0) >[2011/12/13 17:45:59.067907, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.067927, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2011/12/13 17:45:59.068209, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 10 00 00 ........ ........ > [0010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."... >[2011/12/13 17:45:59.068639, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2011/12/13 17:45:59.068724, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2011/12/13 17:45:59.069018, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 45 (0 toread) >[2011/12/13 17:45:59.069053, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.069073, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=19 > smt_wct=3 > smb_vwv[ 0]=27151 (0x6A0F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2011/12/13 17:45:59.069374, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.069402, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.069438, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2011/12/13 17:45:59.069473, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=27151 (numopen=1) >[2011/12/13 17:45:59.069508, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Thu Jan 1 00:59:59 1970 >[2011/12/13 17:45:59.069551, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \samr >[2011/12/13 17:45:59.069592, 5] smbd/files.c:482(file_free) > freed files structure 27151 (0 used) >[2011/12/13 17:45:59.069629, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.069649, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=19 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:59.069818, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.069957, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 35 >[2011/12/13 17:45:59.070010, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2011/12/13 17:45:59.070045, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 39 (0 toread) >[2011/12/13 17:45:59.070079, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.070098, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=20 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:59.070256, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.070279, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 31737) conn 0xb9787f50 >[2011/12/13 17:45:59.070313, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.070346, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.070378, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.070430, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:59.070467, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.070501, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.070532, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.070581, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:59.070615, 3] smbd/service.c:1378(close_cnum) > master (10.200.8.180) closed connection to service IPC$ >[2011/12/13 17:45:59.070655, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ >[2011/12/13 17:45:59.070746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F97B0000FFFFFFFF12FF >[2011/12/13 17:45:59.070788, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9777658 >[2011/12/13 17:45:59.070845, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F97B0000FFFFFFFF12FF >[2011/12/13 17:45:59.070941, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2011/12/13 17:45:59.070980, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.071013, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.071045, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.071094, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:59.071136, 5] lib/util.c:332(show_msg) >[2011/12/13 17:45:59.071157, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=31735 > smb_uid=100 > smb_mid=20 > smt_wct=0 > smb_bcc=0 >[2011/12/13 17:45:59.071318, 10] ../lib/util/util.c:415(dump_data) >[2011/12/13 17:45:59.071724, 5] lib/util_sock.c:319(read_fd_with_timeout) > read_fd_with_timeout: blocking read. EOF from client. >[2011/12/13 17:45:59.071777, 5] smbd/process.c:457(receive_smb_talloc) > receive_smb_raw_talloc failed for client 10.200.8.180 read error = NT_STATUS_END_OF_FILE. >[2011/12/13 17:45:59.071818, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2011/12/13 17:45:59.071854, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2011/12/13 17:45:59.071886, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2011/12/13 17:45:59.071936, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2011/12/13 17:45:59.072210, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F33313733372F31 >[2011/12/13 17:45:59.072257, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb97c0578 >[2011/12/13 17:45:59.078402, 4] auth/pampass.c:483(smb_pam_start) > smb_pam_start: PAM: Init user: user1 >[2011/12/13 17:45:59.081720, 4] auth/pampass.c:492(smb_pam_start) > smb_pam_start: PAM: setting rhost to: 10.200.8.180 >[2011/12/13 17:45:59.081769, 4] auth/pampass.c:501(smb_pam_start) > smb_pam_start: PAM: setting tty >[2011/12/13 17:45:59.081803, 4] auth/pampass.c:509(smb_pam_start) > smb_pam_start: PAM: Init passed for user: user1 >[2011/12/13 17:45:59.081836, 4] auth/pampass.c:646(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/31737/100 >[2011/12/13 17:45:59.082795, 4] auth/pampass.c:465(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2011/12/13 17:45:59.082861, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F33313733372F31 >[2011/12/13 17:45:59.082989, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (failed to receive smb request) >[2011/12/13 17:45:59.084487, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key F97B0000FFFFFFFF >[2011/12/13 17:45:59.084559, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb9770548 >[2011/12/13 17:45:59.084603, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key F97B0000FFFFFFFF > > >### /var/log/samba/log.nmbd > Allocated locked data 0x0xb8a47610 >[2011/12/13 17:45:15, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 99770000FFFFFFFF >[2011/12/13 17:45:35, 0] nmbd/nmbd.c:861(main) > nmbd version 3.6.6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter syslog = 0 > doing parameter max log size = 1000000 > doing parameter max open files = 32808 > doing parameter server string = %h univention corporate server > doing parameter netbios name = master >[2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) > handle_netbios_name: set global_myname to: MASTER > doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" > doing parameter auth methods = guest sam winbind > doing parameter ldap suffix = dc=x86err300s3,dc=qa > doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" > doing parameter ldap ssl = start tls > doing parameter passdb expand explicit = no > doing parameter ldap idmap suffix = cn=idmap,cn=univention > doing parameter idmap config * : backend = ldap > doing parameter idmap config * : range = 55000-64000 > doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 > doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa > doing parameter idmap config X86ERR300S3 : backend = nss > doing parameter idmap config X86ERR300S3 : range = 1000-54999 > doing parameter winbind max clients = 500 > doing parameter winbind nested groups = no > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter winbind separator = + > doing parameter template shell = /bin/bash > doing parameter template homedir = /home/%D-%U > doing parameter pam password change = no > doing parameter unix password sync = yes > doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" > doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* > doing parameter passwd chat timeout = 60 > doing parameter client use spnego = yes > doing parameter obey pam restrictions = yes > doing parameter encrypt passwords = yes > doing parameter load printers = yes > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter security = user > doing parameter domain logons = yes > doing parameter domain master = yes > doing parameter preferred master = yes > doing parameter local master = yes > doing parameter os level = 65 > doing parameter wins support = yes > doing parameter workgroup = X86ERR300S3 > doing parameter oplocks = yes > doing parameter kernel oplocks = yes > doing parameter large readwrite = yes > doing parameter deadtime = 15 > doing parameter read raw = yes > doing parameter write raw = yes > doing parameter max xmit = 65535 > doing parameter getwd cache = yes > doing parameter wide links = no > doing parameter store dos attributes = yes > doing parameter logon home = \\master\%U > doing parameter logon drive = I: > doing parameter logon path = \\master\%U\windows-profiles\%a > doing parameter preserve case = yes > doing parameter short preserve case = yes > doing parameter time server = yes > doing parameter host msdfs = no > doing parameter msdfs root = no > doing parameter guest account = nobody > doing parameter map to guest = Bad User > doing parameter admin users = administrator join-backup > doing parameter set quota command = /usr/sbin/univention-setquota > doing parameter check password script = /usr/share/univention-samba/password_check %u > doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" > doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" > doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" > doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" > doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" > doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" > doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" > doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" > doing parameter usershare max shares = 0 > doing parameter include = /etc/samba/base.conf >[2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" >[2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) > pm_process() returned Yes >[2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_PDC >[2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35, 2] lib/tallocmsg.c:124(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE >[2011/12/13 17:45:35, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2011/12/13 17:45:35, 3] param/loadparm.c:9595(lp_load_ex) > lp_load_ex: refreshing parameters >[2011/12/13 17:45:35, 3] param/loadparm.c:5212(init_globals) > Initialising global parameters >[2011/12/13 17:45:35, 2] param/loadparm.c:5005(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >[2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2011/12/13 17:45:35, 3] param/loadparm.c:8333(do_section) > Processing section "[global]" > doing parameter debug level = 10 >[2011/12/13 17:45:35, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter syslog = 0 > doing parameter max log size = 1000000 > doing parameter max open files = 32808 > doing parameter server string = %h univention corporate server > doing parameter netbios name = master >[2011/12/13 17:45:35, 4] param/loadparm.c:7584(handle_netbios_name) > handle_netbios_name: set global_myname to: MASTER > doing parameter passdb backend = ldapsam:"ldap://master.x86err300s3.qa:7389" > doing parameter auth methods = guest sam winbind > doing parameter ldap suffix = dc=x86err300s3,dc=qa > doing parameter ldap admin dn = "cn=admin,dc=x86err300s3,dc=qa" > doing parameter ldap ssl = start tls > doing parameter passdb expand explicit = no > doing parameter ldap idmap suffix = cn=idmap,cn=univention > doing parameter idmap config * : backend = ldap > doing parameter idmap config * : range = 55000-64000 > doing parameter idmap config * : ldap_url = ldap://master.x86err300s3.qa:7389 > doing parameter idmap config * : ldap_user_dn = cn=admin,dc=x86err300s3,dc=qa > doing parameter idmap config X86ERR300S3 : backend = nss > doing parameter idmap config X86ERR300S3 : range = 1000-54999 > doing parameter winbind max clients = 500 > doing parameter winbind nested groups = no > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter winbind separator = + > doing parameter template shell = /bin/bash > doing parameter template homedir = /home/%D-%U > doing parameter pam password change = no > doing parameter unix password sync = yes > doing parameter passwd program = /usr/share/univention-admin-tools/univention-passwd --binddn "cn=admin,dc=x86err300s3,dc=qa" --pwdfile "/etc/ldap.secret" --user "%u" > doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *password*changed* > doing parameter passwd chat timeout = 60 > doing parameter client use spnego = yes > doing parameter obey pam restrictions = yes > doing parameter encrypt passwords = yes > doing parameter load printers = yes > doing parameter printing = cups > doing parameter printcap name = cups > doing parameter security = user > doing parameter domain logons = yes > doing parameter domain master = yes > doing parameter preferred master = yes > doing parameter local master = yes > doing parameter os level = 65 > doing parameter wins support = yes > doing parameter workgroup = X86ERR300S3 > doing parameter oplocks = yes > doing parameter kernel oplocks = yes > doing parameter large readwrite = yes > doing parameter deadtime = 15 > doing parameter read raw = yes > doing parameter write raw = yes > doing parameter max xmit = 65535 > doing parameter getwd cache = yes > doing parameter wide links = no > doing parameter store dos attributes = yes > doing parameter logon home = \\master\%U > doing parameter logon drive = I: > doing parameter logon path = \\master\%U\windows-profiles\%a > doing parameter preserve case = yes > doing parameter short preserve case = yes > doing parameter time server = yes > doing parameter host msdfs = no > doing parameter msdfs root = no > doing parameter guest account = nobody > doing parameter map to guest = Bad User > doing parameter admin users = administrator join-backup > doing parameter set quota command = /usr/sbin/univention-setquota > doing parameter check password script = /usr/share/univention-samba/password_check %u > doing parameter add user script = /usr/share/univention-admin-tools/univention-adduser "%u" > doing parameter delete user script = /usr/share/univention-admin-tools/univention-deluser "%u" > doing parameter add group script = /usr/share/univention-admin-tools/univention-addgroup "%g" > doing parameter delete group script = /usr/share/univention-admin-tools/univention-delgroup "%g" > doing parameter add user to group script = /usr/share/univention-admin-tools/univention-adduser "%u" "%g" > doing parameter delete user from group script = /usr/share/univention-admin-tools/univention-deluser "%u" "%g" > doing parameter add machine script = /usr/share/univention-admin-tools/univention-addmachine "%u" > doing parameter set primary group script = /usr/share/univention-admin-tools/univention-setprimarygroup "%u" "%g" > doing parameter usershare max shares = 0 > doing parameter include = /etc/samba/base.conf >[2011/12/13 17:45:35, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/base.conf" >[2011/12/13 17:45:35, 4] param/loadparm.c:9631(lp_load_ex) > pm_process() returned Yes >[2011/12/13 17:45:35, 7] param/loadparm.c:9857(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2011/12/13 17:45:35, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_PDC >[2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35, 3] nmbd/nmbd.c:383(reload_nmbd_services) > services not loaded >[2011/12/13 17:45:35, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:35, 5] lib/util.c:242(init_names) > Netbios name list:- > my_netbios_names[0]="MASTER" >[2011/12/13 17:45:35, 6] param/loadparm.c:7513(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/base.conf -> /etc/samba/base.conf last mod_time: Tue Dec 13 17:28:35 2011 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Dec 13 17:30:13 2011 > >[2011/12/13 17:45:35, 2] nmbd/nmbd.c:894(main) > Becoming a daemon. >[2011/12/13 17:45:35, 0] nmbd/asyncdns.c:157(start_async_dns) > started asyncdns process 31646 >[2011/12/13 17:45:35, 8] ../lib/util/util.c:263(fcntl_lock) > fcntl_lock 8 13 0 1 1 >[2011/12/13 17:45:35, 8] ../lib/util/util.c:298(fcntl_lock) > fcntl_lock: Lock call successful >[2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 9C7B0000FFFFFFFF >[2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0xb7b9b5c0 >[2011/12/13 17:45:35, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 9C7B0000FFFFFFFF >[2011/12/13 17:45:35, 4] lib/time.c:384(TimeInit) > TimeInit: Serverzone is -3600 >[2011/12/13 17:45:35, 3] nmbd/nmbd.c:963(main) > Opening sockets 137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 138 >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 3] nmbd/nmbd.c:733(open_sockets) > open_sockets: Broadcast sockets opened. >[2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=2001:4dd0:ff00:8c42:ff08::180 bcast=2001:4dd0:ff00:8c42:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: >[2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=fe80::5054:ff:febb:90c5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2011/12/13 17:45:35, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=10.200.8.180 bcast=10.200.8.255 netmask=255.255.255.0 >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 137 >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 137 >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 138 >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 138 >[2011/12/13 17:45:35, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 1 > SO_BROADCAST = 1 > Could not test socket option TCP_NODELAY. > Could not test socket option TCP_KEEPCNT. > Could not test socket option TCP_KEEPIDLE. > Could not test socket option TCP_KEEPINTVL. > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 112640 > SO_RCVBUF = 112640 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Could not test socket option TCP_QUICKACK. >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) > making subnet name:10.200.8.180 Broadcast address:10.200.8.255 Subnet mask:255.255.255.0 >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:297(create_subnets) > create_subnets: ignoring non IPv4 interface. >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:297(create_subnets) > create_subnets: ignoring non IPv4 interface. >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) > making subnet name:UNICAST_SUBNET Broadcast address:10.200.8.180 Subnet mask:10.200.8.180 >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) > making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 >[2011/12/13 17:45:35, 2] nmbd/nmbd_subnetdb.c:180(make_subnet) > making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 >[2011/12/13 17:45:35, 4] ../libcli/nbt/lmhosts.c:41(startlmhosts) > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was Datei oder Verzeichnis nicht gefunden >[2011/12/13 17:45:35, 2] nmbd/nmbd_lmhosts.c:43(load_lmhosts_file) > load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was Datei oder Verzeichnis nicht gefunden >[2011/12/13 17:45:35, 3] nmbd/nmbd.c:985(main) > Loaded hosts file /etc/samba/lmhosts >[2011/12/13 17:45:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: X86ERR300S3#1e ttl = 258284 first IP 0.0.0.0 flags = e4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 0.0.0.0 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: X86ERR300S3#1c ttl = 258284 first IP 10.200.8.180 flags = e4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: MASTER#20 ttl = 258284 first IP 10.200.8.180 flags = 66 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: X86ERR300S3#00 ttl = 258284 first IP 0.0.0.0 flags = e4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 0.0.0.0 ttl=258284 nb_flags=e4 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: MASTER#03 ttl = 258284 first IP 10.200.8.180 flags = 66 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: X86ERR300S3#1b ttl = 258284 first IP 10.200.8.180 flags = 64 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=258284 nb_flags=64 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_winsserver.c:767(initialise_wins) > initialise_wins: add name: MASTER#00 ttl = 258284 first IP 10.200.8.180 flags = 66 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=258284 nb_flags=66 to subnet WINS_SERVER_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:189(create_workgroup_on_subnet) > create_workgroup_on_subnet: creating group X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name MASTER<20> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7980 to subnet 10.200.8.180. num_records:1 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name MASTER<03> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7981 to subnet 10.200.8.180. num_records:2 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name MASTER<00> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7982 to subnet 10.200.8.180. num_records:3 >[2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:239(initiate_myworkgroup_startup) > initiate_myworkgroup_startup: preferred master startup for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<00> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7983 to subnet 10.200.8.180. num_records:4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1e> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7984 to subnet 10.200.8.180. num_records:5 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 3] nmbd/nmbd_serverlistdb.c:132(create_server_on_workgroup) > create_server_on_workgroup: Created server entry MASTER of type 40019a2b (master univention corporate server) on workgroup X86ERR300S3. >[2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:259(initiate_myworkgroup_startup) > initiate_myworkgroup_startup: Added server name entry MASTER on subnet 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:189(create_workgroup_on_subnet) > create_workgroup_on_subnet: creating group X86ERR300S3 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name MASTER<20> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) > initiate_multihomed_name_register_packet: sending registration for name MASTER<20> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7985 to subnet UNICAST_SUBNET. num_records:6 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name MASTER<03> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) > initiate_multihomed_name_register_packet: sending registration for name MASTER<03> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7986 to subnet UNICAST_SUBNET. num_records:7 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name MASTER<00> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) > initiate_multihomed_name_register_packet: sending registration for name MASTER<00> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7987 to subnet UNICAST_SUBNET. num_records:8 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name X86ERR300S3<00> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<00> (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7988 to subnet UNICAST_SUBNET. num_records:9 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name X86ERR300S3<1e> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1e> (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7989 to subnet UNICAST_SUBNET. num_records:10 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 3] nmbd/nmbd_serverlistdb.c:132(create_server_on_workgroup) > create_server_on_workgroup: Created server entry MASTER of type 40019a2b (master univention corporate server) on workgroup X86ERR300S3. >[2011/12/13 17:45:35, 3] nmbd/nmbd_workgroupdb.c:259(initiate_myworkgroup_startup) > initiate_myworkgroup_startup: Added server name entry MASTER on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<20> source=2 >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<03> source=2 >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<00> source=2 >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<00> source=2 >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name *<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet REMOTE_BROADCAST_SUBNET >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 3] nmbd/nmbd_sendannounce.c:209(send_host_announcement) > send_host_announcement: type 19a2b for host MASTER on subnet 10.200.8.180 for workgroup X86ERR300S3 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1d> IP 10.200.8.255 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char ..`...MASTER.... hex 01 00 60 ea 00 00 4d 41 53 54 45 52 00 00 00 00 > 10 char ........+.....U. hex 00 00 00 00 00 00 04 09 2b 9a 01 00 0f 01 55 aa > 20 char master univentio hex 6d 61 73 74 65 72 20 75 6e 69 76 65 6e 74 69 6f > 30 char n corporate serv hex 6e 20 63 6f 72 70 6f 72 61 74 65 20 73 65 72 76 > 40 char er. hex 65 72 00 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 235 to (10.200.8.255) on port 138 >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40019a2b (master univention corporate server) >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40019a2b (master univention corporate server) >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1d> NOT FOUND >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1d> NOT FOUND >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) > initiate_name_query_packet: sending query for name X86ERR300S3<1d> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7991 to subnet 10.200.8.180. num_records:11 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1c> NOT FOUND >[2011/12/13 17:45:35, 0] nmbd/nmbd_logonnames.c:162(add_logon_names) > add_domain_logon_names: > Attempting to become logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:35, 2] nmbd/nmbd_logonnames.c:135(become_logon_server) > become_logon_server: Atempting to become logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) > become_logon_server: go to first stage: register X86ERR300S3<1c> name >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1c> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7992 to subnet 10.200.8.180. num_records:12 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1c> NOT FOUND >[2011/12/13 17:45:35, 0] nmbd/nmbd_logonnames.c:162(add_logon_names) > add_domain_logon_names: > Attempting to become logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 2] nmbd/nmbd_logonnames.c:135(become_logon_server) > become_logon_server: Atempting to become logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 3] nmbd/nmbd_logonnames.c:138(become_logon_server) > become_logon_server: go to first stage: register X86ERR300S3<1c> name >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=259200 nb_flags=e4 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name X86ERR300S3<1c> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1c> (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7993 to subnet UNICAST_SUBNET. num_records:13 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:35, 0] nmbd/nmbd_become_dmb.c:339(become_domain_master_browser_wins) > become_domain_master_browser_wins: > Attempting to become domain master browser on workgroup X86ERR300S3, subnet UNICAST_SUBNET. >[2011/12/13 17:45:35, 0] nmbd/nmbd_become_dmb.c:353(become_domain_master_browser_wins) > become_domain_master_browser_wins: querying WINS server from IP 10.200.8.180 for domain master browser name X86ERR300S3<1b> on workgroup X86ERR300S3 >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) > initiate_name_query_packet: sending query for name X86ERR300S3<1b> (bcast=No) to IP 10.200.8.180 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:173(send_netbios_packet) > send_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7994 to subnet UNICAST_SUBNET. num_records:14 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 235 from (10.200.8.180) port 138 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 235 from (10.200.8.180) port 138 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) > wins_process_name_query: name query for name X86ERR300S3<1b> from IP 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:2085(wins_process_name_query_request) > wins_process_name_query: name query for name X86ERR300S3<1b> returning first IP 10.200.8.180. >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_query X86ERR300S3<1b> to ip 10.200.8.180 for id 7994 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=258284 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7994 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=258284 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7994 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 5] nmbd/nmbd_namequery.c:95(query_name_response) > query_name_response: On subnet UNICAST_SUBNET - positive response from IP 10.200.8.180 for name X86ERR300S3<1b>. IP of that name is 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_become_dmb.c:226(become_domain_master_query_success) > become_domain_master_query_success(): > Our address (10.200.8.180) returned in query for name X86ERR300S3<1b> (domain master browser name) on subnet UNICAST_SUBNET. > Continuing with domain master code. >[2011/12/13 17:45:35, 2] nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1) > become_domain_master_stage1: Becoming domain master browser for workgroup X86ERR300S3 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 3] nmbd/nmbd_become_dmb.c:190(become_domain_master_stage1) > become_domain_master_stage1: go to first stage: register <1b> name >[2011/12/13 17:45:35, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=259200 nb_flags=64 to subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 6] nmbd/nmbd_nameregister.c:331(multihomed_register_one) > Registering name X86ERR300S3<1b> IP 10.200.8.180 with WINS server 127.0.0.1 using tag '*' >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:380(initiate_multihomed_name_register_packet) > initiate_multihomed_name_register_packet: sending registration for name X86ERR300S3<1b> IP 10.200.8.180 (bcast=No) to IP 127.0.0.1 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (127.0.0.1) on port 137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7995 to subnet UNICAST_SUBNET. num_records:15 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7985 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7985 opcode=Multi-homed Registration(15) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=MASTER<20> q_type=32 q_class=1 > additional: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 > additional 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) > wins_process_multihomed_name_registration_request: name registration for name MASTER<20> IP 10.200.8.180 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<20> to ip 10.200.8.180 for id 7985 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7985 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7985 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<20> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7985 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 5] lib/gencache.c:68(gencache_init) > Opening cache file at /var/run/samba/gencache.tdb >[2011/12/13 17:45:35, 5] lib/gencache.c:111(gencache_init) > Opening cache file at /var/run/samba/gencache_notrans.tdb >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180 and timeout = Thu Jan 1 01:00:00 1970 > (-1323794735 seconds in the past) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<20>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7986 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7986 opcode=Multi-homed Registration(15) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=MASTER<03> q_type=32 q_class=1 > additional: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 > additional 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) > wins_process_multihomed_name_registration_request: name registration for name MASTER<03> IP 10.200.8.180 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<03> to ip 10.200.8.180 for id 7986 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7986 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7986 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<03> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7986 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<03>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7987 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7987 opcode=Multi-homed Registration(15) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=MASTER<00> q_type=32 q_class=1 > additional: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 > additional 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) > wins_process_multihomed_name_registration_request: name registration for name MASTER<00> IP 10.200.8.180 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg MASTER<00> to ip 10.200.8.180 for id 7987 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7987 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7987 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=MASTER<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7987 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name MASTER<00>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7988 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=X86ERR300S3<00> q_type=32 q_class=1 > additional: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 > additional 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) > wins_process_name_registration_request: Group name registration for name X86ERR300S3<00> IP 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) > wins_process_name_registration_request: Adding IP 0.0.0.0 to group name X86ERR300S3<00>. >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<00> to ip 10.200.8.180 for id 7988 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7988 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7988 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<00>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7989 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=X86ERR300S3<1e> q_type=32 q_class=1 > additional: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 > additional 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) > wins_process_name_registration_request: Group name registration for name X86ERR300S3<1e> IP 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) > wins_process_name_registration_request: Adding IP 0.0.0.0 to group name X86ERR300S3<1e>. >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1e> to ip 10.200.8.180 for id 7989 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7989 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1e> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7989 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1e>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7993 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=X86ERR300S3<1c> q_type=32 q_class=1 > additional: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 > additional 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1186(wins_process_name_registration_request) > wins_process_name_registration_request: Group name registration for name X86ERR300S3<1c> IP 10.200.8.180 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1270(wins_process_name_registration_request) > wins_process_name_registration_request: Adding IP 10.200.8.180 to group name X86ERR300S3<1c>. >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1c> to ip 10.200.8.180 for id 7993 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7993 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1c> rr_type=32 rr_class=1 ttl=259200 > answers 0 char ...... hex E0000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7993 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1c>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:35, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:35, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7995 >[2011/12/13 17:45:35, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7995 opcode=Multi-homed Registration(15) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=1 > question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 > additional: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 > additional 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 3] nmbd/nmbd_winsserver.c:1648(wins_process_multihomed_name_registration_request) > wins_process_multihomed_name_registration_request: name registration for name X86ERR300S3<1b> IP 10.200.8.180 >[2011/12/13 17:45:35, 8] lib/util.c:1521(is_myname) > is_myname("X86ERR300S3") returns 0 >[2011/12/13 17:45:35, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_reg X86ERR300S3<1b> to ip 10.200.8.180 for id 7995 >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7995 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:35, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7995 opcode=Registration(5) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:35, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7995 on subnet UNICAST_SUBNET >[2011/12/13 17:45:35, 10] lib/gencache.c:250(gencache_del) > Deleting cache entry (key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180) >[2011/12/13 17:45:35, 4] lib/wins_srv.c:125(wins_srv_alive) > wins_srv_alive: marking wins server 127.0.0.1 alive >[2011/12/13 17:45:35, 5] nmbd/nmbd_nameregister.c:113(register_name_response) > register_name_response: Ignoring WINS server response from IP 10.200.8.180, for name X86ERR300S3<1b>. We sent to IP 10.200.8.180 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:35, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:35, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:35, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:36, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794735) - last(1323794735) < 900 >[2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:36, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:36, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:36, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794736) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:37, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:37, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:37, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:37, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:37, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:37, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:38, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794737) - last(1323794735) < 900 >[2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:38, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:38, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:38, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794738) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:39, 8] nmbd/nmbd_elections.c:361(check_elections) > check_elections: Cannot send election packet yet as name X86ERR300S3<1e> not yet registered on subnet 10.200.8.180 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7980 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7980 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name MASTER<20> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<20> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<20> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7981 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name MASTER<03> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<03> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<03> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7982 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name MASTER<00> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name MASTER<00> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name MASTER<00> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7983 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name X86ERR300S3<00> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<00> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<00> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7984 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name X86ERR300S3<1e> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1e> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1e> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7991 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_namequery.c:154(query_name_timeout_response) > query_name_timeout_response: No response to query for name X86ERR300S3<1d> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 2] nmbd/nmbd_elections.c:109(check_for_master_browser_fail) > check_for_master_browser_fail: Forcing election on workgroup X86ERR300S3 subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7992 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name X86ERR300S3<1c> on subnet 10.200.8.180. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1c> NOT FOUND >[2011/12/13 17:45:39, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1c> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 >[2011/12/13 17:45:39, 0] nmbd/nmbd_logonnames.c:123(become_logon_server_success) > become_logon_server_success: Samba is now a logon server for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:39, 3] nmbd/nmbd_elections.c:366(check_elections) > check_elections: >>> Starting election for workgroup X86ERR300S3 on subnet 10.200.8.180 <<< >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7981 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7982 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7983 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7984 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7991 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:39, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7992 >[2011/12/13 17:45:39, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:39, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:39, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:39, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:40, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794739) - last(1323794735) < 900 >[2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:40, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794740) - last(1323794735) < 900 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40019b2b (master univention corporate server) >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40019a2b (master univention corporate server) >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:41, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:41, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) > write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7985 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is alive >[2011/12/13 17:45:41, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = WINS_SRV_DEAD/127.0.0.1,10.200.8.180 and timeout = Tue Dec 13 17:55:41 2011 > (600 seconds ahead) >[2011/12/13 17:45:41, 4] lib/wins_srv.c:145(wins_srv_died) > Marking wins server 127.0.0.1 dead for 600 seconds from source 127.0.0.1 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<20> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7986 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<03> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7987 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name MASTER<00> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7988 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<00> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7989 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7993 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1c> source=2 >[2011/12/13 17:45:41, 0] nmbd/nmbd_logonnames.c:123(become_logon_server_success) > become_logon_server_success: Samba is now a logon server for workgroup X86ERR300S3 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7994 to IP 10.200.8.180 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7995 to IP 127.0.0.1 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 2] nmbd/nmbd_nameregister.c:193(wins_registration_timeout) > wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 10.200.8.180 >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 4] lib/wins_srv.c:108(wins_srv_is_dead) > wins_srv_is_dead: 127.0.0.1 is dead >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2) > ***** > > Samba server MASTER is now a domain master browser for workgroup X86ERR300S3 on subnet UNICAST_SUBNET > > ***** >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:294(become_domain_master_browser_bcast) > become_domain_master_browser_bcast: > Attempting to become domain master browser on workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:41, 0] nmbd/nmbd_become_dmb.c:307(become_domain_master_browser_bcast) > become_domain_master_browser_bcast: querying subnet 10.200.8.180 for domain master browser on workgroup X86ERR300S3 >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) > initiate_name_query_packet: sending query for name X86ERR300S3<1b> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7996 to subnet 10.200.8.180. num_records:2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:41, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:41, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:41, 2] nmbd/nmbd_elections.c:42(send_election_dgram) > send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char .....Ap.......MA hex 08 01 8a 0f 01 41 70 17 00 00 00 00 00 00 4d 41 > 10 char STER. hex 53 54 45 52 00 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 189 to (10.200.8.255) on port 138 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name *<1b> NOT FOUND >[2011/12/13 17:45:41, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name *<1b> NOT FOUND >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:306(initiate_name_query_packet) > initiate_name_query_packet: sending query for name *<1b> (bcast=No) to IP 10.200.8.180 >[2011/12/13 17:45:41, 5] nmbd/nmbd_packets.c:173(send_netbios_packet) > send_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:7998 to subnet UNICAST_SUBNET. num_records:2 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:41, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:41, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:41, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=*<1b> q_type=32 q_class=1 >[2011/12/13 17:45:41, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) > wins_process_name_query: name query for name *<1b> from IP 10.200.8.180 >[2011/12/13 17:45:41, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_query *<1b> to ip 10.200.8.180 for id 7998 >[2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=*<1b> rr_type=32 rr_class=1 ttl=21600 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:41, 5] nmbd/nmbd_packets.c:1019(reply_netbios_packet) > reply_netbios_packet: sending packet to ourselves. >[2011/12/13 17:45:41, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(137) header: id=7998 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=*<1b> rr_type=32 rr_class=1 ttl=21600 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:41, 4] nmbd/nmbd_responserecordsdb.c:179(find_response_record_on_subnet) > find_response_record: found response record id = 7998 on subnet UNICAST_SUBNET >[2011/12/13 17:45:41, 5] nmbd/nmbd_namequery.c:95(query_name_response) > query_name_response: On subnet UNICAST_SUBNET - positive response from IP 10.200.8.180 for name *<1b>. IP of that name is 10.200.8.180 >[2011/12/13 17:45:41, 5] nmbd/nmbd_browsesync.c:514(find_all_domain_master_names_query_success) > find_all_domain_master_names_query_succes: > Got answer from WINS server of 1 IP addresses for Domain Master Browsers. >[2011/12/13 17:45:41, 5] nmbd/nmbd_browsesync.c:531(find_all_domain_master_names_query_success) > find_all_domain_master_names_query_succes: > Not sending node status to our own IP 10.200.8.180. >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:41, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:41, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:42, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794741) - last(1323794735) < 900 >[2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:42, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794742) - last(1323794735) < 900 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:43, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:43, 2] nmbd/nmbd_elections.c:42(send_election_dgram) > send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:43, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:43, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char .....A@.......MA hex 08 01 8a 0f 01 41 40 1f 00 00 00 00 00 00 4d 41 > 10 char STER. hex 53 54 45 52 00 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 189 to (10.200.8.255) on port 138 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:43, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:43, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:43, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:43, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:43, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:43, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:44, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794743) - last(1323794735) < 900 >[2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:44, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794744) - last(1323794735) < 900 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 50 to (10.200.8.255) on port 137 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 50 >[2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 7996 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 137 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:45, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:45, 2] nmbd/nmbd_elections.c:42(send_election_dgram) > send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char .....A.'......MA hex 08 01 8a 0f 01 41 10 27 00 00 00 00 00 00 4d 41 > 10 char STER. hex 53 54 45 52 00 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 189 to (10.200.8.255) on port 138 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40019b2b (master univention corporate server) >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40099b2b (master univention corporate server) >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:45, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:45, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) > write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7996 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:45, 5] nmbd/nmbd_namequery.c:154(query_name_timeout_response) > query_name_timeout_response: No response to query for name X86ERR300S3<1b> on subnet 10.200.8.180. >[2011/12/13 17:45:45, 2] nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1) > become_domain_master_stage1: Becoming domain master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 3] nmbd/nmbd_become_dmb.c:190(become_domain_master_stage1) > become_domain_master_stage1: go to first stage: register <1b> name >[2011/12/13 17:45:45, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1b> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:45, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:8001 to subnet 10.200.8.180. num_records:3 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:45, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:45, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:45, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:45, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:45, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:45, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:46, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794745) - last(1323794735) < 900 >[2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:46, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794746) - last(1323794735) < 900 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 7998 to IP 10.200.8.180 on subnet UNICAST_SUBNET >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:47, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:47, 2] nmbd/nmbd_elections.c:42(send_election_dgram) > send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:47, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char .....A........MA hex 08 01 8a 0f 01 41 e0 2e 00 00 00 00 00 00 4d 41 > 10 char STER. hex 53 54 45 52 00 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 189 to (10.200.8.255) on port 138 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:47, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:47, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:47, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:47, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:47, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:47, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:48, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794747) - last(1323794735) < 900 >[2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:48, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794748) - last(1323794735) < 900 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8001 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - found name X86ERR300S3<1e> source=2 >[2011/12/13 17:45:49, 2] nmbd/nmbd_elections.c:42(send_election_dgram) > send_election_dgram: Sending election packet for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char .....A.6......MA hex 08 01 8a 0f 01 41 b0 36 00 00 00 00 00 00 4d 41 > 10 char STER. hex 53 54 45 52 00 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 189 to (10.200.8.255) on port 138 >[2011/12/13 17:45:49, 2] nmbd/nmbd_elections.c:202(run_elections) > run_elections: >>> Won election for workgroup X86ERR300S3 on subnet 10.200.8.180 <<< >[2011/12/13 17:45:49, 2] nmbd/nmbd_become_lmb.c:538(become_local_master_browser) > become_local_master_browser: Starting to become a master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:49, 3] nmbd/nmbd_become_lmb.c:540(become_local_master_browser) > become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE__^2^1 >[2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name __MSBROWSE__<01> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:49, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:8004 to subnet 10.200.8.180. num_records:2 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 8001 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:49, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name X86ERR300S3<1b> on subnet 10.200.8.180. >[2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:49, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1b> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:49, 0] nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2) > ***** > > Samba server MASTER is now a domain master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 > > ***** >[2011/12/13 17:45:49, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:49, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:49, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 189 >[2011/12/13 17:45:49, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 189 from (10.200.8.180) port 138 >[2011/12/13 17:45:49, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:49, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:49, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:50, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794749) - last(1323794735) < 900 >[2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:50, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794750) - last(1323794735) < 900 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40099b2b (master univention corporate server) >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40099b2b (master univention corporate server) >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:51, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:51, 3] nmbd/nmbd_serverlistdb.c:436(write_browse_list) > write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:51, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:51, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:51, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:51, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:51, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:51, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:52, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794751) - last(1323794735) < 900 >[2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:52, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794752) - last(1323794735) < 900 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8004 >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 8004 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:53, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name __MSBROWSE__<01> on subnet 10.200.8.180. >[2011/12/13 17:45:53, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name __MSBROWSE__<01> NOT FOUND >[2011/12/13 17:45:53, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet 10.200.8.180 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:53, 3] nmbd/nmbd_become_lmb.c:453(become_local_master_stage1) > become_local_master_stage1: go to stage 2: register the X86ERR300S3<1d> name. >[2011/12/13 17:45:53, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name __MSBROWSE__<01> NOT FOUND >[2011/12/13 17:45:53, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 10.200.8.180 ttl=0 nb_flags=e0 to subnet UNICAST_SUBNET >[2011/12/13 17:45:53, 4] nmbd/nmbd_packets.c:352(initiate_name_register_packet) > initiate_name_register_packet: sending registration for name X86ERR300S3<1d> (bcast=Yes) to IP 10.200.8.255 >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:53, 4] nmbd/nmbd_responserecordsdb.c:38(add_response_record) > add_response_record: adding response record id:8005 to subnet 10.200.8.180. num_records:2 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:53, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:53, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:53, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:53, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:53, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:53, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:54, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794753) - last(1323794735) < 900 >[2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:54, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794754) - last(1323794735) < 900 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet 10.200.8.180: netmask= 255.255.255.0: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40099b2b (master univention corporate server) >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:276(dump_workgroups) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 10.200.8.180: > X86ERR300S3(1) current master browser = UNKNOWN > MASTER 40099b2b (master univention corporate server) >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:55, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:55, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:55, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:55, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:55, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:55, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:56, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794755) - last(1323794735) < 900 >[2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:56, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 6] libsmb/unexpected.c:141(nb_packet_server_listener) > accepted socket 23 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794756) - last(1323794735) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 68 to (10.200.8.255) on port 137 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35072 read: 68 >[2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8005 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 68 from (10.200.8.180) port 137 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:2001(listen_for_packets) > discarding own nmb bcast packet from 10.200.8.180:137 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794735) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:1640(retransmit_or_expire_response_records) > retransmit_or_expire_response_records: timeout for packet id 8005 to IP 10.200.8.255 on subnet 10.200.8.180 >[2011/12/13 17:45:57, 5] nmbd/nmbd_nameregister.c:285(register_name_timeout_response) > register_name_timeout_response: success in registering name X86ERR300S3<1d> on subnet 10.200.8.180. >[2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet 10.200.8.180 - name X86ERR300S3<1d> NOT FOUND >[2011/12/13 17:45:57, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1d> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet 10.200.8.180 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 3] nmbd/nmbd_become_lmb.c:354(become_local_master_stage2) > become_local_master_stage2: registered as master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:57, 5] nmbd/nmbd_become_lmb.c:578(set_workgroup_local_master_browser_name) > set_workgroup_local_master_browser_name: setting local master name to 'MASTER' for workgroup X86ERR300S3. >[2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:70(broadcast_announce_request) > broadcast_announce_request: sending announce request for workgroup X86ERR300S3 to subnet 10.200.8.180 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char ...MASTER hex 02 01 00 4d 41 53 54 45 52 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 177 to (10.200.8.255) on port 138 >[2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - name X86ERR300S3<1d> NOT FOUND >[2011/12/13 17:45:57, 3] nmbd/nmbd_namelistdb.c:252(add_name_to_subnet) > add_name_to_subnet: Added netbios name X86ERR300S3<1d> with first IP 10.200.8.180 ttl=0 nb_flags=60 to subnet UNICAST_SUBNET >[2011/12/13 17:45:57, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) > ***** > > Samba name server MASTER is now a local master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 > > ***** >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 177 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 177 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 177 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 177 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 8] lib/util.c:1521(is_myname) > is_myname("MASTER") returns 1 >[2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:167(send_local_master_announcement) > send_local_master_announcement: type c9b2b for name MASTER on subnet 10.200.8.180 for workgroup X86ERR300S3 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to X86ERR300S3<1e> IP 10.200.8.255 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char ......MASTER.... hex 0f 03 c0 d4 01 00 4d 41 53 54 45 52 00 00 00 00 > 10 char ........+.....U. hex 00 00 00 00 00 00 04 09 2b 9b 0c 00 0f 01 55 aa > 20 char master univentio hex 6d 61 73 74 65 72 20 75 6e 69 76 65 6e 74 69 6f > 30 char n corporate serv hex 6e 20 63 6f 72 70 6f 72 61 74 65 20 73 65 72 76 > 40 char er. hex 65 72 00 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 235 to (10.200.8.255) on port 138 >[2011/12/13 17:45:57, 3] nmbd/nmbd_sendannounce.c:186(send_workgroup_announcement) > send_workgroup_announcement: on subnet 10.200.8.180 for workgroup X86ERR300S3 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:2114(send_mailslot) > send_mailslot: Sending to mailslot \MAILSLOT\BROWSE from MASTER<00> IP 10.200.8.180 to __MSBROWSE__<01> IP 10.200.8.255 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:116(debug_browse_data) > debug_browse_data(): > 0 char ......X86ERR300S hex 0c 03 c0 d4 01 00 58 38 36 45 52 52 33 30 30 53 > 10 char 3.............U. hex 33 00 00 00 00 00 04 09 00 10 00 80 0f 01 55 aa > 20 char MASTER. hex 4d 41 53 54 45 52 00 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 207 to (10.200.8.255) on port 138 >[2011/12/13 17:45:57, 4] nmbd/nmbd_sendannounce.c:396(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: I am a local master browser for workgroup X86ERR300S3 on subnet 10.200.8.180 >[2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:134(find_name_on_subnet) > find_name_on_subnet: on subnet REMOTE_BROADCAST_SUBNET - name X86ERR300S3<1b> NOT FOUND >[2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 2] nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) > announce_local_master_browser_to_domain_master_browser: > We are both a domain and a local master browser for workgroup X86ERR300S3. Do not announce to ourselves. >[2011/12/13 17:45:57, 2] nmbd/nmbd_browsesync.c:152(sync_with_dmb) > sync_with_dmb: > Initiating sync with domain master browser MASTER<20> at IP 10.200.8.180 for workgroup X86ERR300S3 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 235 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 235 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 235 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 207 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 207 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 35328 read: 207 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 207 from (10.200.8.180) port 138 >[2011/12/13 17:45:57, 7] nmbd/nmbd_packets.c:1994(listen_for_packets) > discarding own dgram packet from 10.200.8.180:138 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 127.0.0.1 port 2527 read: 50 >[2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 22091 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (127.0.0.1) port 57097 >[2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 127.0.0.1(57097) header: id=22091 opcode=Query(0) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=X86ERR300S3<1b> q_type=32 q_class=1 >[2011/12/13 17:45:57, 3] nmbd/nmbd_winsserver.c:2033(wins_process_name_query_request) > wins_process_name_query: name query for name X86ERR300S3<1b> from IP 127.0.0.1 >[2011/12/13 17:45:57, 3] nmbd/nmbd_winsserver.c:2085(wins_process_name_query_request) > wins_process_name_query: name query for name X86ERR300S3<1b> returning first IP 10.200.8.180. >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: wins_query X86ERR300S3<1b> to ip 127.0.0.1 for id 22091 >[2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 127.0.0.1(57097) header: id=22091 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=32 rr_class=1 ttl=259178 > answers 0 char `..... hex 60000AC808B4 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 62 to (127.0.0.1) on port 57097 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 6] libsmb/unexpected.c:141(nb_packet_server_listener) > accepted socket 23 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 10] lib/util_sock.c:281(read_udp_v4_socket) > read_udp_v4_socket: ip 10.200.8.180 port 49561 read: 50 >[2011/12/13 17:45:57, 10] libsmb/nmblib.c:533(parse_nmb) > parse_nmb: packet id = 8689 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:819(read_packet) > Received a packet of len 50 from (10.200.8.180) port 39361 >[2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(39361) header: id=8689 opcode=Query(0) response=No > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=X86ERR300S3<1b> q_type=33 q_class=1 >[2011/12/13 17:45:57, 3] nmbd/nmbd_incomingrequests.c:323(process_node_status_request) > process_node_status_request: status request for name X86ERR300S3<1b> from IP 10.200.8.180 on subnet UNICAST_SUBNET. >[2011/12/13 17:45:57, 9] nmbd/nmbd_namelistdb.c:128(find_name_on_subnet) > find_name_on_subnet: on subnet UNICAST_SUBNET - found name X86ERR300S3<1b> source=2 >[2011/12/13 17:45:57, 4] nmbd/nmbd_packets.c:968(reply_netbios_packet) > reply_netbios_packet: sending a reply of packet type: nmb_status X86ERR300S3<1b> to ip 10.200.8.180 for id 8689 >[2011/12/13 17:45:57, 4] libsmb/nmblib.c:107(debug_nmb_packet) > nmb packet from 10.200.8.180(39361) header: id=8689 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=X86ERR300S3<1b> rr_type=33 rr_class=1 ttl=0 > answers 0 char .MASTER hex 094D4153544552202020202020202020 > answers 10 char .d.MASTER hex 0064004D415354455220202020202020 > answers 20 char .d.MASTER hex 20200364004D41535445522020202020 > answers 30 char d...__MSBRO hex 2020202020640001025F5F4D5342524F > answers 40 char WSE__....X86ERR3 hex 5753455F5F0201E40058383645525233 > answers 50 char 00S3 .d.X86ER hex 30305333202020201D64005838364552 > answers 60 char R300S3 .d.X86 hex 523330305333202020201B6400583836 > answers 70 char ERR300S3 ...X hex 4552523330305333202020201CE40058 > answers 80 char 86ERR300S3 .. hex 38364552523330305333202020201EE4 > answers 90 char .X86ERR300S3 hex 00583836455252333030533320202020 > answers a0 char ................ hex 00E40000000000000000000000000000 > answers b0 char ................ hex 00000000000000000000000000000000 > answers c0 char ................ hex 00000000000000000000000000000000 > answers d0 char . hex 00 >[2011/12/13 17:45:57, 5] libsmb/nmblib.c:841(send_udp) > Sending a packet of len 265 to (10.200.8.180) on port 39361 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet 10.200.8.180: found. >[2011/12/13 17:45:57, 10] nmbd/nmbd_sendannounce.c:383(announce_myself_to_domain_master_browser) > announce_myself_to_domain_master_browser: t (1323794757) - last(1323794757) < 900 >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found. >[2011/12/13 17:45:57, 4] nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet) > find_workgroup_on_subnet: workgroup search for X86ERR300S3 on subnet UNICAST_SUBNET: found.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9060
: 7718 |
7740