[2012/08/23 08:00:26.871675, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:00:26.871721, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:00:26.871757, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:00:26.871794, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:00:26.871828, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f6658819ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:00:26.871876, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/08/23 08:00:26.871916, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:00:26.871957, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:01:26.878145, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7f6659829110 [2012/08/23 08:01:26.878225, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/08/23 08:01:26.878269, 5] smbd/server.c:627(smbd_parent_housekeeping) parent housekeeping [2012/08/23 08:01:26.878308, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/08/23 08:01:37.690309, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:01:37.690400, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:01:37.690452, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:01:37.690521, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/23 08:01:37.690566, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key AE640000FFFFFFFF [2012/08/23 08:01:37.690605, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f6659851840 [2012/08/23 08:01:37.690654, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key AE640000FFFFFFFF [2012/08/23 08:01:37.690781, 3] smbd/server_exit.c:181(exit_server_common) Server exit (termination signal) [2012/08/23 08:01:38.000182, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:01:38.000255, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:01:38.000297, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:01:38.000365, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/23 08:01:38.000419, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key B0640000FFFFFFFF [2012/08/23 08:01:38.000464, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f6659846130 [2012/08/23 08:01:38.000518, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key B0640000FFFFFFFF [2012/08/23 08:01:38.000645, 3] smbd/server_exit.c:181(exit_server_common) Server exit (termination signal) [2012/08/23 08:04:08, 0] smbd/server.c:1053(main) smbd version 3.6.7-itsd_lock.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/08/23 08:04:08.984981, 0] smbd/server.c:1109(main) standard input is not a socket, assuming -D option [2012/08/23 08:21:18, 0] smbd/server.c:1053(main) smbd version 3.6.7-itsd_lock.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/08/23 08:21:18, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter max log size = 0 doing parameter syslog = 0 doing parameter log file = /var/log/samba/log.%m doing parameter printcap name = /dev/null doing parameter machine password timeout = 604800 doing parameter os level = 25 doing parameter preferred master = No doing parameter local master = No doing parameter domain master = No doing parameter dns proxy = No doing parameter encrypt passwords = yes doing parameter idmap config * : backend = tdb doing parameter idmap config * : range = 1000001-1999999 doing parameter idmap config DLR : backend = ad doing parameter idmap config DLR : schema_mode = rfc2307 doing parameter idmap config DLR : readonly = yes doing parameter idmap config DLR : range = 1000-1000000 doing parameter max protocol = smb2 doing parameter wins server = doing parameter create mask = 0664 doing parameter directory mask = 0775 doing parameter use sendfile = Yes doing parameter hide dot files = No doing parameter map archive = No doing parameter dont descend = lost+found doing parameter load printers = no doing parameter printing = bsd doing parameter printcap name = /dev/null [2012/08/23 08:21:18, 4] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2012/08/23 08:21:18, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/08/23 08:21:18, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2012/08/23 08:21:18, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/08/23 08:21:18, 4] smbd/sec_ctx.c:174(get_current_groups) get_current_groups: user is in 8 groups: 0, 1, 2, 3, 4, 6, 10, 201 [2012/08/23 08:21:18, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2012/08/23 08:21:18, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2012/08/23 08:21:18.891487, 3] param/loadparm.c:9572(lp_load_ex) lp_load_ex: refreshing parameters [2012/08/23 08:21:18.891548, 3] param/loadparm.c:5192(init_globals) Initialising global parameters [2012/08/23 08:21:18.891592, 2] param/loadparm.c:4985(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/08/23 08:21:18.891665, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2012/08/23 08:21:18.891725, 3] param/loadparm.c:8310(do_section) Processing section "[global]" doing parameter workgroup = DLR doing parameter realm = INTRA.DLR.DE doing parameter netbios name = FTPSERVER [2012/08/23 08:21:18.891813, 4] param/loadparm.c:7561(handle_netbios_name) handle_netbios_name: set global_myname to: FTPSERVER doing parameter server string = RM-FTP-Server doing parameter interfaces = 127.0.0.1, eth0 doing parameter bind interfaces only = Yes doing parameter security = ADS doing parameter password server = * doing parameter username map = /etc/samba/smbusers doing parameter log level = 10 [2012/08/23 08:21:18.891972, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter max log size = 0 doing parameter syslog = 0 doing parameter log file = /var/log/samba/log.%m doing parameter printcap name = /dev/null doing parameter machine password timeout = 604800 doing parameter os level = 25 doing parameter preferred master = No doing parameter local master = No doing parameter domain master = No doing parameter dns proxy = No doing parameter encrypt passwords = yes doing parameter idmap config * : backend = tdb doing parameter idmap config * : range = 1000001-1999999 doing parameter idmap config DLR : backend = ad doing parameter idmap config DLR : schema_mode = rfc2307 doing parameter idmap config DLR : readonly = yes doing parameter idmap config DLR : range = 1000-1000000 doing parameter max protocol = smb2 doing parameter wins server = doing parameter create mask = 0664 doing parameter directory mask = 0775 doing parameter use sendfile = Yes doing parameter hide dot files = No doing parameter map archive = No doing parameter dont descend = lost+found doing parameter load printers = no doing parameter printing = bsd doing parameter printcap name = /dev/null [2012/08/23 08:21:18.892981, 2] param/loadparm.c:8327(do_section) Processing section "[ftp]" [2012/08/23 08:21:18.893046, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 0 for ftp [2012/08/23 08:21:18.893086, 10] param/loadparm.c:6518(hash_a_service) hash_a_service: creating servicehash [2012/08/23 08:21:18.893121, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 0 for service name ftp doing parameter path = /home_local/ftp doing parameter comment = FTP-Share doing parameter browseable = yes doing parameter writeable = yes doing parameter force group = @DLR\rmc_office-rob_mf doing parameter force create mode = 0664 doing parameter wide links = no [2012/08/23 08:21:18.893378, 2] param/loadparm.c:8327(do_section) Processing section "[DLR-EXCHANGE]" [2012/08/23 08:21:18.893439, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 1 for DLR-EXCHANGE [2012/08/23 08:21:18.893477, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 1 for service name DLR-EXCHANGE doing parameter path = /home_local/DLR doing parameter comment = DLR-Date-Exchange-Share doing parameter browseable = yes doing parameter writeable = yes doing parameter force create mode = 0666 doing parameter create mask = 0666 doing parameter directory mask = 0777 doing parameter wide links = no [2012/08/23 08:21:18.893694, 2] param/loadparm.c:8327(do_section) Processing section "[tmp]" [2012/08/23 08:21:18.893753, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 2 for tmp [2012/08/23 08:21:18.893791, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 2 for service name tmp doing parameter path = /home_local/tmp doing parameter comment = tmp-Share doing parameter browseable = yes doing parameter writeable = yes doing parameter wide links = no [2012/08/23 08:21:18.893955, 4] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2012/08/23 08:21:18.894009, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/08/23 08:21:18.894071, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 3 for IPC$ [2012/08/23 08:21:18.894110, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 3 for service name IPC$ [2012/08/23 08:21:18.894151, 3] param/loadparm.c:6630(lp_add_ipc) adding IPC service [2012/08/23 08:21:18.894211, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2012/08/23 08:21:18.894254, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/08/23 08:21:18.894309, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 23 08:19:49 2012 [2012/08/23 08:21:18.894447, 2] lib/interface.c:341(add_interface) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2012/08/23 08:21:18.894483, 2] lib/interface.c:341(add_interface) added interface eth0 ip=fe80::7a2b:cbff:fe5c:74c%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2012/08/23 08:21:18.894541, 2] lib/interface.c:341(add_interface) added interface eth0 ip=129.247.189.2 bcast=129.247.189.255 netmask=255.255.255.0 [2012/08/23 08:21:18.894573, 3] smbd/server.c:1088(main) loaded services [2012/08/23 08:21:18.894598, 5] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="FTPSERVER" [2012/08/23 08:21:18.894652, 0] smbd/server.c:1109(main) standard input is not a socket, assuming -D option [2012/08/23 08:21:18.894675, 3] smbd/server.c:1120(main) Becoming a daemon. [2012/08/23 08:21:18.895012, 8] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 9 6 0 1 1 [2012/08/23 08:21:18.895076, 8] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2012/08/23 08:21:18.895222, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam [2012/08/23 08:21:18.895277, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2012/08/23 08:21:18.895313, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2012/08/23 08:21:18.895349, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2012/08/23 08:21:18.895385, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2012/08/23 08:21:18.895421, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2012/08/23 08:21:18.895455, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2012/08/23 08:21:18.895490, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2012/08/23 08:21:18.895527, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2012/08/23 08:21:18.895563, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2012/08/23 08:21:18.895599, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend smbpasswd [2012/08/23 08:21:18.895636, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2012/08/23 08:21:18.895673, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend tdbsam [2012/08/23 08:21:18.895710, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2012/08/23 08:21:18.895746, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend wbc_sam [2012/08/23 08:21:18.895790, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2012/08/23 08:21:18.895825, 5] passdb/pdb_interface.c:141(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2012/08/23 08:21:18.895860, 5] passdb/pdb_interface.c:162(make_pdb_method_name) Found pdb backend tdbsam [2012/08/23 08:21:18.895902, 5] passdb/pdb_interface.c:173(make_pdb_method_name) pdb backend tdbsam has a valid init [2012/08/23 08:21:18.896740, 10] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2012/08/23 08:21:18.896803, 10] registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0x7f4eb14f6da0 for key [] [2012/08/23 08:21:18.897019, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/08/23 08:21:18.897083, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2012/08/23 08:21:18.897127, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/23 08:21:18.897191, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2012/08/23 08:21:18.897235, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:18.897288, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2012/08/23 08:21:18.897328, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2012/08/23 08:21:18.897369, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:18.897422, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2012/08/23 08:21:18.897461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2012/08/23 08:21:18.897507, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6f00 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2012/08/23 08:21:18.897545, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.897584, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2012/08/23 08:21:18.897621, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.897664, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/23 08:21:18.897701, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.897743, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2012/08/23 08:21:18.897781, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.897819, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/08/23 08:21:18.897855, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.897893, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2012/08/23 08:21:18.897929, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.897973, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6f60 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2012/08/23 08:21:18.898010, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898049, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2012/08/23 08:21:18.898085, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898122, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/08/23 08:21:18.898157, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898201, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2012/08/23 08:21:18.898241, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898279, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6fc0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2012/08/23 08:21:18.898315, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898353, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2012/08/23 08:21:18.898389, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898426, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f7020 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2012/08/23 08:21:18.898462, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898499, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2012/08/23 08:21:18.898536, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898573, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f7080 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2012/08/23 08:21:18.898609, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898646, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2012/08/23 08:21:18.898683, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898720, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f70e0 for key [\HKPT] [2012/08/23 08:21:18.898754, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898790, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2012/08/23 08:21:18.898825, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.898862, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f7140 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/23 08:21:18.898898, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.898934, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2012/08/23 08:21:18.898969, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.899006, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f71a0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2012/08/23 08:21:18.899043, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:18.899080, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2012/08/23 08:21:18.899122, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:18.899158, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/08/23 08:21:18.899868, 4] auth/user_util.c:361(map_username) Scanning username map /etc/samba/smbusers [2012/08/23 08:21:18.899934, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user FTPSERVER\root in list [2012/08/23 08:21:18.899973, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |administrator| [2012/08/23 08:21:18.900024, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |admin| [2012/08/23 08:21:18.900061, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |DLR\maurerh-ad| [2012/08/23 08:21:18.900096, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |DLR\birk-ad| [2012/08/23 08:21:18.900141, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |DLR\dombrows-ad| [2012/08/23 08:21:18.900177, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |DLR\grae_ma-ad| [2012/08/23 08:21:18.900212, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |DLR\sant_ma-ad| [2012/08/23 08:21:18.900253, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user FTPSERVER\root in list [2012/08/23 08:21:18.900290, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |guest| [2012/08/23 08:21:18.900325, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |pcguest| [2012/08/23 08:21:18.900360, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\root| against |smbguest| [2012/08/23 08:21:18.900406, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user FTPSERVER\root [2012/08/23 08:21:18.900446, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is ftpserver\root [2012/08/23 08:21:18.902786, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is FTPSERVER\root [2012/08/23 08:21:18.902895, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is FTPSERVER\ROOT [2012/08/23 08:21:18.902984, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in ftpserver\root [2012/08/23 08:21:18.903034, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [FTPSERVER\root]! [2012/08/23 08:21:18.903073, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/23 08:21:18.903116, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/23 08:21:18.903182, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/23 08:21:18.903249, 5] lib/gencache.c:68(gencache_init) Opening cache file at /var/lib/samba/gencache.tdb [2012/08/23 08:21:18.903807, 5] lib/gencache.c:111(gencache_init) Opening cache file at /var/lib/samba/gencache_notrans.tdb [2012/08/23 08:21:18.903893, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/0 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.904556, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2012/08/23 08:21:18.904618, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.904659, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.904698, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.904733, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.904774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.904909, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.904982, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.905045, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.905088, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2012/08/23 08:21:18.905148, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.905206, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.905248, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2012/08/23 08:21:18.905364, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: FTPSERVER\root => domain=[FTPSERVER], name=[root] [2012/08/23 08:21:18.905414, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/23 08:21:18.905456, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.905494, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.905529, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.905564, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.905599, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.905695, 4] passdb/pdb_tdb.c:523(tdbsam_open) tdbsam_open: successfully opened //etc/samba/passdb.tdb [2012/08/23 08:21:18.905740, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2012/08/23 08:21:18.905795, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.905834, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.905870, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.905905, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.905940, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.905974, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.906049, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.906114, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.906164, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.906207, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/23 08:21:18.906243, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/23 08:21:18.906759, 10] passdb/lookup_sid.c:1544(sid_to_uid) sid S-1-22-1-0 -> uid 0 [2012/08/23 08:21:18.906857, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2012/08/23 08:21:18.910746, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/1 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.911074, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 1 [2012/08/23 08:21:18.911138, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.911178, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.911214, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.911250, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.911291, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.911357, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.911418, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.911464, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.911504, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 1 -> sid S-1-22-2-1 [2012/08/23 08:21:18.911556, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/2 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.911849, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 2 [2012/08/23 08:21:18.911905, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.911944, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.911980, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.912031, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.912067, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.912140, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.912200, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.912247, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.912287, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 2 -> sid S-1-22-2-2 [2012/08/23 08:21:18.912340, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/3 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.912631, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 3 [2012/08/23 08:21:18.912688, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.912727, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.912763, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.912799, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.912835, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.912901, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.912960, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.913022, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.913067, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 3 -> sid S-1-22-2-3 [2012/08/23 08:21:18.913127, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/4 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.913420, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 4 [2012/08/23 08:21:18.913477, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.913516, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.913552, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.913588, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.913630, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.913696, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.913756, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.913803, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.913842, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 4 -> sid S-1-22-2-4 [2012/08/23 08:21:18.913895, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/6 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.914187, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 6 [2012/08/23 08:21:18.914245, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.914284, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.914320, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.914356, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.914391, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.914456, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.914515, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.914562, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.914602, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 6 -> sid S-1-22-2-6 [2012/08/23 08:21:18.914655, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/10 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.914934, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 10 [2012/08/23 08:21:18.914991, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.915041, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.915077, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.915120, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.915156, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.915221, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.915281, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.915327, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.915367, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 10 -> sid S-1-22-2-10 [2012/08/23 08:21:18.915420, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/201 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.915699, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 201 [2012/08/23 08:21:18.915757, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.915795, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.915832, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.915867, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.915903, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.915978, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.916054, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.916105, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.916150, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 201 -> sid S-1-22-2-201 [2012/08/23 08:21:18.916195, 10] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-0 [2012/08/23 08:21:18.916255, 10] passdb/lookup_sid.c:1635(sid_to_gid) sid S-1-5-32-544 -> gid 1000001 [2012/08/23 08:21:18.916310, 10] passdb/lookup_sid.c:1635(sid_to_gid) sid S-1-5-32-545 -> gid 1000002 [2012/08/23 08:21:18.916352, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.916389, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.916424, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.916460, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.916494, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.916639, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.916733, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2012/08/23 08:21:18.916784, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2012/08/23 08:21:18.916828, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-1] [2012/08/23 08:21:18.916872, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-2] [2012/08/23 08:21:18.916915, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-3] [2012/08/23 08:21:18.916958, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-4] [2012/08/23 08:21:18.917002, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-6] [2012/08/23 08:21:18.917059, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-10] [2012/08/23 08:21:18.917105, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-201] [2012/08/23 08:21:18.917157, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/08/23 08:21:18.917213, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/08/23 08:21:18.917257, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/08/23 08:21:18.917379, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (15): SID[ 0]: S-1-22-1-0 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-22-2-1 SID[ 3]: S-1-22-2-2 SID[ 4]: S-1-22-2-3 SID[ 5]: S-1-22-2-4 SID[ 6]: S-1-22-2-6 SID[ 7]: S-1-22-2-10 SID[ 8]: S-1-22-2-201 SID[ 9]: S-1-1-0 SID[ 10]: S-1-5-2 SID[ 11]: S-1-5-11 SID[ 12]: S-1-22-2-1000004 SID[ 13]: S-1-22-2-1000005 SID[ 14]: S-1-22-2-1000006 Privileges (0x 0): Rights (0x 0): [2012/08/23 08:21:18.917694, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 11 supplementary groups Group[ 0]: 0 Group[ 1]: 1 Group[ 2]: 2 Group[ 3]: 3 Group[ 4]: 4 Group[ 5]: 6 Group[ 6]: 10 Group[ 7]: 201 Group[ 8]: 1000004 Group[ 9]: 1000005 Group[ 10]: 1000006 [2012/08/23 08:21:18.917985, 6] libads/ldap.c:365(ads_find_dc) ads_find_dc: (ldap) looking for realm 'INTRA.DLR.DE' [2012/08/23 08:21:18.918086, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" [2012/08/23 08:21:18.918138, 4] libsmb/namequery_dc.c:76(ads_dc_name) ads_dc_name: domain=DLR [2012/08/23 08:21:18.918189, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" [2012/08/23 08:21:18.918227, 6] libads/ldap.c:385(ads_find_dc) ads_find_dc: (cldap) looking for realm 'INTRA.DLR.DE' [2012/08/23 08:21:18.918265, 8] libsmb/namequery.c:2721(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name INTRA.DLR.DE (sitename OP) using [ads] [2012/08/23 08:21:18.918337, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/INTRA.DLR.DE and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.918421, 5] libsmb/namequery.c:191(saf_fetch) saf_fetch: failed to find server for "INTRA.DLR.DE" domain [2012/08/23 08:21:18.918467, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: ", *" [2012/08/23 08:21:18.918508, 10] libsmb/namequery.c:2042(internal_resolve_name) internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename OP) [2012/08/23 08:21:18.918565, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = NBT/INTRA.DLR.DE#1C and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.918642, 5] libsmb/namecache.c:160(namecache_fetch) no entry for INTRA.DLR.DE#1C found. [2012/08/23 08:21:18.918689, 5] libsmb/namequery.c:1897(resolve_ads) resolve_ads: Attempting to resolve DCs for INTRA.DLR.DE using DNS [2012/08/23 08:21:18.919169, 4] libads/dns.c:434(ads_dns_lookup_srv) ads_dns_lookup_srv: 2 records returned in the answer section. [2012/08/23 08:21:18.919268, 10] libads/dns.c:215(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed dlropdc01.intra.dlr.de [0, 100, 389] [2012/08/23 08:21:18.919311, 10] libads/dns.c:215(ads_dns_parse_rr_srv) ads_dns_parse_rr_srv: Parsed dlropdc02.intra.dlr.de [0, 100, 389] [2012/08/23 08:21:18.919361, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.919400, 5] libsmb/namecache.c:78(namecache_store) namecache_store: storing 2 addresses for INTRA.DLR.DE#1c: 129.247.163.144,129.247.163.155 [2012/08/23 08:21:18.919462, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = NBT/INTRA.DLR.DE#1C and timeout = Thu Aug 23 08:32:18 2012 (660 seconds ahead) [2012/08/23 08:21:18.919547, 10] libsmb/namequery.c:2200(internal_resolve_name) internal_resolve_name: returning 2 addresses: 129.247.163.144:389 129.247.163.155:389 [2012/08/23 08:21:18.919592, 8] libsmb/namequery.c:2554(get_dc_list) Adding 2 DC's from auto lookup [2012/08/23 08:21:18.919641, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 [2012/08/23 08:21:18.919691, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 [2012/08/23 08:21:18.919728, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.919766, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/08/23 08:21:18.919803, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 129.247.163.144:389 129.247.163.155:389 [2012/08/23 08:21:18.919854, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 [2012/08/23 08:21:18.919896, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 129.247.163.144 (realm: INTRA.DLR.DE) [2012/08/23 08:21:18.920646, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000001fc (508) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 7776cd72-2adb-4450-89de-23e646c9882c forest : 'intra.dlr.de' dns_domain : 'intra.dlr.de' pdc_dns_name : 'dlropdc01.intra.dlr.de' domain_name : 'DLR' pdc_name : 'DLROPDC01' user_name : '' server_site : 'OP' client_site : 'OP' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2012/08/23 08:21:18.921563, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [DLR], sitename = [OP], expire = [2085923199] [2012/08/23 08:21:18.921614, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/DLR and timeout = (null) (740220321 seconds ahead) [2012/08/23 08:21:18.921694, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [intra.dlr.de], sitename = [OP], expire = [2085923199] [2012/08/23 08:21:18.921738, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/INTRA.DLR.DE and timeout = (null) (740220321 seconds ahead) [2012/08/23 08:21:18.921805, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 129.247.163.144 [2012/08/23 08:21:18.921859, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" [2012/08/23 08:21:18.921900, 10] libads/ldap.c:171(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2012/08/23 08:21:18.921956, 10] libads/kerberos.c:880(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.DLR, realm = INTRA.DLR.DE, domain = DLR [2012/08/23 08:21:18.922017, 5] libsmb/namequery.c:191(saf_fetch) saf_fetch: failed to find server for "INTRA.DLR.DE" domain [2012/08/23 08:21:18.922063, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: ", *" [2012/08/23 08:21:18.922101, 10] libsmb/namequery.c:2042(internal_resolve_name) internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename OP) [2012/08/23 08:21:18.922154, 5] libsmb/namecache.c:165(namecache_fetch) name INTRA.DLR.DE#1C found. [2012/08/23 08:21:18.922250, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.922295, 8] libsmb/namequery.c:2554(get_dc_list) Adding 2 DC's from auto lookup [2012/08/23 08:21:18.922345, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 [2012/08/23 08:21:18.922395, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 [2012/08/23 08:21:18.922433, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.922470, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/08/23 08:21:18.922507, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 129.247.163.144:389 129.247.163.155:389 [2012/08/23 08:21:18.922568, 5] libsmb/namequery.c:191(saf_fetch) saf_fetch: failed to find server for "INTRA.DLR.DE" domain [2012/08/23 08:21:18.922611, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: ", *" [2012/08/23 08:21:18.922648, 10] libsmb/namequery.c:2042(internal_resolve_name) internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename (null)) [2012/08/23 08:21:18.922693, 5] libsmb/namecache.c:165(namecache_fetch) name INTRA.DLR.DE#1C found. [2012/08/23 08:21:18.922776, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.922819, 8] libsmb/namequery.c:2554(get_dc_list) Adding 2 DC's from auto lookup [2012/08/23 08:21:18.922869, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 [2012/08/23 08:21:18.922918, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 [2012/08/23 08:21:18.922956, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.922993, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/08/23 08:21:18.923030, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 129.247.163.144:389 129.247.163.155:389 [2012/08/23 08:21:18.923082, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 129.247.163.144 kdc = 129.247.163.155 kdc = 129.247.163.155 [2012/08/23 08:21:18.923303, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.DLR with realm INTRA.DLR.DE KDC list = kdc = 129.247.163.144 kdc = 129.247.163.155 kdc = 129.247.163.155 [2012/08/23 08:21:18.923400, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='DLROPDC01.INTRA.DLR.DE' IP=129.247.163.144 [2012/08/23 08:21:18.923450, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" [2012/08/23 08:21:18.923491, 10] libsmb/namequery.c:2042(internal_resolve_name) internal_resolve_name: looking up DLROPDC01.INTRA.DLR.DE#20 (sitename OP) [2012/08/23 08:21:18.923540, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = NBT/DLROPDC01.INTRA.DLR.DE#20 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.923617, 5] libsmb/namecache.c:160(namecache_fetch) no entry for DLROPDC01.INTRA.DLR.DE#20 found. [2012/08/23 08:21:18.923658, 3] libsmb/namequery.c:1741(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name DLROPDC01.INTRA.DLR.DE<0x20> [2012/08/23 08:21:18.923697, 3] ../libcli/nbt/lmhosts.c:185(resolve_lmhosts_file_as_sockaddr) resolve_lmhosts: Attempting lmhosts lookup for name DLROPDC01.INTRA.DLR.DE<0x20> [2012/08/23 08:21:18.923759, 4] ../libcli/nbt/lmhosts.c:111(getlmhostsent) getlmhostsent: lmhost entry: 127.0.0.1 localhost [2012/08/23 08:21:18.923835, 3] libsmb/namequery.c:1616(resolve_wins) resolve_wins: Attempting wins lookup for name DLROPDC01.INTRA.DLR.DE<0x20> [2012/08/23 08:21:18.923883, 3] libsmb/namequery.c:1620(resolve_wins) resolve_wins: WINS server resolution selected and no WINS servers listed. [2012/08/23 08:21:18.923921, 3] libsmb/namequery.c:1797(resolve_hosts) resolve_hosts: Attempting host lookup for name DLROPDC01.INTRA.DLR.DE<0x20> [2012/08/23 08:21:18.924123, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/08/23 08:21:18.924192, 5] libsmb/namecache.c:78(namecache_store) namecache_store: storing 1 address for DLROPDC01.INTRA.DLR.DE#20: 129.247.163.144 [2012/08/23 08:21:18.924245, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = NBT/DLROPDC01.INTRA.DLR.DE#20 and timeout = Thu Aug 23 08:32:18 2012 (660 seconds ahead) [2012/08/23 08:21:18.924325, 10] libsmb/namequery.c:2200(internal_resolve_name) internal_resolve_name: returning 1 addresses: 129.247.163.144:0 [2012/08/23 08:21:18.924370, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 129.247.163.144 (realm: INTRA.DLR.DE) [2012/08/23 08:21:18.924908, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000001fc (508) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 7776cd72-2adb-4450-89de-23e646c9882c forest : 'intra.dlr.de' dns_domain : 'intra.dlr.de' pdc_dns_name : 'dlropdc01.intra.dlr.de' domain_name : 'DLR' pdc_name : 'DLROPDC01' user_name : '' server_site : 'OP' client_site : 'OP' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2012/08/23 08:21:18.925760, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [DLR], sitename = [OP], expire = [2085923199] [2012/08/23 08:21:18.925810, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/DLR and timeout = (null) (740220321 seconds ahead) [2012/08/23 08:21:18.925888, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [intra.dlr.de], sitename = [OP], expire = [2085923199] [2012/08/23 08:21:18.925932, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/INTRA.DLR.DE and timeout = (null) (740220321 seconds ahead) [2012/08/23 08:21:18.925995, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 129.247.163.144 [2012/08/23 08:21:18.926038, 10] libads/ldap.c:68(ldap_open_with_timeout) Opening connection to LDAP server 'dlropdc01.intra.dlr.de:389', timeout 15 seconds [2012/08/23 08:21:18.926669, 10] libads/ldap.c:82(ldap_open_with_timeout) Connected to LDAP server 'dlropdc01.intra.dlr.de:389' [2012/08/23 08:21:18.926769, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server dlropdc01.intra.dlr.de [2012/08/23 08:21:18.926809, 10] libads/ldap.c:171(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2012/08/23 08:21:18.926850, 10] libsmb/namequery.c:89(saf_store) saf_store: domain = [DLR], server = [dlropdc01.intra.dlr.de], expire = [1345703778] [2012/08/23 08:21:18.926892, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/DLR and timeout = Thu Aug 23 08:36:18 2012 (900 seconds ahead) [2012/08/23 08:21:18.926977, 10] libsmb/namequery.c:89(saf_store) saf_store: domain = [INTRA.DLR.DE], server = [dlropdc01.intra.dlr.de], expire = [1345703778] [2012/08/23 08:21:18.927028, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/INTRA.DLR.DE and timeout = Thu Aug 23 08:36:18 2012 (900 seconds ahead) [2012/08/23 08:21:18.927156, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2012/08/23 08:21:18.927637, 4] libads/ldap.c:2857(ads_current_time) time offset is 0 seconds [2012/08/23 08:21:18.928052, 4] libads/sasl.c:1211(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2012/08/23 08:21:18.928563, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2012/08/23 08:21:18.928641, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2012/08/23 08:21:18.928698, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2012/08/23 08:21:18.928755, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2012/08/23 08:21:18.928811, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = dlropdc01$@INTRA.DLR.DE [2012/08/23 08:21:18.929296, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2012/08/23 08:21:18.929388, 10] libads/sasl.c:899(ads_sasl_spnego_bind) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2012/08/23 08:21:18.929496, 10] libads/kerberos.c:191(kerberos_kinit_password_ext) kerberos_kinit_password: as FTPSERVER$@INTRA.DLR.DE using [MEMORY:prtpub_cache] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.DLR] [2012/08/23 08:21:18.942624, 3] libsmb/clikrb5.c:632(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 23 Aug 2012 18:21:18 CEST [2012/08/23 08:21:18.942727, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (ldap/dlropdc01.intra.dlr.de@INTRA.DLR.DE) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 23 Aug 2012 18:21:18 CEST - 1345738878) [2012/08/23 08:21:18.942780, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2012/08/23 08:21:18.945382, 10] libsmb/clikrb5.c:1038(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2012/08/23 08:21:18.946638, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2012/08/23 08:21:18.946697, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2012/08/23 08:21:18.946763, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2012/08/23 08:21:18.946853, 4] auth/user_util.c:361(map_username) Scanning username map /etc/samba/smbusers [2012/08/23 08:21:18.946908, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user FTPSERVER\nobody in list [2012/08/23 08:21:18.946947, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |administrator| [2012/08/23 08:21:18.946983, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |admin| [2012/08/23 08:21:18.947069, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |DLR\maurerh-ad| [2012/08/23 08:21:18.947108, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |DLR\birk-ad| [2012/08/23 08:21:18.947151, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |DLR\dombrows-ad| [2012/08/23 08:21:18.947187, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |DLR\grae_ma-ad| [2012/08/23 08:21:18.947222, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |DLR\sant_ma-ad| [2012/08/23 08:21:18.947262, 10] auth/user_util.c:195(user_in_list) user_in_list: checking user FTPSERVER\nobody in list [2012/08/23 08:21:18.947299, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |guest| [2012/08/23 08:21:18.947334, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |pcguest| [2012/08/23 08:21:18.947369, 10] auth/user_util.c:200(user_in_list) user_in_list: checking user |FTPSERVER\nobody| against |smbguest| [2012/08/23 08:21:18.947411, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user FTPSERVER\nobody [2012/08/23 08:21:18.947449, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is ftpserver\nobody [2012/08/23 08:21:18.947536, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is FTPSERVER\nobody [2012/08/23 08:21:18.947623, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is FTPSERVER\NOBODY [2012/08/23 08:21:18.947708, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in ftpserver\nobody [2012/08/23 08:21:18.947747, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [FTPSERVER\nobody]! [2012/08/23 08:21:18.947784, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2012/08/23 08:21:18.947819, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2012/08/23 08:21:18.947857, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2012/08/23 08:21:18.947912, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = IDMAP/GID2SID/99 and timeout = Thu Jan 1 01:00:00 1970 (-1345702878 seconds in the past) [2012/08/23 08:21:18.948291, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 99 [2012/08/23 08:21:18.948354, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.948394, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.948430, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.948465, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.948500, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.948565, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.948631, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.948680, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.948720, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 99 -> sid S-1-22-2-99 [2012/08/23 08:21:18.948770, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.948826, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/08/23 08:21:18.948867, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for nobody [2012/08/23 08:21:18.948997, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2012/08/23 08:21:18.949129, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.949188, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.949226, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.949262, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.949297, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.949411, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.949460, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-501] [2012/08/23 08:21:18.949507, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-513] [2012/08/23 08:21:18.949554, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-546] [2012/08/23 08:21:18.949599, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/08/23 08:21:18.949655, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/08/23 08:21:18.949699, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2012/08/23 08:21:18.950457, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.950519, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.950557, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.950593, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.950628, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.950688, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2012/08/23 08:21:18.950728, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/23 08:21:18.950765, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/23 08:21:18.950801, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/23 08:21:18.950836, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.950870, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.950933, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. [2012/08/23 08:21:18.950989, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.951091, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2012/08/23 08:21:18.951149, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.951189, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-996664766-3924031551-1934014251-546 [2012/08/23 08:21:18.951230, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.951266, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.951301, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.951336, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.951371, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.951425, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2012/08/23 08:21:18.951464, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/23 08:21:18.951501, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/23 08:21:18.951536, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/23 08:21:18.951571, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.951605, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.951666, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. [2012/08/23 08:21:18.951720, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.951759, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2012/08/23 08:21:18.951799, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.951836, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-996664766-3924031551-1934014251-546 [2012/08/23 08:21:18.951877, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-996664766-3924031551-1934014251-546 to gid, ignoring it [2012/08/23 08:21:18.951921, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (11): SID[ 0]: S-1-5-21-996664766-3924031551-1934014251-501 SID[ 1]: S-1-5-21-996664766-3924031551-1934014251-513 SID[ 2]: S-1-5-21-996664766-3924031551-1934014251-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-99 SID[ 7]: S-1-22-2-1000007 SID[ 8]: S-1-22-2-1000004 SID[ 9]: S-1-22-2-1000005 SID[ 10]: S-1-22-2-1000003 Privileges (0x 0): Rights (0x 0): [2012/08/23 08:21:18.952184, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 4 supplementary groups Group[ 0]: 1000007 Group[ 1]: 1000004 Group[ 2]: 1000005 Group[ 3]: 1000003 [2012/08/23 08:21:18.952368, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2012/08/23 08:21:18.952411, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.952449, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/23 08:21:18.952485, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/23 08:21:18.952520, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:21:18.952554, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:21:18.952645, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:21:18.952695, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/08/23 08:21:18.952746, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/23 08:21:18.952803, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/23 08:21:18.952879, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/23 08:21:18.952925, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/23 08:21:18.952987, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/23 08:21:18.953234, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/23 08:21:18.953275, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/08/23 08:21:18.953316, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/23 08:21:18.953351, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/23 08:21:18.953387, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.953422, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] [2012/08/23 08:21:18.953482, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.953567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 result : WERR_OK [2012/08/23 08:21:18.953753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/23 08:21:18.954276, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.954360, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.954398, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:21:18.954438, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.954473, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.954509, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.954544, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.954597, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.954637, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.954677, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.954712, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.954748, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.954783, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.954835, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.954875, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.954915, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.954950, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.954987, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.955038, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.955105, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.955155, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.955194, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.955272, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 result : WERR_OK [2012/08/23 08:21:18.955434, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/23 08:21:18.955652, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.955732, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.955769, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.955816, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.955868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.956366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.956731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.956809, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.956848, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.957187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.957655, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.957760, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.957801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.958136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.958514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.958593, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.958630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.958940, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.959348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.959426, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.959464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.959781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.960180, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.960260, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.960298, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.960608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.960979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.961113, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.961163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.961559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/08/23 08:21:18.961960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.962102, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.962167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:18.962682, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/23 08:21:18.963335, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.963417, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2012/08/23 08:21:18.963460, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.963499, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.963536, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.963573, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.963613, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.963648, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.963684, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.963718, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.963770, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.963810, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.963848, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.963887, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.963923, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.963959, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.963993, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.964087, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.964139, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.964181, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.964220, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.964260, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.964295, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.964332, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.964367, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.964430, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.964472, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/08/23 08:21:18.964510, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.964551, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.964585, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.964622, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.964657, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.964710, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.964751, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.964829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.965043, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.965279, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.965322, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2012/08/23 08:21:18.965343, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.965363, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.965384, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.965411, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2012/08/23 08:21:18.965433, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2012/08/23 08:21:18.965453, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2012/08/23 08:21:18.965473, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2012/08/23 08:21:18.965493, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[28] [2012/08/23 08:21:18.965513, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[58] [2012/08/23 08:21:18.965533, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[106] [2012/08/23 08:21:18.965553, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.965618, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.965815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.965859, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2012/08/23 08:21:18.965880, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.965901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.965953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.966168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.966210, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2012/08/23 08:21:18.966232, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.966252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.966305, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/08/23 08:21:18.966664, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.966706, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2012/08/23 08:21:18.966726, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.966747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.966798, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2012/08/23 08:21:18.967195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.967238, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2012/08/23 08:21:18.967259, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.967279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.967332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/08/23 08:21:18.967981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.968028, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2012/08/23 08:21:18.968050, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.968071, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.968120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2012/08/23 08:21:18.969231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.969278, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2012/08/23 08:21:18.969299, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.969320, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.969368, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.969439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.969481, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.969521, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.969541, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.969561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.969646, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/08/23 08:21:18.969977, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.970029, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2012/08/23 08:21:18.970054, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.970075, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.970095, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.970116, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.970142, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.970161, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.970180, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.970199, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.970227, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.970249, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.970269, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.970290, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.970309, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.970328, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.970347, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.970374, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.970397, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.970417, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.970437, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.970459, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.970477, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.970497, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.970516, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.970548, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.970571, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.970590, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/08/23 08:21:18.970610, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.970632, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.970656, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.970676, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.970695, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/08/23 08:21:18.970724, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.970746, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/08/23 08:21:18.970767, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.970789, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/08/23 08:21:18.970809, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/08/23 08:21:18.970828, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.970847, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/08/23 08:21:18.970872, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/08/23 08:21:18.970895, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.970915, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.970957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.971097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/08/23 08:21:18.972299, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.972342, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2012/08/23 08:21:18.972364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.972384, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.972404, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/08/23 08:21:18.972431, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2012/08/23 08:21:18.972453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.972500, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.972573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.972616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.972656, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.972675, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.972695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.972781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/23 08:21:18.973079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.973128, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2012/08/23 08:21:18.973152, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.973173, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.973193, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.973213, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.973234, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.973257, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.973276, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.973295, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.973323, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.973369, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.973392, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.973414, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.973433, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.973453, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.973475, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.973505, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.973532, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.973553, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.973573, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.973595, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.973613, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.973633, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.973651, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.973684, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.973706, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/08/23 08:21:18.973726, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.973748, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.973767, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.973787, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.973805, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.973835, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.973858, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.973900, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.974006, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.974226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.974269, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2012/08/23 08:21:18.974290, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.974310, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.974330, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.974358, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2012/08/23 08:21:18.974380, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2012/08/23 08:21:18.974400, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2012/08/23 08:21:18.974420, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2012/08/23 08:21:18.974440, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[20] [2012/08/23 08:21:18.974460, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[58] [2012/08/23 08:21:18.974480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[164] [2012/08/23 08:21:18.974500, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.974549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.974734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.974776, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2012/08/23 08:21:18.974797, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.974817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.974864, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.975055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.975098, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2012/08/23 08:21:18.975124, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.975146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.975196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/08/23 08:21:18.975553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.975595, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2012/08/23 08:21:18.975616, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.975636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.975685, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2012/08/23 08:21:18.976005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.976079, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2012/08/23 08:21:18.976100, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.976125, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.976177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/08/23 08:21:18.976830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.976872, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2012/08/23 08:21:18.976893, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.976914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.976961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2012/08/23 08:21:18.978938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.979010, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2012/08/23 08:21:18.979052, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.979085, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.979184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.979259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.979301, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.979341, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.979361, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.979382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.979468, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/08/23 08:21:18.979770, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.979813, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2012/08/23 08:21:18.979835, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.979855, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.979875, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.979895, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.979917, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.979935, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.979954, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.979972, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.980000, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.980028, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.980051, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.980073, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.980091, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.980111, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.980134, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.980163, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.980187, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.980206, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.980227, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.980248, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.980267, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.980286, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.980305, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.980338, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.980360, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.980380, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/08/23 08:21:18.980400, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.980426, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.980445, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.980465, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.980484, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/08/23 08:21:18.980514, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.980536, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/08/23 08:21:18.980557, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.980579, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/08/23 08:21:18.980598, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/08/23 08:21:18.980618, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.980637, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/08/23 08:21:18.980663, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/08/23 08:21:18.980685, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.980706, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.980748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.980853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/08/23 08:21:18.982135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.982180, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2012/08/23 08:21:18.982202, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.982222, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.982242, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/08/23 08:21:18.982271, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2012/08/23 08:21:18.982293, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.982340, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.982413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.982455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.982495, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.982514, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.982533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.982619, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/23 08:21:18.982910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.982952, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2012/08/23 08:21:18.982973, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.982994, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.983013, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.983040, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.983065, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.983085, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.983104, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.983126, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.983155, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.983177, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.983198, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.983220, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.983238, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.983258, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.983276, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.983303, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.983326, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.983345, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.983365, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.983387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.983406, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.983425, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.983443, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.983475, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.983498, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/08/23 08:21:18.983519, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.983541, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.983559, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.983579, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.983598, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.983626, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.983648, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.983690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.983797, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.983976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.984017, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2012/08/23 08:21:18.984057, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.984077, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.984098, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.984133, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2012/08/23 08:21:18.984160, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2012/08/23 08:21:18.984181, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2012/08/23 08:21:18.984201, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2012/08/23 08:21:18.984222, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[48] [2012/08/23 08:21:18.984242, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[58] [2012/08/23 08:21:18.984262, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[126] [2012/08/23 08:21:18.984283, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.984332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.984514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.984556, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2012/08/23 08:21:18.984577, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.984597, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.984644, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.984821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.984863, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2012/08/23 08:21:18.984884, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.984905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.984952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/08/23 08:21:18.985318, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.985361, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2012/08/23 08:21:18.985382, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.985403, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.985454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2012/08/23 08:21:18.986063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.986106, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2012/08/23 08:21:18.986133, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.986154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.986204, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/08/23 08:21:18.986851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.986893, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2012/08/23 08:21:18.986914, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.986935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.986983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2012/08/23 08:21:18.988241, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.988284, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2012/08/23 08:21:18.988309, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.988331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.988378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.988447, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.988488, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.988529, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.988549, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.988568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.988654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/08/23 08:21:18.988946, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.988992, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2012/08/23 08:21:18.989014, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.989042, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.989062, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.989083, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.989104, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.989128, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.989148, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.989167, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.989195, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.989217, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.989238, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.989259, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.989278, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.989296, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.989315, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.989342, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.989364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.989384, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.989404, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.989425, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.989444, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.989464, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.989482, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.989514, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.989537, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.989557, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/08/23 08:21:18.989577, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.989599, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.989617, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.989640, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.989660, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/08/23 08:21:18.989689, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.989711, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/08/23 08:21:18.989731, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.989753, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/08/23 08:21:18.989773, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/08/23 08:21:18.989792, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.989811, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/08/23 08:21:18.989836, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/08/23 08:21:18.989859, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.989879, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.989921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.990051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/08/23 08:21:18.991260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.991304, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2012/08/23 08:21:18.991326, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.991346, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.991366, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/08/23 08:21:18.991395, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2012/08/23 08:21:18.991417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.991464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.991533, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.991578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.991619, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.991638, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.991658, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.991745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/08/23 08:21:18.992047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.992089, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2012/08/23 08:21:18.992111, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.992138, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.992160, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.992181, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.992203, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.992221, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.992240, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.992262, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.992291, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.992313, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.992334, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.992356, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.992375, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.992394, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.992412, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.992439, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.992462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.992482, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.992502, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.992523, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.992542, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.992561, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.992580, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.992612, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.992634, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/08/23 08:21:18.992654, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.992676, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.992695, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.992715, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.992733, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.992760, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.992783, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.992825, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.992927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.993119, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.993165, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2012/08/23 08:21:18.993186, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.993205, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:18.993225, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.993252, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2012/08/23 08:21:18.993274, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2012/08/23 08:21:18.993294, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2012/08/23 08:21:18.993314, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2012/08/23 08:21:18.993334, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[74] [2012/08/23 08:21:18.993354, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[58] [2012/08/23 08:21:18.993375, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[178] [2012/08/23 08:21:18.993396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.993444, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.993626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.993668, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2012/08/23 08:21:18.993689, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.993709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.993756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/08/23 08:21:18.993934, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.993976, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2012/08/23 08:21:18.993997, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.994017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.994081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/08/23 08:21:18.994437, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.994479, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2012/08/23 08:21:18.994500, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.994520, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.994570, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2012/08/23 08:21:18.995363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.995406, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2012/08/23 08:21:18.995427, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.995447, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.995495, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(58) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x61 (97) [25] : 0x00 (0) [26] : 0x6d (109) [27] : 0x00 (0) [28] : 0x62 (98) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x2f (47) [33] : 0x00 (0) [34] : 0x73 (115) [35] : 0x00 (0) [36] : 0x76 (118) [37] : 0x00 (0) [38] : 0x63 (99) [39] : 0x00 (0) [40] : 0x63 (99) [41] : 0x00 (0) [42] : 0x74 (116) [43] : 0x00 (0) [44] : 0x6c (108) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x6d (109) [51] : 0x00 (0) [52] : 0x62 (98) [53] : 0x00 (0) [54] : 0x64 (100) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) size : 0x0000003a (58) [2012/08/23 08:21:18.996149, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.996195, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2012/08/23 08:21:18.996217, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.996237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.996286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2012/08/23 08:21:18.997987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.998035, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2012/08/23 08:21:18.998060, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.998082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:18.998129, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-3550-decb73660000 [2012/08/23 08:21:18.998198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.998239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.998279, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:18.998299, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:18.998318, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:18.998403, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/08/23 08:21:18.998693, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.998739, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2012/08/23 08:21:18.998761, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:18.998782, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.998801, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:18.998822, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:18.998843, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:18.998862, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:18.998881, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.998899, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:18.998927, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.998949, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:18.998969, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.998991, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.999009, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.999035, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.999054, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:18.999082, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.999105, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.999125, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:18.999146, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.999167, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.999186, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.999205, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.999224, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:18.999256, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.999279, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2012/08/23 08:21:18.999299, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/08/23 08:21:18.999319, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.999341, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.999359, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.999379, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.999401, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/08/23 08:21:18.999430, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.999452, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/08/23 08:21:18.999473, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:18.999495, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/08/23 08:21:18.999513, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/08/23 08:21:18.999533, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:18.999551, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/08/23 08:21:18.999576, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/08/23 08:21:18.999599, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:18.999620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:18.999661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-3550-decb73660000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/08/23 08:21:18.999765, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-3550-decb73660000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/08/23 08:21:19.000961, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.001004, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2012/08/23 08:21:19.001030, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/08/23 08:21:19.001051, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:19.001072, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/08/23 08:21:19.001099, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2012/08/23 08:21:19.001121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/08/23 08:21:19.001168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-3550-decb73660000 [2012/08/23 08:21:19.001237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.001278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.001322, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:19.001341, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:19.001361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:19.001442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-3550-decb73660000 [2012/08/23 08:21:19.001510, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.001552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.001591, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:19.001611, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:21:19.001631, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:19.001710, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/08/23 08:21:19.001742, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2012/08/23 08:21:19.001765, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/23 08:21:19.001799, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2012/08/23 08:21:19.001824, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/23 08:21:19.001850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/23 08:21:19.001965, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/23 08:21:19.001987, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/08/23 08:21:19.002008, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/23 08:21:19.002039, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/23 08:21:19.002064, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.002086, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] [2012/08/23 08:21:19.002139, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.002184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-3550-dfcb73660000 result : WERR_OK [2012/08/23 08:21:19.002268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-3550-dfcb73660000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/23 08:21:19.002495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.002539, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/08/23 08:21:19.002560, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:21:19.002581, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/08/23 08:21:19.002600, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/08/23 08:21:19.002619, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.002638, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] [2012/08/23 08:21:19.002668, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/08/23 08:21:19.002691, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:19.002712, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:19.002731, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:19.002750, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.002773, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/08/23 08:21:19.002803, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/08/23 08:21:19.002826, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:19.002848, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:19.002867, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:19.002886, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.002905, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/08/23 08:21:19.002940, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2012/08/23 08:21:19.002963, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/23 08:21:19.002985, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.003004, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.003029, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.003053, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.003085, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/23 08:21:19.003108, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:19.003129, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:19.003150, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.003195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-3550-dfcb73660000 result : WERR_OK [2012/08/23 08:21:19.003279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-3550-dfcb73660000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/23 08:21:19.003391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.003434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f4eb14f6da0) [2012/08/23 08:21:19.003455, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.003488, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2012/08/23 08:21:19.003511, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2012/08/23 08:21:19.003532, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.003561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/23 08:21:19.003783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-3550-dfcb73660000 [2012/08/23 08:21:19.003852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.003894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. [0010] 73 66 00 00 sf.. [2012/08/23 08:21:19.003934, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/23 08:21:19.003953, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:21:19.003973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/23 08:21:19.004080, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2012/08/23 08:21:19.004110, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/08/23 08:21:19.004142, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb250e670 [2012/08/23 08:21:19.004197, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/08/23 08:21:19.004236, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2012/08/23 08:21:19.004276, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:21:19.004308, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf) registry_init_smbconf called [2012/08/23 08:21:19.004329, 10] registry/reg_backend_db.c:504(regdb_init) regdb_init: incrementing refcount (2->3) [2012/08/23 08:21:19.004426, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/08/23 08:21:19.004458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2012/08/23 08:21:19.004481, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/23 08:21:19.004511, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2012/08/23 08:21:19.004533, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.004562, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2012/08/23 08:21:19.004584, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2012/08/23 08:21:19.004605, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/08/23 08:21:19.004634, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2012/08/23 08:21:19.004656, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2012/08/23 08:21:19.004683, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/08/23 08:21:19.004704, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/08/23 08:21:19.004723, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2012/08/23 08:21:19.004743, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/08/23 08:21:19.004761, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:21:19.004781, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:21:19.004800, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/23 08:21:19.004820, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/23 08:21:19.004841, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/23 08:21:19.004859, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/23 08:21:19.004878, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.004897, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] [2012/08/23 08:21:19.004925, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/23 08:21:19.004948, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:19.004969, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/23 08:21:19.004988, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/23 08:21:19.005008, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.005033, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE] [2012/08/23 08:21:19.005068, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Samba] [2012/08/23 08:21:19.005092, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/23 08:21:19.005114, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba] [2012/08/23 08:21:19.005132, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba] [2012/08/23 08:21:19.005152, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.005170, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Samba] [2012/08/23 08:21:19.005200, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [smbconf] [2012/08/23 08:21:19.005222, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/23 08:21:19.005243, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf] [2012/08/23 08:21:19.005262, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf] [2012/08/23 08:21:19.005282, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.005301, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/08/23 08:21:19.005328, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/23 08:21:19.005351, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/23 08:21:19.005371, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:19.005391, 5] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2012/08/23 08:21:19.005413, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/08/23 08:21:19.005433, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:19.005454, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005473, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005492, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.005511, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005536, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/08/23 08:21:19.005557, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:19.005579, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:21:19.005602, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:21:19.005621, 10] smbd/server_reload.c:53(reload_printers) reloading printer services from pcap cache [2012/08/23 08:21:19.005650, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:21:19.005673, 5] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2012/08/23 08:21:19.005693, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/08/23 08:21:19.005713, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/23 08:21:19.005734, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005752, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005776, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:21:19.005795, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:21:19.005821, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/08/23 08:21:19.005842, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/23 08:21:19.005863, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:21:19.005887, 3] printing/printing.c:1673(start_background_queue) start_background_queue: Starting background LPQ thread [2012/08/23 08:21:19.006204, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/08/23 08:21:19.006199, 5] printing/printing.c:1696(start_background_queue) [2012/08/23 08:21:19.006248, 5] lib/util_sock.c:165(print_socket_options) Socket options: start_background_queue: background LPQ thread started SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 [2012/08/23 08:21:19.006375, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) SO_RCVTIMEO = 0 TCP_QUICKACK = 1 Locking key 75660000FFFFFFFF [2012/08/23 08:21:19.006406, 5] lib/util_sock.c:165(print_socket_options) Socket options: [2012/08/23 08:21:19.006415, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) SO_KEEPALIVE = 1 Allocated locked data 0x0x7f4eb251e5d0 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 [2012/08/23 08:21:19.006450, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) TCP_KEEPCNT = 9 Unlocking key 75660000FFFFFFFF TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 [2012/08/23 08:21:19.006479, 5] printing/printing.c:1732(start_background_queue) IPTOS_LOWDELAY = 0 start_background_queue: background LPQ thread waiting for messages IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.006567, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/08/23 08:21:19.006594, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.006737, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.006891, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/08/23 08:21:19.006916, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007067, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007222, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/08/23 08:21:19.007248, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007391, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007540, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/08/23 08:21:19.007566, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007708, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.007857, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/08/23 08:21:19.007881, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.008032, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.008185, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 73660000FFFFFFFF [2012/08/23 08:21:19.008211, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb251c8b0 [2012/08/23 08:21:19.008240, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 73660000FFFFFFFF [2012/08/23 08:21:19.008268, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(parent_housekeeping) 0x7f4eb2512810 [2012/08/23 08:21:19.008292, 5] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2012/08/23 08:21:19.008338, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/23 08:21:19.008362, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:21:19.008382, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/23 08:21:19.008414, 2] smbd/server.c:842(smbd_parent_loop) waiting for connections [2012/08/23 08:21:19.145550, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 76660000FFFFFFFF [2012/08/23 08:21:19.145657, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb24dd000 [2012/08/23 08:21:19.145711, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 76660000FFFFFFFF [2012/08/23 08:21:19.145773, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:21:19.146045, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 262144 SO_RCVBUF = 262144 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/08/23 08:22:19.068266, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7f4eb2512810 [2012/08/23 08:22:19.068354, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/08/23 08:22:19.068401, 5] smbd/server.c:627(smbd_parent_housekeeping) parent housekeeping [2012/08/23 08:22:19.068439, 3] smbd/server.c:632(smbd_parent_housekeeping) Printcap cache time expired. [2012/08/23 08:22:19.068476, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2012/08/23 08:22:19.068527, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/08/23 08:22:19.068578, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb250df00 [2012/08/23 08:22:19.068629, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/08/23 08:22:19.068750, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2012/08/23 08:22:19.068840, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/23 08:22:19.068882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x000078a0 (30880) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.069227, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/23 08:22:19.069272, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.069590, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/23 08:22:19.069633, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00006537 (25911) vnn : 0xffffffff (4294967295) unique_id : 0xa1faf1ce59046c3d (11671907252843080765) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.069903, 2] lib/messages_local.c:310(message_notify) message to process 25911 failed - No such process [2012/08/23 08:22:19.069953, 2] lib/messages_local.c:400(messaging_tdb_send) pid 25911 doesn't exist - deleting messages record [2012/08/23 08:22:19.069998, 2] lib/messages.c:121(traverse_fn) pid 25911 doesn't exist [2012/08/23 08:22:19.070119, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/23 08:22:19.070161, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00006675 (26229) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.070462, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/23 08:22:19.070504, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) [2012/08/23 08:22:19.070527, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messages: ARRAY(1) messages: struct messaging_rec messaging_tdb_signal_handler: sig[10] count[1] msgs[1] msg_version : 0x00000002 (2) [2012/08/23 08:22:19.070597, 10] lib/messages_local.c:466(message_dispatch) msg_type : MSG_PRINTER_PCAP (519) message_dispatch: received_messages = 1 dest: struct server_id pid : 0x00006676 (26230) vnn : 0xffffffff (4294967295) [2012/08/23 08:22:19.070663, 10] lib/messages_local.c:215(messaging_tdb_fetch) unique_id : 0x16e0d699885d0012 (1648553418523738130) messaging_tdb_fetch: src: struct server_id [2012/08/23 08:22:19.070703, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) result: struct messaging_array unique_id : 0x44c22ab54009306d (4954569498012758125) num_messages : 0x00000001 (1) buf : DATA_BLOB length=0 messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) [2012/08/23 08:22:19.070821, 10] lib/messages_local.c:255(messaging_tdb_store) dest: struct server_id messaging_tdb_store: pid : 0x00006675 (26229) vnn : 0xffffffff (4294967295) [2012/08/23 08:22:19.070884, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) unique_id : 0x44c22ab54009306d (4954569498012758125) src: struct server_id array: struct messaging_array pid : 0x00006673 (26227) num_messages : 0x00000001 (1) vnn : 0xffffffff (4294967295) messages: ARRAY(1) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00007630 (30256) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.071358, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/08/23 08:22:19.071431, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2012/08/23 08:22:19.071486, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2012/08/23 08:22:19.071558, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2012/08/23 08:22:19.071614, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) src: struct server_id pid : 0x00006673 (26227) vnn : 0xffffffff (4294967295) unique_id : 0x44c22ab54009306d (4954569498012758125) buf : DATA_BLOB length=0 [2012/08/23 08:22:19.072066, 10] smbd/server.c:130(smb_pcap_updated) Got message saying pcap was updated. Reloading. [2012/08/23 08:22:19.072126, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:22:19.072187, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:22:19.072243, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:22:19.072336, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/23 08:22:19.072411, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:22:19.072468, 5] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2012/08/23 08:22:19.072526, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/08/23 08:22:19.072586, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:22:19.072651, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.072708, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.072769, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:22:19.072825, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.072900, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/08/23 08:22:19.072958, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:22:19.073021, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:22:19.073094, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:22:19.073154, 10] smbd/server_reload.c:53(reload_printers) reloading printer services from pcap cache [2012/08/23 08:22:19.073230, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:22:19.073289, 5] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2012/08/23 08:22:19.073348, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/08/23 08:22:19.073408, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/23 08:22:19.073459, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.073495, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.073532, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/23 08:22:19.073567, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/08/23 08:22:19.073615, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/08/23 08:22:19.073654, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/23 08:22:19.073696, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/08/23 08:23:19.128820, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0x7f4eb24f10f0 [2012/08/23 08:23:19.128900, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/08/23 08:23:19.128944, 5] smbd/server.c:627(smbd_parent_housekeeping) parent housekeeping [2012/08/23 08:23:19.128982, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/08/23 08:23:22.106711, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:23:22.172376, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:23:22.172425, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:23:22.172493, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/23 08:23:22.172544, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 73660000FFFFFFFF [2012/08/23 08:23:22.172590, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb2519820 [2012/08/23 08:23:22.172646, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 73660000FFFFFFFF [2012/08/23 08:23:22.172790, 3] smbd/server_exit.c:181(exit_server_common) Server exit (termination signal) [2012/08/23 08:23:22.489862, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/23 08:23:22.489934, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/23 08:23:22.489976, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/23 08:23:22.490044, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/23 08:23:22.490098, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 75660000FFFFFFFF [2012/08/23 08:23:22.490159, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f4eb250e110 [2012/08/23 08:23:22.490219, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 75660000FFFFFFFF [2012/08/23 08:23:22.490345, 3] smbd/server_exit.c:181(exit_server_common) Server exit (termination signal)