The Samba-Bugzilla – Attachment 7814 Details for
Bug 9058
Files not deleted, smbstatus shows "Segmentation fault"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
debug10 log.smbd
log.smbd_debug (text/plain), 376.02 KB, created by
maurer
on 2012-08-23 07:16:20 UTC
(
hide
)
Description:
debug10 log.smbd
Filename:
MIME Type:
Creator:
maurer
Created:
2012-08-23 07:16:20 UTC
Size:
376.02 KB
patch
obsolete
>[2012/08/23 08:00:26.871675, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:00:26.871721, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:00:26.871757, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:00:26.871794, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:00:26.871828, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f6658819ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:00:26.871876, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/08/23 08:00:26.871916, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:00:26.871957, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:01:26.878145, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0x7f6659829110 >[2012/08/23 08:01:26.878225, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/08/23 08:01:26.878269, 5] smbd/server.c:627(smbd_parent_housekeeping) > parent housekeeping >[2012/08/23 08:01:26.878308, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/08/23 08:01:37.690309, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:01:37.690400, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:01:37.690452, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:01:37.690521, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/23 08:01:37.690566, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key AE640000FFFFFFFF >[2012/08/23 08:01:37.690605, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f6659851840 >[2012/08/23 08:01:37.690654, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key AE640000FFFFFFFF >[2012/08/23 08:01:37.690781, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal) >[2012/08/23 08:01:38.000182, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:01:38.000255, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:01:38.000297, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:01:38.000365, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/23 08:01:38.000419, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key B0640000FFFFFFFF >[2012/08/23 08:01:38.000464, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f6659846130 >[2012/08/23 08:01:38.000518, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key B0640000FFFFFFFF >[2012/08/23 08:01:38.000645, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal) >[2012/08/23 08:04:08, 0] smbd/server.c:1053(main) > smbd version 3.6.7-itsd_lock.el6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2012/08/23 08:04:08.984981, 0] smbd/server.c:1109(main) > standard input is not a socket, assuming -D option >[2012/08/23 08:21:18, 0] smbd/server.c:1053(main) > smbd version 3.6.7-itsd_lock.el6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 >[2012/08/23 08:21:18, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter max log size = 0 > doing parameter syslog = 0 > doing parameter log file = /var/log/samba/log.%m > doing parameter printcap name = /dev/null > doing parameter machine password timeout = 604800 > doing parameter os level = 25 > doing parameter preferred master = No > doing parameter local master = No > doing parameter domain master = No > doing parameter dns proxy = No > doing parameter encrypt passwords = yes > doing parameter idmap config * : backend = tdb > doing parameter idmap config * : range = 1000001-1999999 > doing parameter idmap config DLR : backend = ad > doing parameter idmap config DLR : schema_mode = rfc2307 > doing parameter idmap config DLR : readonly = yes > doing parameter idmap config DLR : range = 1000-1000000 > doing parameter max protocol = smb2 > doing parameter wins server = > doing parameter create mask = 0664 > doing parameter directory mask = 0775 > doing parameter use sendfile = Yes > doing parameter hide dot files = No > doing parameter map archive = No > doing parameter dont descend = lost+found > doing parameter load printers = no > doing parameter printing = bsd > doing parameter printcap name = /dev/null >[2012/08/23 08:21:18, 4] param/loadparm.c:9608(lp_load_ex) > pm_process() returned Yes >[2012/08/23 08:21:18, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/08/23 08:21:18, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2012/08/23 08:21:18, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/08/23 08:21:18, 4] smbd/sec_ctx.c:174(get_current_groups) > get_current_groups: user is in 8 groups: 0, 1, 2, 3, 4, 6, 10, 201 >[2012/08/23 08:21:18, 2] lib/tallocmsg.c:124(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE >[2012/08/23 08:21:18, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2012/08/23 08:21:18.891487, 3] param/loadparm.c:9572(lp_load_ex) > lp_load_ex: refreshing parameters >[2012/08/23 08:21:18.891548, 3] param/loadparm.c:5192(init_globals) > Initialising global parameters >[2012/08/23 08:21:18.891592, 2] param/loadparm.c:4985(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >[2012/08/23 08:21:18.891665, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2012/08/23 08:21:18.891725, 3] param/loadparm.c:8310(do_section) > Processing section "[global]" > doing parameter workgroup = DLR > doing parameter realm = INTRA.DLR.DE > doing parameter netbios name = FTPSERVER >[2012/08/23 08:21:18.891813, 4] param/loadparm.c:7561(handle_netbios_name) > handle_netbios_name: set global_myname to: FTPSERVER > doing parameter server string = RM-FTP-Server > doing parameter interfaces = 127.0.0.1, eth0 > doing parameter bind interfaces only = Yes > doing parameter security = ADS > doing parameter password server = * > doing parameter username map = /etc/samba/smbusers > doing parameter log level = 10 >[2012/08/23 08:21:18.891972, 5] ../lib/util/debug.c:330(debug_dump_status) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > doing parameter max log size = 0 > doing parameter syslog = 0 > doing parameter log file = /var/log/samba/log.%m > doing parameter printcap name = /dev/null > doing parameter machine password timeout = 604800 > doing parameter os level = 25 > doing parameter preferred master = No > doing parameter local master = No > doing parameter domain master = No > doing parameter dns proxy = No > doing parameter encrypt passwords = yes > doing parameter idmap config * : backend = tdb > doing parameter idmap config * : range = 1000001-1999999 > doing parameter idmap config DLR : backend = ad > doing parameter idmap config DLR : schema_mode = rfc2307 > doing parameter idmap config DLR : readonly = yes > doing parameter idmap config DLR : range = 1000-1000000 > doing parameter max protocol = smb2 > doing parameter wins server = > doing parameter create mask = 0664 > doing parameter directory mask = 0775 > doing parameter use sendfile = Yes > doing parameter hide dot files = No > doing parameter map archive = No > doing parameter dont descend = lost+found > doing parameter load printers = no > doing parameter printing = bsd > doing parameter printcap name = /dev/null >[2012/08/23 08:21:18.892981, 2] param/loadparm.c:8327(do_section) > Processing section "[ftp]" >[2012/08/23 08:21:18.893046, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 0 for ftp >[2012/08/23 08:21:18.893086, 10] param/loadparm.c:6518(hash_a_service) > hash_a_service: creating servicehash >[2012/08/23 08:21:18.893121, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 0 for service name ftp > doing parameter path = /home_local/ftp > doing parameter comment = FTP-Share > doing parameter browseable = yes > doing parameter writeable = yes > doing parameter force group = @DLR\rmc_office-rob_mf > doing parameter force create mode = 0664 > doing parameter wide links = no >[2012/08/23 08:21:18.893378, 2] param/loadparm.c:8327(do_section) > Processing section "[DLR-EXCHANGE]" >[2012/08/23 08:21:18.893439, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 1 for DLR-EXCHANGE >[2012/08/23 08:21:18.893477, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 1 for service name DLR-EXCHANGE > doing parameter path = /home_local/DLR > doing parameter comment = DLR-Date-Exchange-Share > doing parameter browseable = yes > doing parameter writeable = yes > doing parameter force create mode = 0666 > doing parameter create mask = 0666 > doing parameter directory mask = 0777 > doing parameter wide links = no >[2012/08/23 08:21:18.893694, 2] param/loadparm.c:8327(do_section) > Processing section "[tmp]" >[2012/08/23 08:21:18.893753, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 2 for tmp >[2012/08/23 08:21:18.893791, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 2 for service name tmp > doing parameter path = /home_local/tmp > doing parameter comment = tmp-Share > doing parameter browseable = yes > doing parameter writeable = yes > doing parameter wide links = no >[2012/08/23 08:21:18.893955, 4] param/loadparm.c:9608(lp_load_ex) > pm_process() returned Yes >[2012/08/23 08:21:18.894009, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/08/23 08:21:18.894071, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 3 for IPC$ >[2012/08/23 08:21:18.894110, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 3 for service name IPC$ >[2012/08/23 08:21:18.894151, 3] param/loadparm.c:6630(lp_add_ipc) > adding IPC service >[2012/08/23 08:21:18.894211, 10] param/loadparm_server_role.c:101(set_server_role) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2012/08/23 08:21:18.894254, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/08/23 08:21:18.894309, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 23 08:19:49 2012 > >[2012/08/23 08:21:18.894447, 2] lib/interface.c:341(add_interface) > added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 >[2012/08/23 08:21:18.894483, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=fe80::7a2b:cbff:fe5c:74c%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >[2012/08/23 08:21:18.894541, 2] lib/interface.c:341(add_interface) > added interface eth0 ip=129.247.189.2 bcast=129.247.189.255 netmask=255.255.255.0 >[2012/08/23 08:21:18.894573, 3] smbd/server.c:1088(main) > loaded services >[2012/08/23 08:21:18.894598, 5] lib/util.c:242(init_names) > Netbios name list:- > my_netbios_names[0]="FTPSERVER" >[2012/08/23 08:21:18.894652, 0] smbd/server.c:1109(main) > standard input is not a socket, assuming -D option >[2012/08/23 08:21:18.894675, 3] smbd/server.c:1120(main) > Becoming a daemon. >[2012/08/23 08:21:18.895012, 8] ../lib/util/util.c:263(fcntl_lock) > fcntl_lock 9 6 0 1 1 >[2012/08/23 08:21:18.895076, 8] ../lib/util/util.c:298(fcntl_lock) > fcntl_lock: Lock call successful >[2012/08/23 08:21:18.895222, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam >[2012/08/23 08:21:18.895277, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam' >[2012/08/23 08:21:18.895313, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend ldapsam_compat >[2012/08/23 08:21:18.895349, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'ldapsam_compat' >[2012/08/23 08:21:18.895385, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam >[2012/08/23 08:21:18.895421, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam' >[2012/08/23 08:21:18.895455, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend NDS_ldapsam_compat >[2012/08/23 08:21:18.895490, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2012/08/23 08:21:18.895527, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend IPA_ldapsam >[2012/08/23 08:21:18.895563, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'IPA_ldapsam' >[2012/08/23 08:21:18.895599, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend smbpasswd >[2012/08/23 08:21:18.895636, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'smbpasswd' >[2012/08/23 08:21:18.895673, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend tdbsam >[2012/08/23 08:21:18.895710, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'tdbsam' >[2012/08/23 08:21:18.895746, 5] passdb/pdb_interface.c:71(smb_register_passdb) > Attempting to register passdb backend wbc_sam >[2012/08/23 08:21:18.895790, 5] passdb/pdb_interface.c:84(smb_register_passdb) > Successfully added passdb backend 'wbc_sam' >[2012/08/23 08:21:18.895825, 5] passdb/pdb_interface.c:141(make_pdb_method_name) > Attempting to find a passdb backend to match tdbsam (tdbsam) >[2012/08/23 08:21:18.895860, 5] passdb/pdb_interface.c:162(make_pdb_method_name) > Found pdb backend tdbsam >[2012/08/23 08:21:18.895902, 5] passdb/pdb_interface.c:173(make_pdb_method_name) > pdb backend tdbsam has a valid init >[2012/08/23 08:21:18.896740, 10] registry/reg_backend_db.c:526(regdb_init) > regdb_init: registry db openend. refcount reset (1) >[2012/08/23 08:21:18.896803, 10] registry/reg_cachehook.c:70(reghook_cache_init) > reghook_cache_init: new tree with default ops 0x7f4eb14f6da0 for key [] >[2012/08/23 08:21:18.897019, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/08/23 08:21:18.897083, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] >[2012/08/23 08:21:18.897127, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/23 08:21:18.897191, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] >[2012/08/23 08:21:18.897235, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:18.897288, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2012/08/23 08:21:18.897328, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.897369, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:18.897422, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2012/08/23 08:21:18.897461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.897507, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6f00 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] >[2012/08/23 08:21:18.897545, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.897584, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree >[2012/08/23 08:21:18.897621, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.897664, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/23 08:21:18.897701, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.897743, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree >[2012/08/23 08:21:18.897781, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.897819, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/08/23 08:21:18.897855, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.897893, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree >[2012/08/23 08:21:18.897929, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.897973, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6f60 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2012/08/23 08:21:18.898010, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898049, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree >[2012/08/23 08:21:18.898085, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898122, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/08/23 08:21:18.898157, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898201, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2012/08/23 08:21:18.898241, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898279, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6fc0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2012/08/23 08:21:18.898315, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898353, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree >[2012/08/23 08:21:18.898389, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898426, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f7020 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2012/08/23 08:21:18.898462, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898499, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree >[2012/08/23 08:21:18.898536, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898573, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f7080 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >[2012/08/23 08:21:18.898609, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898646, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree >[2012/08/23 08:21:18.898683, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898720, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f70e0 for key [\HKPT] >[2012/08/23 08:21:18.898754, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898790, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKPT] to tree >[2012/08/23 08:21:18.898825, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.898862, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f7140 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/23 08:21:18.898898, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.898934, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree >[2012/08/23 08:21:18.898969, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.899006, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f71a0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2012/08/23 08:21:18.899043, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:18.899080, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree >[2012/08/23 08:21:18.899122, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:18.899158, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (1->0) >[2012/08/23 08:21:18.899868, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2012/08/23 08:21:18.899934, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user FTPSERVER\root in list >[2012/08/23 08:21:18.899973, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |administrator| >[2012/08/23 08:21:18.900024, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |admin| >[2012/08/23 08:21:18.900061, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |DLR\maurerh-ad| >[2012/08/23 08:21:18.900096, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |DLR\birk-ad| >[2012/08/23 08:21:18.900141, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |DLR\dombrows-ad| >[2012/08/23 08:21:18.900177, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |DLR\grae_ma-ad| >[2012/08/23 08:21:18.900212, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |DLR\sant_ma-ad| >[2012/08/23 08:21:18.900253, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user FTPSERVER\root in list >[2012/08/23 08:21:18.900290, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |guest| >[2012/08/23 08:21:18.900325, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |pcguest| >[2012/08/23 08:21:18.900360, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\root| against |smbguest| >[2012/08/23 08:21:18.900406, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user FTPSERVER\root >[2012/08/23 08:21:18.900446, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is ftpserver\root >[2012/08/23 08:21:18.902786, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is FTPSERVER\root >[2012/08/23 08:21:18.902895, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is FTPSERVER\ROOT >[2012/08/23 08:21:18.902984, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in ftpserver\root >[2012/08/23 08:21:18.903034, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [FTPSERVER\root]! >[2012/08/23 08:21:18.903073, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/23 08:21:18.903116, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/23 08:21:18.903182, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/23 08:21:18.903249, 5] lib/gencache.c:68(gencache_init) > Opening cache file at /var/lib/samba/gencache.tdb >[2012/08/23 08:21:18.903807, 5] lib/gencache.c:111(gencache_init) > Opening cache file at /var/lib/samba/gencache_notrans.tdb >[2012/08/23 08:21:18.903893, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/0 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.904556, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 0 >[2012/08/23 08:21:18.904618, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.904659, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.904698, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.904733, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.904774, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.904909, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.904982, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.905045, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.905088, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 0 -> sid S-1-22-2-0 >[2012/08/23 08:21:18.905148, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.905206, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.905248, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for root >[2012/08/23 08:21:18.905364, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: FTPSERVER\root => domain=[FTPSERVER], name=[root] >[2012/08/23 08:21:18.905414, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/23 08:21:18.905456, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.905494, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.905529, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.905564, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.905599, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.905695, 4] passdb/pdb_tdb.c:523(tdbsam_open) > tdbsam_open: successfully opened //etc/samba/passdb.tdb >[2012/08/23 08:21:18.905740, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) > pdb_getsampwnam (TDB): error fetching database. > Key: USER_root >[2012/08/23 08:21:18.905795, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.905834, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.905870, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.905905, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.905940, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.905974, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.906049, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.906114, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.906164, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.906207, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/23 08:21:18.906243, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/23 08:21:18.906759, 10] passdb/lookup_sid.c:1544(sid_to_uid) > sid S-1-22-1-0 -> uid 0 >[2012/08/23 08:21:18.906857, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [root] >[2012/08/23 08:21:18.910746, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/1 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.911074, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 1 >[2012/08/23 08:21:18.911138, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.911178, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.911214, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.911250, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.911291, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.911357, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.911418, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.911464, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.911504, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 1 -> sid S-1-22-2-1 >[2012/08/23 08:21:18.911556, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/2 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.911849, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 2 >[2012/08/23 08:21:18.911905, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.911944, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.911980, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.912031, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.912067, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.912140, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.912200, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.912247, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.912287, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 2 -> sid S-1-22-2-2 >[2012/08/23 08:21:18.912340, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/3 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.912631, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 3 >[2012/08/23 08:21:18.912688, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.912727, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.912763, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.912799, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.912835, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.912901, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.912960, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.913022, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.913067, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 3 -> sid S-1-22-2-3 >[2012/08/23 08:21:18.913127, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/4 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.913420, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 4 >[2012/08/23 08:21:18.913477, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.913516, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.913552, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.913588, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.913630, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.913696, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.913756, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.913803, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.913842, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 4 -> sid S-1-22-2-4 >[2012/08/23 08:21:18.913895, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/6 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.914187, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 6 >[2012/08/23 08:21:18.914245, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.914284, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.914320, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.914356, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.914391, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.914456, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.914515, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.914562, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.914602, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 6 -> sid S-1-22-2-6 >[2012/08/23 08:21:18.914655, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/10 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.914934, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 10 >[2012/08/23 08:21:18.914991, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.915041, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.915077, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.915120, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.915156, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.915221, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.915281, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.915327, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.915367, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 10 -> sid S-1-22-2-10 >[2012/08/23 08:21:18.915420, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/201 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.915699, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 201 >[2012/08/23 08:21:18.915757, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.915795, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.915832, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.915867, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.915903, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.915978, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.916054, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.916105, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.916150, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 201 -> sid S-1-22-2-201 >[2012/08/23 08:21:18.916195, 10] auth/token_util.c:339(create_local_nt_token) > Create local NT token for S-1-22-1-0 >[2012/08/23 08:21:18.916255, 10] passdb/lookup_sid.c:1635(sid_to_gid) > sid S-1-5-32-544 -> gid 1000001 >[2012/08/23 08:21:18.916310, 10] passdb/lookup_sid.c:1635(sid_to_gid) > sid S-1-5-32-545 -> gid 1000002 >[2012/08/23 08:21:18.916352, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.916389, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.916424, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.916460, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.916494, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.916639, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.916733, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-1-0] >[2012/08/23 08:21:18.916784, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-0] >[2012/08/23 08:21:18.916828, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-1] >[2012/08/23 08:21:18.916872, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-2] >[2012/08/23 08:21:18.916915, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-3] >[2012/08/23 08:21:18.916958, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-4] >[2012/08/23 08:21:18.917002, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-6] >[2012/08/23 08:21:18.917059, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-10] >[2012/08/23 08:21:18.917105, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-201] >[2012/08/23 08:21:18.917157, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/08/23 08:21:18.917213, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/08/23 08:21:18.917257, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/08/23 08:21:18.917379, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (15): > SID[ 0]: S-1-22-1-0 > SID[ 1]: S-1-22-2-0 > SID[ 2]: S-1-22-2-1 > SID[ 3]: S-1-22-2-2 > SID[ 4]: S-1-22-2-3 > SID[ 5]: S-1-22-2-4 > SID[ 6]: S-1-22-2-6 > SID[ 7]: S-1-22-2-10 > SID[ 8]: S-1-22-2-201 > SID[ 9]: S-1-1-0 > SID[ 10]: S-1-5-2 > SID[ 11]: S-1-5-11 > SID[ 12]: S-1-22-2-1000004 > SID[ 13]: S-1-22-2-1000005 > SID[ 14]: S-1-22-2-1000006 > Privileges (0x 0): > Rights (0x 0): >[2012/08/23 08:21:18.917694, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 11 supplementary groups > Group[ 0]: 0 > Group[ 1]: 1 > Group[ 2]: 2 > Group[ 3]: 3 > Group[ 4]: 4 > Group[ 5]: 6 > Group[ 6]: 10 > Group[ 7]: 201 > Group[ 8]: 1000004 > Group[ 9]: 1000005 > Group[ 10]: 1000006 >[2012/08/23 08:21:18.917985, 6] libads/ldap.c:365(ads_find_dc) > ads_find_dc: (ldap) looking for realm 'INTRA.DLR.DE' >[2012/08/23 08:21:18.918086, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" >[2012/08/23 08:21:18.918138, 4] libsmb/namequery_dc.c:76(ads_dc_name) > ads_dc_name: domain=DLR >[2012/08/23 08:21:18.918189, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" >[2012/08/23 08:21:18.918227, 6] libads/ldap.c:385(ads_find_dc) > ads_find_dc: (cldap) looking for realm 'INTRA.DLR.DE' >[2012/08/23 08:21:18.918265, 8] libsmb/namequery.c:2721(get_sorted_dc_list) > get_sorted_dc_list: attempting lookup for name INTRA.DLR.DE (sitename OP) using [ads] >[2012/08/23 08:21:18.918337, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = SAF/DOMAIN/INTRA.DLR.DE and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.918421, 5] libsmb/namequery.c:191(saf_fetch) > saf_fetch: failed to find server for "INTRA.DLR.DE" domain >[2012/08/23 08:21:18.918467, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: ", *" >[2012/08/23 08:21:18.918508, 10] libsmb/namequery.c:2042(internal_resolve_name) > internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename OP) >[2012/08/23 08:21:18.918565, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = NBT/INTRA.DLR.DE#1C and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.918642, 5] libsmb/namecache.c:160(namecache_fetch) > no entry for INTRA.DLR.DE#1C found. >[2012/08/23 08:21:18.918689, 5] libsmb/namequery.c:1897(resolve_ads) > resolve_ads: Attempting to resolve DCs for INTRA.DLR.DE using DNS >[2012/08/23 08:21:18.919169, 4] libads/dns.c:434(ads_dns_lookup_srv) > ads_dns_lookup_srv: 2 records returned in the answer section. >[2012/08/23 08:21:18.919268, 10] libads/dns.c:215(ads_dns_parse_rr_srv) > ads_dns_parse_rr_srv: Parsed dlropdc01.intra.dlr.de [0, 100, 389] >[2012/08/23 08:21:18.919311, 10] libads/dns.c:215(ads_dns_parse_rr_srv) > ads_dns_parse_rr_srv: Parsed dlropdc02.intra.dlr.de [0, 100, 389] >[2012/08/23 08:21:18.919361, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.919400, 5] libsmb/namecache.c:78(namecache_store) > namecache_store: storing 2 addresses for INTRA.DLR.DE#1c: 129.247.163.144,129.247.163.155 >[2012/08/23 08:21:18.919462, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = NBT/INTRA.DLR.DE#1C and timeout = Thu Aug 23 08:32:18 2012 > (660 seconds ahead) >[2012/08/23 08:21:18.919547, 10] libsmb/namequery.c:2200(internal_resolve_name) > internal_resolve_name: returning 2 addresses: 129.247.163.144:389 129.247.163.155:389 >[2012/08/23 08:21:18.919592, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 2 DC's from auto lookup >[2012/08/23 08:21:18.919641, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 >[2012/08/23 08:21:18.919691, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 >[2012/08/23 08:21:18.919728, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.919766, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/08/23 08:21:18.919803, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 129.247.163.144:389 129.247.163.155:389 >[2012/08/23 08:21:18.919854, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 >[2012/08/23 08:21:18.919896, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 129.247.163.144 (realm: INTRA.DLR.DE) >[2012/08/23 08:21:18.920646, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001fc (508) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 7776cd72-2adb-4450-89de-23e646c9882c > forest : 'intra.dlr.de' > dns_domain : 'intra.dlr.de' > pdc_dns_name : 'dlropdc01.intra.dlr.de' > domain_name : 'DLR' > pdc_name : 'DLROPDC01' > user_name : '' > server_site : 'OP' > client_site : 'OP' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2012/08/23 08:21:18.921563, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [DLR], sitename = [OP], expire = [2085923199] >[2012/08/23 08:21:18.921614, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/DLR and timeout = (null) (740220321 seconds ahead) >[2012/08/23 08:21:18.921694, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [intra.dlr.de], sitename = [OP], expire = [2085923199] >[2012/08/23 08:21:18.921738, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/INTRA.DLR.DE and timeout = (null) (740220321 seconds ahead) >[2012/08/23 08:21:18.921805, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 129.247.163.144 >[2012/08/23 08:21:18.921859, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" >[2012/08/23 08:21:18.921900, 10] libads/ldap.c:171(ads_closest_dc) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2012/08/23 08:21:18.921956, 10] libads/kerberos.c:880(create_local_private_krb5_conf_for_domain) > create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.DLR, realm = INTRA.DLR.DE, domain = DLR >[2012/08/23 08:21:18.922017, 5] libsmb/namequery.c:191(saf_fetch) > saf_fetch: failed to find server for "INTRA.DLR.DE" domain >[2012/08/23 08:21:18.922063, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: ", *" >[2012/08/23 08:21:18.922101, 10] libsmb/namequery.c:2042(internal_resolve_name) > internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename OP) >[2012/08/23 08:21:18.922154, 5] libsmb/namecache.c:165(namecache_fetch) > name INTRA.DLR.DE#1C found. >[2012/08/23 08:21:18.922250, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.922295, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 2 DC's from auto lookup >[2012/08/23 08:21:18.922345, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 >[2012/08/23 08:21:18.922395, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 >[2012/08/23 08:21:18.922433, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.922470, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/08/23 08:21:18.922507, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 129.247.163.144:389 129.247.163.155:389 >[2012/08/23 08:21:18.922568, 5] libsmb/namequery.c:191(saf_fetch) > saf_fetch: failed to find server for "INTRA.DLR.DE" domain >[2012/08/23 08:21:18.922611, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: ", *" >[2012/08/23 08:21:18.922648, 10] libsmb/namequery.c:2042(internal_resolve_name) > internal_resolve_name: looking up INTRA.DLR.DE#1c (sitename (null)) >[2012/08/23 08:21:18.922693, 5] libsmb/namecache.c:165(namecache_fetch) > name INTRA.DLR.DE#1C found. >[2012/08/23 08:21:18.922776, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.922819, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 2 DC's from auto lookup >[2012/08/23 08:21:18.922869, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.144 >[2012/08/23 08:21:18.922918, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain INTRA.DLR.DE server 129.247.163.155 >[2012/08/23 08:21:18.922956, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.922993, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 2 ip addresses in an ordered list >[2012/08/23 08:21:18.923030, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 129.247.163.144:389 129.247.163.155:389 >[2012/08/23 08:21:18.923082, 10] libads/kerberos.c:825(get_kdc_ip_string) > get_kdc_ip_string: Returning kdc = 129.247.163.144 > kdc = 129.247.163.155 > kdc = 129.247.163.155 > >[2012/08/23 08:21:18.923303, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) > create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.DLR with realm INTRA.DLR.DE KDC list = kdc = 129.247.163.144 > kdc = 129.247.163.155 > kdc = 129.247.163.155 > >[2012/08/23 08:21:18.923400, 4] libsmb/namequery_dc.c:148(ads_dc_name) > ads_dc_name: using server='DLROPDC01.INTRA.DLR.DE' IP=129.247.163.144 >[2012/08/23 08:21:18.923450, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for INTRA.DLR.DE: "OP" >[2012/08/23 08:21:18.923491, 10] libsmb/namequery.c:2042(internal_resolve_name) > internal_resolve_name: looking up DLROPDC01.INTRA.DLR.DE#20 (sitename OP) >[2012/08/23 08:21:18.923540, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = NBT/DLROPDC01.INTRA.DLR.DE#20 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.923617, 5] libsmb/namecache.c:160(namecache_fetch) > no entry for DLROPDC01.INTRA.DLR.DE#20 found. >[2012/08/23 08:21:18.923658, 3] libsmb/namequery.c:1741(resolve_lmhosts) > resolve_lmhosts: Attempting lmhosts lookup for name DLROPDC01.INTRA.DLR.DE<0x20> >[2012/08/23 08:21:18.923697, 3] ../libcli/nbt/lmhosts.c:185(resolve_lmhosts_file_as_sockaddr) > resolve_lmhosts: Attempting lmhosts lookup for name DLROPDC01.INTRA.DLR.DE<0x20> >[2012/08/23 08:21:18.923759, 4] ../libcli/nbt/lmhosts.c:111(getlmhostsent) > getlmhostsent: lmhost entry: 127.0.0.1 localhost >[2012/08/23 08:21:18.923835, 3] libsmb/namequery.c:1616(resolve_wins) > resolve_wins: Attempting wins lookup for name DLROPDC01.INTRA.DLR.DE<0x20> >[2012/08/23 08:21:18.923883, 3] libsmb/namequery.c:1620(resolve_wins) > resolve_wins: WINS server resolution selected and no WINS servers listed. >[2012/08/23 08:21:18.923921, 3] libsmb/namequery.c:1797(resolve_hosts) > resolve_hosts: Attempting host lookup for name DLROPDC01.INTRA.DLR.DE<0x20> >[2012/08/23 08:21:18.924123, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2012/08/23 08:21:18.924192, 5] libsmb/namecache.c:78(namecache_store) > namecache_store: storing 1 address for DLROPDC01.INTRA.DLR.DE#20: 129.247.163.144 >[2012/08/23 08:21:18.924245, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = NBT/DLROPDC01.INTRA.DLR.DE#20 and timeout = Thu Aug 23 08:32:18 2012 > (660 seconds ahead) >[2012/08/23 08:21:18.924325, 10] libsmb/namequery.c:2200(internal_resolve_name) > internal_resolve_name: returning 1 addresses: 129.247.163.144:0 >[2012/08/23 08:21:18.924370, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 129.247.163.144 (realm: INTRA.DLR.DE) >[2012/08/23 08:21:18.924908, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000001fc (508) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 7776cd72-2adb-4450-89de-23e646c9882c > forest : 'intra.dlr.de' > dns_domain : 'intra.dlr.de' > pdc_dns_name : 'dlropdc01.intra.dlr.de' > domain_name : 'DLR' > pdc_name : 'DLROPDC01' > user_name : '' > server_site : 'OP' > client_site : 'OP' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) >[2012/08/23 08:21:18.925760, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [DLR], sitename = [OP], expire = [2085923199] >[2012/08/23 08:21:18.925810, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/DLR and timeout = (null) (740220321 seconds ahead) >[2012/08/23 08:21:18.925888, 10] libads/sitename_cache.c:70(sitename_store) > sitename_store: realm = [intra.dlr.de], sitename = [OP], expire = [2085923199] >[2012/08/23 08:21:18.925932, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = AD_SITENAME/DOMAIN/INTRA.DLR.DE and timeout = (null) (740220321 seconds ahead) >[2012/08/23 08:21:18.925995, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 129.247.163.144 >[2012/08/23 08:21:18.926038, 10] libads/ldap.c:68(ldap_open_with_timeout) > Opening connection to LDAP server 'dlropdc01.intra.dlr.de:389', timeout 15 seconds >[2012/08/23 08:21:18.926669, 10] libads/ldap.c:82(ldap_open_with_timeout) > Connected to LDAP server 'dlropdc01.intra.dlr.de:389' >[2012/08/23 08:21:18.926769, 3] libads/ldap.c:694(ads_connect) > Connected to LDAP server dlropdc01.intra.dlr.de >[2012/08/23 08:21:18.926809, 10] libads/ldap.c:171(ads_closest_dc) > ads_closest_dc: NBT_SERVER_CLOSEST flag set >[2012/08/23 08:21:18.926850, 10] libsmb/namequery.c:89(saf_store) > saf_store: domain = [DLR], server = [dlropdc01.intra.dlr.de], expire = [1345703778] >[2012/08/23 08:21:18.926892, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = SAF/DOMAIN/DLR and timeout = Thu Aug 23 08:36:18 2012 > (900 seconds ahead) >[2012/08/23 08:21:18.926977, 10] libsmb/namequery.c:89(saf_store) > saf_store: domain = [INTRA.DLR.DE], server = [dlropdc01.intra.dlr.de], expire = [1345703778] >[2012/08/23 08:21:18.927028, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = SAF/DOMAIN/INTRA.DLR.DE and timeout = Thu Aug 23 08:36:18 2012 > (900 seconds ahead) >[2012/08/23 08:21:18.927156, 5] ../lib/util/charset/codepoints.c:235(map_locale) > Substituting charset 'UTF-8' for LOCALE >[2012/08/23 08:21:18.927637, 4] libads/ldap.c:2857(ads_current_time) > time offset is 0 seconds >[2012/08/23 08:21:18.928052, 4] libads/sasl.c:1211(ads_sasl_bind) > Found SASL mechanism GSS-SPNEGO >[2012/08/23 08:21:18.928563, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >[2012/08/23 08:21:18.928641, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >[2012/08/23 08:21:18.928698, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >[2012/08/23 08:21:18.928755, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >[2012/08/23 08:21:18.928811, 3] libads/sasl.c:878(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got server principal name = dlropdc01$@INTRA.DLR.DE >[2012/08/23 08:21:18.929296, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2012/08/23 08:21:18.929388, 10] libads/sasl.c:899(ads_sasl_spnego_bind) > ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit >[2012/08/23 08:21:18.929496, 10] libads/kerberos.c:191(kerberos_kinit_password_ext) > kerberos_kinit_password: as FTPSERVER$@INTRA.DLR.DE using [MEMORY:prtpub_cache] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.DLR] >[2012/08/23 08:21:18.942624, 3] libsmb/clikrb5.c:632(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 23 Aug 2012 18:21:18 CEST >[2012/08/23 08:21:18.942727, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req) > ads_krb5_mk_req: Ticket (ldap/dlropdc01.intra.dlr.de@INTRA.DLR.DE) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 23 Aug 2012 18:21:18 CEST - 1345738878) >[2012/08/23 08:21:18.942780, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >[2012/08/23 08:21:18.945382, 10] libsmb/clikrb5.c:1038(get_krb5_smb_session_key) > Got KRB5 session key of length 16 >[2012/08/23 08:21:18.946638, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2012/08/23 08:21:18.946697, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2012/08/23 08:21:18.946763, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2012/08/23 08:21:18.946853, 4] auth/user_util.c:361(map_username) > Scanning username map /etc/samba/smbusers >[2012/08/23 08:21:18.946908, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user FTPSERVER\nobody in list >[2012/08/23 08:21:18.946947, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |administrator| >[2012/08/23 08:21:18.946983, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |admin| >[2012/08/23 08:21:18.947069, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |DLR\maurerh-ad| >[2012/08/23 08:21:18.947108, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |DLR\birk-ad| >[2012/08/23 08:21:18.947151, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |DLR\dombrows-ad| >[2012/08/23 08:21:18.947187, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |DLR\grae_ma-ad| >[2012/08/23 08:21:18.947222, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |DLR\sant_ma-ad| >[2012/08/23 08:21:18.947262, 10] auth/user_util.c:195(user_in_list) > user_in_list: checking user FTPSERVER\nobody in list >[2012/08/23 08:21:18.947299, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |guest| >[2012/08/23 08:21:18.947334, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |pcguest| >[2012/08/23 08:21:18.947369, 10] auth/user_util.c:200(user_in_list) > user_in_list: checking user |FTPSERVER\nobody| against |smbguest| >[2012/08/23 08:21:18.947411, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user FTPSERVER\nobody >[2012/08/23 08:21:18.947449, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is ftpserver\nobody >[2012/08/23 08:21:18.947536, 5] lib/username.c:124(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is FTPSERVER\nobody >[2012/08/23 08:21:18.947623, 5] lib/username.c:134(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as uppercase is FTPSERVER\NOBODY >[2012/08/23 08:21:18.947708, 5] lib/username.c:143(Get_Pwnam_internals) > Checking combinations of 0 uppercase letters in ftpserver\nobody >[2012/08/23 08:21:18.947747, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals didn't find user [FTPSERVER\nobody]! >[2012/08/23 08:21:18.947784, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user nobody >[2012/08/23 08:21:18.947819, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is nobody >[2012/08/23 08:21:18.947857, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [nobody]! >[2012/08/23 08:21:18.947912, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = IDMAP/GID2SID/99 and timeout = Thu Jan 1 01:00:00 1970 > (-1345702878 seconds in the past) >[2012/08/23 08:21:18.948291, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 99 >[2012/08/23 08:21:18.948354, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.948394, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.948430, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.948465, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.948500, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.948565, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.948631, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.948680, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.948720, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 99 -> sid S-1-22-2-99 >[2012/08/23 08:21:18.948770, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.948826, 10] groupdb/mapping_tdb.c:235(find_map) > failed to unpack map >[2012/08/23 08:21:18.948867, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) > Forcing Primary Group to 'Domain Users' for nobody >[2012/08/23 08:21:18.948997, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for nobody >[2012/08/23 08:21:18.949129, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.949188, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.949226, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.949262, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.949297, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.949411, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.949460, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-501] >[2012/08/23 08:21:18.949507, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-513] >[2012/08/23 08:21:18.949554, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-996664766-3924031551-1934014251-546] >[2012/08/23 08:21:18.949599, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/08/23 08:21:18.949655, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/08/23 08:21:18.949699, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-546] >[2012/08/23 08:21:18.950457, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.950519, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.950557, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.950593, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.950628, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.950688, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2012/08/23 08:21:18.950728, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/23 08:21:18.950765, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.950801, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/23 08:21:18.950836, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.950870, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.950933, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. >[2012/08/23 08:21:18.950989, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.951091, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2012/08/23 08:21:18.951149, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.951189, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-21-996664766-3924031551-1934014251-546 >[2012/08/23 08:21:18.951230, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.951266, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.951301, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.951336, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.951371, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.951425, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 546. >[2012/08/23 08:21:18.951464, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/23 08:21:18.951501, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.951536, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/23 08:21:18.951571, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.951605, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.951666, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) > pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. >[2012/08/23 08:21:18.951720, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.951759, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) > Can't find a unix id for an unmapped group >[2012/08/23 08:21:18.951799, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.951836, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-21-996664766-3924031551-1934014251-546 >[2012/08/23 08:21:18.951877, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-21-996664766-3924031551-1934014251-546 to gid, ignoring it >[2012/08/23 08:21:18.951921, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (11): > SID[ 0]: S-1-5-21-996664766-3924031551-1934014251-501 > SID[ 1]: S-1-5-21-996664766-3924031551-1934014251-513 > SID[ 2]: S-1-5-21-996664766-3924031551-1934014251-546 > SID[ 3]: S-1-1-0 > SID[ 4]: S-1-5-2 > SID[ 5]: S-1-5-32-546 > SID[ 6]: S-1-22-1-99 > SID[ 7]: S-1-22-2-1000007 > SID[ 8]: S-1-22-2-1000004 > SID[ 9]: S-1-22-2-1000005 > SID[ 10]: S-1-22-2-1000003 > Privileges (0x 0): > Rights (0x 0): >[2012/08/23 08:21:18.952184, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 99 > Primary group is 99 and contains 4 supplementary groups > Group[ 0]: 1000007 > Group[ 1]: 1000004 > Group[ 2]: 1000005 > Group[ 3]: 1000003 >[2012/08/23 08:21:18.952368, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) > Initialise the svcctl registry keys if needed. >[2012/08/23 08:21:18.952411, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.952449, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.952485, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/23 08:21:18.952520, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:21:18.952554, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:21:18.952645, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:21:18.952695, 10] registry/reg_backend_db.c:602(regdb_open) > regdb_open: registry db opened. refcount reset (1) >[2012/08/23 08:21:18.952746, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/23 08:21:18.952803, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/23 08:21:18.952879, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/23 08:21:18.952925, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/23 08:21:18.952987, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/23 08:21:18.953234, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/23 08:21:18.953275, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/08/23 08:21:18.953316, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/23 08:21:18.953351, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/23 08:21:18.953387, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.953422, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] >[2012/08/23 08:21:18.953482, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.953567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > result : WERR_OK >[2012/08/23 08:21:18.953753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > keyname: struct winreg_String > name_len : 0x0044 (68) > name_size : 0x0044 (68) > name : * > name : 'SYSTEM\CurrentControlSet\Services' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/23 08:21:18.954276, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.954360, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.954398, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:21:18.954438, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.954473, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.954509, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.954544, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.954597, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.954637, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.954677, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.954712, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.954748, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.954783, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.954835, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.954875, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.954915, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.954950, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.954987, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.955038, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.955105, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.955155, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.955194, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.955272, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > result : WERR_OK >[2012/08/23 08:21:18.955434, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/23 08:21:18.955652, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.955732, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.955769, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.955816, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.955868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000007 (7) > max_subkeylen : * > max_subkeylen : 0x0000001c (28) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.956366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.956731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.956809, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.956848, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001a (26) > size : 0x001e (30) > name : * > name : 'LanmanServer' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.957187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.957655, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.957760, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.957801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Eventlog' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.958136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.958514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.958593, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.958630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000c (12) > size : 0x001e (30) > name : * > name : 'Tcpip' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.958940, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.959348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.959426, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.959464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0012 (18) > size : 0x001e (30) > name : * > name : 'Netlogon' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.959781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.960180, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.960260, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.960298, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x0010 (16) > size : 0x001e (30) > name : * > name : 'Spooler' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.960608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.960979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.961113, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.961163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x001e (30) > size : 0x001e (30) > name : * > name : 'RemoteRegistry' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.961559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > in: struct winreg_EnumKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x001e (30) > name : * > name : '' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) >[2012/08/23 08:21:18.961960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.962102, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.962167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumKey: struct winreg_EnumKey > out: struct winreg_EnumKey > name : * > name: struct winreg_StringBuf > length : 0x000a (10) > size : 0x001e (30) > name : * > name : 'WINS' > keyclass : * > keyclass: struct winreg_StringBuf > length : 0x0000 (0) > size : 0x0002 (2) > name : * > name : '' > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:18.962682, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0054 (84) > name_size : 0x0054 (84) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/23 08:21:18.963335, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.963417, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' >[2012/08/23 08:21:18.963460, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.963499, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.963536, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.963573, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.963613, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.963648, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.963684, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.963718, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.963770, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.963810, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.963848, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.963887, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.963923, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.963959, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.963993, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.964087, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.964139, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.964181, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.964220, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.964260, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.964295, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.964332, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.964367, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.964430, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.964472, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/08/23 08:21:18.964510, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.964551, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.964585, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.964622, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.964657, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.964710, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.964751, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.964829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.965043, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.965279, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.965322, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] >[2012/08/23 08:21:18.965343, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.965363, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.965384, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.965411, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2012/08/23 08:21:18.965433, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2012/08/23 08:21:18.965453, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.965473, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2012/08/23 08:21:18.965493, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[28] >[2012/08/23 08:21:18.965513, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2012/08/23 08:21:18.965533, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[106] >[2012/08/23 08:21:18.965553, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.965618, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.965815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.965859, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] >[2012/08/23 08:21:18.965880, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.965901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.965953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.966168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.966210, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] >[2012/08/23 08:21:18.966232, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.966252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.966305, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/08/23 08:21:18.966664, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.966706, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] >[2012/08/23 08:21:18.966726, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.966747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.966798, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(28) > [0] : 0x50 (80) > [1] : 0x00 (0) > [2] : 0x72 (114) > [3] : 0x00 (0) > [4] : 0x69 (105) > [5] : 0x00 (0) > [6] : 0x6e (110) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x53 (83) > [13] : 0x00 (0) > [14] : 0x70 (112) > [15] : 0x00 (0) > [16] : 0x6f (111) > [17] : 0x00 (0) > [18] : 0x6f (111) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > size : 0x0000001c (28) >[2012/08/23 08:21:18.967195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.967238, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] >[2012/08/23 08:21:18.967259, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.967279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.967332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/08/23 08:21:18.967981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.968028, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] >[2012/08/23 08:21:18.968050, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.968071, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.968120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(106) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x66 (102) > [35] : 0x00 (0) > [36] : 0x6f (111) > [37] : 0x00 (0) > [38] : 0x72 (114) > [39] : 0x00 (0) > [40] : 0x20 (32) > [41] : 0x00 (0) > [42] : 0x73 (115) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x6f (111) > [47] : 0x00 (0) > [48] : 0x6f (111) > [49] : 0x00 (0) > [50] : 0x6c (108) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x6e (110) > [55] : 0x00 (0) > [56] : 0x67 (103) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x66 (102) > [61] : 0x00 (0) > [62] : 0x69 (105) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x65 (101) > [67] : 0x00 (0) > [68] : 0x73 (115) > [69] : 0x00 (0) > [70] : 0x20 (32) > [71] : 0x00 (0) > [72] : 0x74 (116) > [73] : 0x00 (0) > [74] : 0x6f (111) > [75] : 0x00 (0) > [76] : 0x20 (32) > [77] : 0x00 (0) > [78] : 0x70 (112) > [79] : 0x00 (0) > [80] : 0x72 (114) > [81] : 0x00 (0) > [82] : 0x69 (105) > [83] : 0x00 (0) > [84] : 0x6e (110) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x64 (100) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x76 (118) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x73 (115) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > size : 0x0000006a (106) >[2012/08/23 08:21:18.969231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.969278, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] >[2012/08/23 08:21:18.969299, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.969320, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.969368, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.969439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.969481, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.969521, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.969541, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.969561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.969646, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0066 (102) > name_size : 0x0066 (102) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/08/23 08:21:18.969977, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.970029, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' >[2012/08/23 08:21:18.970054, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.970075, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.970095, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.970116, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.970142, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.970161, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.970180, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.970199, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.970227, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.970249, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.970269, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.970290, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.970309, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.970328, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.970347, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.970374, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.970397, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.970417, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.970437, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.970459, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.970477, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.970497, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.970516, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.970548, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.970571, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.970590, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Spooler] >[2012/08/23 08:21:18.970610, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.970632, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.970656, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.970676, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.970695, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2012/08/23 08:21:18.970724, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.970746, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/08/23 08:21:18.970767, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.970789, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/08/23 08:21:18.970809, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/08/23 08:21:18.970828, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.970847, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/08/23 08:21:18.970872, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/08/23 08:21:18.970895, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.970915, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.970957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.971097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/08/23 08:21:18.972299, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.972342, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] >[2012/08/23 08:21:18.972364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.972384, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.972404, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2012/08/23 08:21:18.972431, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2012/08/23 08:21:18.972453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.972500, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.972573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.972616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.972656, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.972675, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.972695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.972781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/23 08:21:18.973079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.973128, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' >[2012/08/23 08:21:18.973152, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.973173, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.973193, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.973213, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.973234, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.973257, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.973276, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.973295, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.973323, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.973369, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.973392, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.973414, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.973433, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.973453, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.973475, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.973505, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.973532, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.973553, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.973573, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.973595, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.973613, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.973633, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.973651, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.973684, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.973706, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/08/23 08:21:18.973726, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.973748, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.973767, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.973787, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.973805, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.973835, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.973858, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.973900, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.974006, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.974226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.974269, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] >[2012/08/23 08:21:18.974290, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.974310, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.974330, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.974358, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2012/08/23 08:21:18.974380, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2012/08/23 08:21:18.974400, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.974420, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2012/08/23 08:21:18.974440, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[20] >[2012/08/23 08:21:18.974460, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2012/08/23 08:21:18.974480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[164] >[2012/08/23 08:21:18.974500, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.974549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.974734, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.974776, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] >[2012/08/23 08:21:18.974797, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.974817, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.974864, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.975055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.975098, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] >[2012/08/23 08:21:18.975124, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.975146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.975196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/08/23 08:21:18.975553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.975595, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] >[2012/08/23 08:21:18.975616, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.975636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.975685, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(20) > [0] : 0x4e (78) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x20 (32) > [7] : 0x00 (0) > [8] : 0x4c (76) > [9] : 0x00 (0) > [10] : 0x6f (111) > [11] : 0x00 (0) > [12] : 0x67 (103) > [13] : 0x00 (0) > [14] : 0x6f (111) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : 0x00000014 (20) >[2012/08/23 08:21:18.976005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.976079, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] >[2012/08/23 08:21:18.976100, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.976125, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.976177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/08/23 08:21:18.976830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.976872, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] >[2012/08/23 08:21:18.976893, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.976914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.976961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(164) > [0] : 0x46 (70) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6c (108) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x73 (115) > [11] : 0x00 (0) > [12] : 0x65 (101) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x76 (118) > [17] : 0x00 (0) > [18] : 0x69 (105) > [19] : 0x00 (0) > [20] : 0x63 (99) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x20 (32) > [25] : 0x00 (0) > [26] : 0x70 (112) > [27] : 0x00 (0) > [28] : 0x72 (114) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x76 (118) > [33] : 0x00 (0) > [34] : 0x69 (105) > [35] : 0x00 (0) > [36] : 0x64 (100) > [37] : 0x00 (0) > [38] : 0x69 (105) > [39] : 0x00 (0) > [40] : 0x6e (110) > [41] : 0x00 (0) > [42] : 0x67 (103) > [43] : 0x00 (0) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x61 (97) > [47] : 0x00 (0) > [48] : 0x63 (99) > [49] : 0x00 (0) > [50] : 0x63 (99) > [51] : 0x00 (0) > [52] : 0x65 (101) > [53] : 0x00 (0) > [54] : 0x73 (115) > [55] : 0x00 (0) > [56] : 0x73 (115) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x74 (116) > [61] : 0x00 (0) > [62] : 0x6f (111) > [63] : 0x00 (0) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x70 (112) > [67] : 0x00 (0) > [68] : 0x6f (111) > [69] : 0x00 (0) > [70] : 0x6c (108) > [71] : 0x00 (0) > [72] : 0x69 (105) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x79 (121) > [77] : 0x00 (0) > [78] : 0x20 (32) > [79] : 0x00 (0) > [80] : 0x61 (97) > [81] : 0x00 (0) > [82] : 0x6e (110) > [83] : 0x00 (0) > [84] : 0x64 (100) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x70 (112) > [89] : 0x00 (0) > [90] : 0x72 (114) > [91] : 0x00 (0) > [92] : 0x6f (111) > [93] : 0x00 (0) > [94] : 0x66 (102) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6c (108) > [99] : 0x00 (0) > [100] : 0x65 (101) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x64 (100) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x74 (116) > [109] : 0x00 (0) > [110] : 0x61 (97) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x28 (40) > [115] : 0x00 (0) > [116] : 0x6e (110) > [117] : 0x00 (0) > [118] : 0x6f (111) > [119] : 0x00 (0) > [120] : 0x74 (116) > [121] : 0x00 (0) > [122] : 0x72 (114) > [123] : 0x00 (0) > [124] : 0x65 (101) > [125] : 0x00 (0) > [126] : 0x6d (109) > [127] : 0x00 (0) > [128] : 0x6f (111) > [129] : 0x00 (0) > [130] : 0x74 (116) > [131] : 0x00 (0) > [132] : 0x65 (101) > [133] : 0x00 (0) > [134] : 0x6c (108) > [135] : 0x00 (0) > [136] : 0x79 (121) > [137] : 0x00 (0) > [138] : 0x20 (32) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x61 (97) > [143] : 0x00 (0) > [144] : 0x6e (110) > [145] : 0x00 (0) > [146] : 0x61 (97) > [147] : 0x00 (0) > [148] : 0x67 (103) > [149] : 0x00 (0) > [150] : 0x65 (101) > [151] : 0x00 (0) > [152] : 0x61 (97) > [153] : 0x00 (0) > [154] : 0x62 (98) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x65 (101) > [159] : 0x00 (0) > [160] : 0x29 (41) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > size : 0x000000a4 (164) >[2012/08/23 08:21:18.978938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.979010, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] >[2012/08/23 08:21:18.979052, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.979085, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.979184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.979259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.979301, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.979341, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.979361, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.979382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.979468, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0068 (104) > name_size : 0x0068 (104) > name : * > name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/08/23 08:21:18.979770, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.979813, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' >[2012/08/23 08:21:18.979835, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.979855, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.979875, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.979895, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.979917, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.979935, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.979954, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.979972, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.980000, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.980028, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.980051, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.980073, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.980091, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.980111, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.980134, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.980163, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.980187, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.980206, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.980227, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.980248, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.980267, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.980286, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.980305, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.980338, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.980360, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.980380, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [NETLOGON] >[2012/08/23 08:21:18.980400, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.980426, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.980445, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.980465, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.980484, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2012/08/23 08:21:18.980514, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.980536, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/08/23 08:21:18.980557, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.980579, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/08/23 08:21:18.980598, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/08/23 08:21:18.980618, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.980637, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/08/23 08:21:18.980663, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/08/23 08:21:18.980685, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.980706, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.980748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.980853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/08/23 08:21:18.982135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.982180, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] >[2012/08/23 08:21:18.982202, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.982222, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.982242, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2012/08/23 08:21:18.982271, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2012/08/23 08:21:18.982293, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.982340, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.982413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.982455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.982495, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.982514, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.982533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.982619, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0062 (98) > name_size : 0x0062 (98) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/23 08:21:18.982910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.982952, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' >[2012/08/23 08:21:18.982973, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.982994, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.983013, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.983040, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.983065, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.983085, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.983104, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.983126, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.983155, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.983177, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.983198, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.983220, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.983238, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.983258, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.983276, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.983303, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.983326, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.983345, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.983365, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.983387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.983406, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.983425, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.983443, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.983475, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.983498, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/08/23 08:21:18.983519, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.983541, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.983559, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.983579, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.983598, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.983626, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.983648, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.983690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.983797, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.983976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.984017, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] >[2012/08/23 08:21:18.984057, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.984077, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.984098, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.984133, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2012/08/23 08:21:18.984160, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2012/08/23 08:21:18.984181, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.984201, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2012/08/23 08:21:18.984222, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[48] >[2012/08/23 08:21:18.984242, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2012/08/23 08:21:18.984262, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[126] >[2012/08/23 08:21:18.984283, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.984332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.984514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.984556, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] >[2012/08/23 08:21:18.984577, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.984597, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.984644, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.984821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.984863, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] >[2012/08/23 08:21:18.984884, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.984905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.984952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/08/23 08:21:18.985318, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.985361, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] >[2012/08/23 08:21:18.985382, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.985403, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.985454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(48) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x65 (101) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x6f (111) > [7] : 0x00 (0) > [8] : 0x74 (116) > [9] : 0x00 (0) > [10] : 0x65 (101) > [11] : 0x00 (0) > [12] : 0x20 (32) > [13] : 0x00 (0) > [14] : 0x52 (82) > [15] : 0x00 (0) > [16] : 0x65 (101) > [17] : 0x00 (0) > [18] : 0x67 (103) > [19] : 0x00 (0) > [20] : 0x69 (105) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x74 (116) > [25] : 0x00 (0) > [26] : 0x72 (114) > [27] : 0x00 (0) > [28] : 0x79 (121) > [29] : 0x00 (0) > [30] : 0x20 (32) > [31] : 0x00 (0) > [32] : 0x53 (83) > [33] : 0x00 (0) > [34] : 0x65 (101) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x76 (118) > [39] : 0x00 (0) > [40] : 0x69 (105) > [41] : 0x00 (0) > [42] : 0x63 (99) > [43] : 0x00 (0) > [44] : 0x65 (101) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > size : 0x00000030 (48) >[2012/08/23 08:21:18.986063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.986106, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] >[2012/08/23 08:21:18.986133, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.986154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.986204, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x73 (115) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/08/23 08:21:18.986851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.986893, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] >[2012/08/23 08:21:18.986914, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.986935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.986983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(126) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x72 (114) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x6d (109) > [59] : 0x00 (0) > [60] : 0x6f (111) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x65 (101) > [65] : 0x00 (0) > [66] : 0x20 (32) > [67] : 0x00 (0) > [68] : 0x61 (97) > [69] : 0x00 (0) > [70] : 0x63 (99) > [71] : 0x00 (0) > [72] : 0x63 (99) > [73] : 0x00 (0) > [74] : 0x65 (101) > [75] : 0x00 (0) > [76] : 0x73 (115) > [77] : 0x00 (0) > [78] : 0x73 (115) > [79] : 0x00 (0) > [80] : 0x20 (32) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x6f (111) > [85] : 0x00 (0) > [86] : 0x20 (32) > [87] : 0x00 (0) > [88] : 0x74 (116) > [89] : 0x00 (0) > [90] : 0x68 (104) > [91] : 0x00 (0) > [92] : 0x65 (101) > [93] : 0x00 (0) > [94] : 0x20 (32) > [95] : 0x00 (0) > [96] : 0x53 (83) > [97] : 0x00 (0) > [98] : 0x61 (97) > [99] : 0x00 (0) > [100] : 0x6d (109) > [101] : 0x00 (0) > [102] : 0x62 (98) > [103] : 0x00 (0) > [104] : 0x61 (97) > [105] : 0x00 (0) > [106] : 0x20 (32) > [107] : 0x00 (0) > [108] : 0x72 (114) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x67 (103) > [113] : 0x00 (0) > [114] : 0x69 (105) > [115] : 0x00 (0) > [116] : 0x73 (115) > [117] : 0x00 (0) > [118] : 0x74 (116) > [119] : 0x00 (0) > [120] : 0x72 (114) > [121] : 0x00 (0) > [122] : 0x79 (121) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > size : 0x0000007e (126) >[2012/08/23 08:21:18.988241, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.988284, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] >[2012/08/23 08:21:18.988309, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.988331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.988378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.988447, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.988488, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.988529, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.988549, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.988568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.988654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0074 (116) > name_size : 0x0074 (116) > name : * > name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/08/23 08:21:18.988946, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.988992, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' >[2012/08/23 08:21:18.989014, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.989042, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.989062, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.989083, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.989104, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.989128, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.989148, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.989167, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.989195, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.989217, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.989238, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.989259, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.989278, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.989296, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.989315, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.989342, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.989364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.989384, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.989404, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.989425, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.989444, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.989464, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.989482, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.989514, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.989537, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.989557, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [RemoteRegistry] >[2012/08/23 08:21:18.989577, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.989599, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.989617, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.989640, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.989660, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2012/08/23 08:21:18.989689, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.989711, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/08/23 08:21:18.989731, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.989753, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/08/23 08:21:18.989773, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/08/23 08:21:18.989792, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.989811, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/08/23 08:21:18.989836, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/08/23 08:21:18.989859, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.989879, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.989921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.990051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/08/23 08:21:18.991260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.991304, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] >[2012/08/23 08:21:18.991326, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.991346, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.991366, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2012/08/23 08:21:18.991395, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2012/08/23 08:21:18.991417, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.991464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.991533, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.991578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.991619, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.991638, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.991658, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.991745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x004e (78) > name_size : 0x004e (78) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/23 08:21:18.992047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.992089, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' >[2012/08/23 08:21:18.992111, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.992138, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.992160, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.992181, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.992203, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.992221, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.992240, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.992262, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.992291, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.992313, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.992334, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.992356, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.992375, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.992394, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.992412, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.992439, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.992462, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.992482, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.992502, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.992523, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.992542, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.992561, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.992580, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.992612, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.992634, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/08/23 08:21:18.992654, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.992676, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.992695, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.992715, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.992733, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.992760, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.992783, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.992825, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.992927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000c (12) > name_size : 0x000c (12) > name : * > name : 'Start' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x02 (2) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.993119, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.993165, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] >[2012/08/23 08:21:18.993186, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.993205, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:18.993225, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.993252, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Start] len[4] >[2012/08/23 08:21:18.993274, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Type] len[4] >[2012/08/23 08:21:18.993294, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[ErrorControl] len[4] >[2012/08/23 08:21:18.993314, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[ObjectName] len[24] >[2012/08/23 08:21:18.993334, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[DisplayName] len[74] >[2012/08/23 08:21:18.993354, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[ImagePath] len[58] >[2012/08/23 08:21:18.993375, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Description] len[178] >[2012/08/23 08:21:18.993396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.993444, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x000a (10) > name_size : 0x000a (10) > name : * > name : 'Type' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.993626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.993668, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] >[2012/08/23 08:21:18.993689, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.993709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.993756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'ErrorControl' > type : REG_DWORD (4) > data : * > data: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : 0x00000004 (4) >[2012/08/23 08:21:18.993934, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.993976, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] >[2012/08/23 08:21:18.993997, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.994017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.994081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0016 (22) > name_size : 0x0016 (22) > name : * > name : 'ObjectName' > type : REG_SZ (1) > data : * > data: ARRAY(24) > [0] : 0x4c (76) > [1] : 0x00 (0) > [2] : 0x6f (111) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x61 (97) > [7] : 0x00 (0) > [8] : 0x6c (108) > [9] : 0x00 (0) > [10] : 0x53 (83) > [11] : 0x00 (0) > [12] : 0x79 (121) > [13] : 0x00 (0) > [14] : 0x73 (115) > [15] : 0x00 (0) > [16] : 0x74 (116) > [17] : 0x00 (0) > [18] : 0x65 (101) > [19] : 0x00 (0) > [20] : 0x6d (109) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : 0x00000018 (24) >[2012/08/23 08:21:18.994437, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.994479, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] >[2012/08/23 08:21:18.994500, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.994520, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.994570, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'DisplayName' > type : REG_SZ (1) > data : * > data: ARRAY(74) > [0] : 0x57 (87) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x64 (100) > [7] : 0x00 (0) > [8] : 0x6f (111) > [9] : 0x00 (0) > [10] : 0x77 (119) > [11] : 0x00 (0) > [12] : 0x73 (115) > [13] : 0x00 (0) > [14] : 0x20 (32) > [15] : 0x00 (0) > [16] : 0x49 (73) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x6e (110) > [27] : 0x00 (0) > [28] : 0x65 (101) > [29] : 0x00 (0) > [30] : 0x74 (116) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x4e (78) > [35] : 0x00 (0) > [36] : 0x61 (97) > [37] : 0x00 (0) > [38] : 0x6d (109) > [39] : 0x00 (0) > [40] : 0x65 (101) > [41] : 0x00 (0) > [42] : 0x20 (32) > [43] : 0x00 (0) > [44] : 0x53 (83) > [45] : 0x00 (0) > [46] : 0x65 (101) > [47] : 0x00 (0) > [48] : 0x72 (114) > [49] : 0x00 (0) > [50] : 0x76 (118) > [51] : 0x00 (0) > [52] : 0x69 (105) > [53] : 0x00 (0) > [54] : 0x63 (99) > [55] : 0x00 (0) > [56] : 0x65 (101) > [57] : 0x00 (0) > [58] : 0x20 (32) > [59] : 0x00 (0) > [60] : 0x28 (40) > [61] : 0x00 (0) > [62] : 0x57 (87) > [63] : 0x00 (0) > [64] : 0x49 (73) > [65] : 0x00 (0) > [66] : 0x4e (78) > [67] : 0x00 (0) > [68] : 0x53 (83) > [69] : 0x00 (0) > [70] : 0x29 (41) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > size : 0x0000004a (74) >[2012/08/23 08:21:18.995363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.995406, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] >[2012/08/23 08:21:18.995427, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.995447, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.995495, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0014 (20) > name_size : 0x0014 (20) > name : * > name : 'ImagePath' > type : REG_SZ (1) > data : * > data: ARRAY(58) > [0] : 0x2f (47) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x73 (115) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x2f (47) > [9] : 0x00 (0) > [10] : 0x6c (108) > [11] : 0x00 (0) > [12] : 0x69 (105) > [13] : 0x00 (0) > [14] : 0x62 (98) > [15] : 0x00 (0) > [16] : 0x36 (54) > [17] : 0x00 (0) > [18] : 0x34 (52) > [19] : 0x00 (0) > [20] : 0x2f (47) > [21] : 0x00 (0) > [22] : 0x73 (115) > [23] : 0x00 (0) > [24] : 0x61 (97) > [25] : 0x00 (0) > [26] : 0x6d (109) > [27] : 0x00 (0) > [28] : 0x62 (98) > [29] : 0x00 (0) > [30] : 0x61 (97) > [31] : 0x00 (0) > [32] : 0x2f (47) > [33] : 0x00 (0) > [34] : 0x73 (115) > [35] : 0x00 (0) > [36] : 0x76 (118) > [37] : 0x00 (0) > [38] : 0x63 (99) > [39] : 0x00 (0) > [40] : 0x63 (99) > [41] : 0x00 (0) > [42] : 0x74 (116) > [43] : 0x00 (0) > [44] : 0x6c (108) > [45] : 0x00 (0) > [46] : 0x2f (47) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x6d (109) > [51] : 0x00 (0) > [52] : 0x62 (98) > [53] : 0x00 (0) > [54] : 0x64 (100) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > size : 0x0000003a (58) >[2012/08/23 08:21:18.996149, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.996195, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] >[2012/08/23 08:21:18.996217, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.996237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.996286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0018 (24) > name_size : 0x0018 (24) > name : * > name : 'Description' > type : REG_SZ (1) > data : * > data: ARRAY(178) > [0] : 0x49 (73) > [1] : 0x00 (0) > [2] : 0x6e (110) > [3] : 0x00 (0) > [4] : 0x74 (116) > [5] : 0x00 (0) > [6] : 0x65 (101) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x6e (110) > [11] : 0x00 (0) > [12] : 0x61 (97) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x20 (32) > [17] : 0x00 (0) > [18] : 0x73 (115) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x76 (118) > [25] : 0x00 (0) > [26] : 0x69 (105) > [27] : 0x00 (0) > [28] : 0x63 (99) > [29] : 0x00 (0) > [30] : 0x65 (101) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x00 (0) > [34] : 0x70 (112) > [35] : 0x00 (0) > [36] : 0x72 (114) > [37] : 0x00 (0) > [38] : 0x6f (111) > [39] : 0x00 (0) > [40] : 0x76 (118) > [41] : 0x00 (0) > [42] : 0x69 (105) > [43] : 0x00 (0) > [44] : 0x64 (100) > [45] : 0x00 (0) > [46] : 0x69 (105) > [47] : 0x00 (0) > [48] : 0x6e (110) > [49] : 0x00 (0) > [50] : 0x67 (103) > [51] : 0x00 (0) > [52] : 0x20 (32) > [53] : 0x00 (0) > [54] : 0x61 (97) > [55] : 0x00 (0) > [56] : 0x20 (32) > [57] : 0x00 (0) > [58] : 0x4e (78) > [59] : 0x00 (0) > [60] : 0x65 (101) > [61] : 0x00 (0) > [62] : 0x74 (116) > [63] : 0x00 (0) > [64] : 0x42 (66) > [65] : 0x00 (0) > [66] : 0x49 (73) > [67] : 0x00 (0) > [68] : 0x4f (79) > [69] : 0x00 (0) > [70] : 0x53 (83) > [71] : 0x00 (0) > [72] : 0x20 (32) > [73] : 0x00 (0) > [74] : 0x70 (112) > [75] : 0x00 (0) > [76] : 0x6f (111) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x6e (110) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2d (45) > [85] : 0x00 (0) > [86] : 0x74 (116) > [87] : 0x00 (0) > [88] : 0x6f (111) > [89] : 0x00 (0) > [90] : 0x2d (45) > [91] : 0x00 (0) > [92] : 0x70 (112) > [93] : 0x00 (0) > [94] : 0x6f (111) > [95] : 0x00 (0) > [96] : 0x69 (105) > [97] : 0x00 (0) > [98] : 0x6e (110) > [99] : 0x00 (0) > [100] : 0x74 (116) > [101] : 0x00 (0) > [102] : 0x20 (32) > [103] : 0x00 (0) > [104] : 0x6e (110) > [105] : 0x00 (0) > [106] : 0x61 (97) > [107] : 0x00 (0) > [108] : 0x6d (109) > [109] : 0x00 (0) > [110] : 0x65 (101) > [111] : 0x00 (0) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x73 (115) > [115] : 0x00 (0) > [116] : 0x65 (101) > [117] : 0x00 (0) > [118] : 0x72 (114) > [119] : 0x00 (0) > [120] : 0x76 (118) > [121] : 0x00 (0) > [122] : 0x65 (101) > [123] : 0x00 (0) > [124] : 0x72 (114) > [125] : 0x00 (0) > [126] : 0x28 (40) > [127] : 0x00 (0) > [128] : 0x6e (110) > [129] : 0x00 (0) > [130] : 0x6f (111) > [131] : 0x00 (0) > [132] : 0x74 (116) > [133] : 0x00 (0) > [134] : 0x20 (32) > [135] : 0x00 (0) > [136] : 0x72 (114) > [137] : 0x00 (0) > [138] : 0x65 (101) > [139] : 0x00 (0) > [140] : 0x6d (109) > [141] : 0x00 (0) > [142] : 0x6f (111) > [143] : 0x00 (0) > [144] : 0x74 (116) > [145] : 0x00 (0) > [146] : 0x65 (101) > [147] : 0x00 (0) > [148] : 0x6c (108) > [149] : 0x00 (0) > [150] : 0x79 (121) > [151] : 0x00 (0) > [152] : 0x20 (32) > [153] : 0x00 (0) > [154] : 0x6d (109) > [155] : 0x00 (0) > [156] : 0x61 (97) > [157] : 0x00 (0) > [158] : 0x6e (110) > [159] : 0x00 (0) > [160] : 0x61 (97) > [161] : 0x00 (0) > [162] : 0x67 (103) > [163] : 0x00 (0) > [164] : 0x65 (101) > [165] : 0x00 (0) > [166] : 0x61 (97) > [167] : 0x00 (0) > [168] : 0x62 (98) > [169] : 0x00 (0) > [170] : 0x6c (108) > [171] : 0x00 (0) > [172] : 0x65 (101) > [173] : 0x00 (0) > [174] : 0x29 (41) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > size : 0x000000b2 (178) >[2012/08/23 08:21:18.997987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.998035, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] >[2012/08/23 08:21:18.998060, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.998082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:18.998129, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000009-0000-0000-3550-decb73660000 >[2012/08/23 08:21:18.998198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.998239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.998279, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:18.998299, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:18.998318, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:18.998403, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0060 (96) > name_size : 0x0060 (96) > name : * > name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) >[2012/08/23 08:21:18.998693, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.998739, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' >[2012/08/23 08:21:18.998761, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:18.998782, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.998801, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:18.998822, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:18.998843, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:18.998862, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:18.998881, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.998899, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:18.998927, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.998949, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:18.998969, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.998991, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.999009, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.999035, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.999054, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:18.999082, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.999105, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.999125, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:18.999146, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.999167, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.999186, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.999205, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.999224, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:18.999256, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.999279, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 >[2012/08/23 08:21:18.999299, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [WINS] >[2012/08/23 08:21:18.999319, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.999341, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.999359, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.999379, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.999401, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2012/08/23 08:21:18.999430, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.999452, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Security] >[2012/08/23 08:21:18.999473, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:18.999495, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/08/23 08:21:18.999513, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/08/23 08:21:18.999533, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:18.999551, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/08/23 08:21:18.999576, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/08/23 08:21:18.999599, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:18.999620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:18.999661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-3550-decb73660000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/23 08:21:18.999765, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > in: struct winreg_SetValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-3550-decb73660000 > name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : REG_BINARY (3) > data : * > data: ARRAY(120) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x14 (20) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x02 (2) > [21] : 0x00 (0) > [22] : 0x64 (100) > [23] : 0x00 (0) > [24] : 0x04 (4) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x14 (20) > [31] : 0x00 (0) > [32] : 0x8d (141) > [33] : 0x01 (1) > [34] : 0x02 (2) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x01 (1) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x01 (1) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x18 (24) > [51] : 0x00 (0) > [52] : 0xfd (253) > [53] : 0x01 (1) > [54] : 0x02 (2) > [55] : 0x00 (0) > [56] : 0x01 (1) > [57] : 0x02 (2) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x05 (5) > [64] : 0x20 (32) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x23 (35) > [69] : 0x02 (2) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x18 (24) > [75] : 0x00 (0) > [76] : 0xff (255) > [77] : 0x01 (1) > [78] : 0x0f (15) > [79] : 0x00 (0) > [80] : 0x01 (1) > [81] : 0x02 (2) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x05 (5) > [88] : 0x20 (32) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x25 (37) > [93] : 0x02 (2) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x18 (24) > [99] : 0x00 (0) > [100] : 0xff (255) > [101] : 0x01 (1) > [102] : 0x0f (15) > [103] : 0x00 (0) > [104] : 0x01 (1) > [105] : 0x02 (2) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x05 (5) > [112] : 0x20 (32) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x20 (32) > [117] : 0x02 (2) > [118] : 0x00 (0) > [119] : 0x00 (0) > size : 0x00000078 (120) >[2012/08/23 08:21:19.000961, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.001004, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] >[2012/08/23 08:21:19.001030, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/23 08:21:19.001051, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:19.001072, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2012/08/23 08:21:19.001099, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Security] len[120] >[2012/08/23 08:21:19.001121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_SetValue: struct winreg_SetValue > out: struct winreg_SetValue > result : WERR_OK >[2012/08/23 08:21:19.001168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000a-0000-0000-3550-decb73660000 >[2012/08/23 08:21:19.001237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.001278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.001322, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:19.001341, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:19.001361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:19.001442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-3550-decb73660000 >[2012/08/23 08:21:19.001510, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.001552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 35 50 DE CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.001591, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:19.001611, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:21:19.001631, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:19.001710, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (2->1) >[2012/08/23 08:21:19.001742, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) > Initialise the eventlog registry keys if needed. >[2012/08/23 08:21:19.001765, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/23 08:21:19.001799, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg >[2012/08/23 08:21:19.001824, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/23 08:21:19.001850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/23 08:21:19.001965, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/23 08:21:19.001987, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (1->2) >[2012/08/23 08:21:19.002008, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/23 08:21:19.002039, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/23 08:21:19.002064, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.002086, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] >[2012/08/23 08:21:19.002139, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.002184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-3550-dfcb73660000 > result : WERR_OK >[2012/08/23 08:21:19.002268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000b-0000-0000-3550-dfcb73660000 > keyname: struct winreg_String > name_len : 0x0056 (86) > name_size : 0x0056 (86) > name : * > name : 'SYSTEM\CurrentControlSet\Services\Eventlog' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/23 08:21:19.002495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.002539, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/23 08:21:19.002560, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:21:19.002581, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/23 08:21:19.002600, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/23 08:21:19.002619, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.002638, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM] >[2012/08/23 08:21:19.002668, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/23 08:21:19.002691, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:19.002712, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:19.002731, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:19.002750, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.002773, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/23 08:21:19.002803, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Services] >[2012/08/23 08:21:19.002826, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:19.002848, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:19.002867, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:19.002886, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.002905, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] >[2012/08/23 08:21:19.002940, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Eventlog] >[2012/08/23 08:21:19.002963, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/23 08:21:19.002985, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.003004, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.003029, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.003053, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.003085, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/23 08:21:19.003108, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:19.003129, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:19.003150, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.003195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-3550-dfcb73660000 > result : WERR_OK >[2012/08/23 08:21:19.003279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-3550-dfcb73660000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/23 08:21:19.003391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.003434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f4eb14f6da0) >[2012/08/23 08:21:19.003455, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.003488, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2012/08/23 08:21:19.003511, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2012/08/23 08:21:19.003532, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.003561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000002 (2) > max_valnamelen : * > max_valnamelen : 0x0000001a (26) > max_valbufsize : * > max_valbufsize : 0x00000014 (20) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/23 08:21:19.003783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000000c-0000-0000-3550-dfcb73660000 >[2012/08/23 08:21:19.003852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.003894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 35 50 DF CB ........ ....5P.. > [0010] 73 66 00 00 sf.. >[2012/08/23 08:21:19.003934, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/23 08:21:19.003953, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:21:19.003973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/23 08:21:19.004080, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2012/08/23 08:21:19.004110, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/08/23 08:21:19.004142, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb250e670 >[2012/08/23 08:21:19.004197, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/08/23 08:21:19.004236, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2012/08/23 08:21:19.004276, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:21:19.004308, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf) > registry_init_smbconf called >[2012/08/23 08:21:19.004329, 10] registry/reg_backend_db.c:504(regdb_init) > regdb_init: incrementing refcount (2->3) >[2012/08/23 08:21:19.004426, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2012/08/23 08:21:19.004458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] >[2012/08/23 08:21:19.004481, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/23 08:21:19.004511, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] >[2012/08/23 08:21:19.004533, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.004562, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2012/08/23 08:21:19.004584, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2012/08/23 08:21:19.004605, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2012/08/23 08:21:19.004634, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[DisplayName] len[20] >[2012/08/23 08:21:19.004656, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[ErrorControl] len[4] >[2012/08/23 08:21:19.004683, 10] registry/reg_cachehook.c:94(reghook_cache_add) > reghook_cache_add: Adding ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/08/23 08:21:19.004704, 8] lib/adt_tree.c:215(pathtree_add) > pathtree_add: Enter >[2012/08/23 08:21:19.004723, 10] lib/adt_tree.c:282(pathtree_add) > pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree >[2012/08/23 08:21:19.004743, 8] lib/adt_tree.c:284(pathtree_add) > pathtree_add: Exit >[2012/08/23 08:21:19.004761, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:21:19.004781, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:21:19.004800, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/23 08:21:19.004820, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/23 08:21:19.004841, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/23 08:21:19.004859, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/23 08:21:19.004878, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.004897, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM] >[2012/08/23 08:21:19.004925, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/23 08:21:19.004948, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:19.004969, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/23 08:21:19.004988, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/23 08:21:19.005008, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.005033, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE] >[2012/08/23 08:21:19.005068, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Samba] >[2012/08/23 08:21:19.005092, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/23 08:21:19.005114, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba] >[2012/08/23 08:21:19.005132, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba] >[2012/08/23 08:21:19.005152, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.005170, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6da0 for key [\HKLM\SOFTWARE\Samba] >[2012/08/23 08:21:19.005200, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [smbconf] >[2012/08/23 08:21:19.005222, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/23 08:21:19.005243, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf] >[2012/08/23 08:21:19.005262, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf] >[2012/08/23 08:21:19.005282, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.005301, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf] >[2012/08/23 08:21:19.005328, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/23 08:21:19.005351, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/23 08:21:19.005371, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:19.005391, 5] param/loadparm.c:7280(process_registry_service) > process_registry_service: service name printers >[2012/08/23 08:21:19.005413, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/08/23 08:21:19.005433, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:19.005454, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005473, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005492, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.005511, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005536, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/08/23 08:21:19.005557, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:19.005579, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:21:19.005602, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:21:19.005621, 10] smbd/server_reload.c:53(reload_printers) > reloading printer services from pcap cache >[2012/08/23 08:21:19.005650, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:21:19.005673, 5] param/loadparm.c:7280(process_registry_service) > process_registry_service: service name printers >[2012/08/23 08:21:19.005693, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/08/23 08:21:19.005713, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/23 08:21:19.005734, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005752, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005776, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:21:19.005795, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:21:19.005821, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/08/23 08:21:19.005842, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/23 08:21:19.005863, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:21:19.005887, 3] printing/printing.c:1673(start_background_queue) > start_background_queue: Starting background LPQ thread >[2012/08/23 08:21:19.006204, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/08/23 08:21:19.006199, 5] printing/printing.c:1696(start_background_queue) >[2012/08/23 08:21:19.006248, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > start_background_queue: background LPQ thread started > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 >[2012/08/23 08:21:19.006375, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > Locking key 75660000FFFFFFFF >[2012/08/23 08:21:19.006406, 5] lib/util_sock.c:165(print_socket_options) > Socket options: >[2012/08/23 08:21:19.006415, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > SO_KEEPALIVE = 1 > Allocated locked data 0x0x7f4eb251e5d0 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 >[2012/08/23 08:21:19.006450, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > TCP_KEEPCNT = 9 > Unlocking key 75660000FFFFFFFF > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 >[2012/08/23 08:21:19.006479, 5] printing/printing.c:1732(start_background_queue) > IPTOS_LOWDELAY = 0 > start_background_queue: background LPQ thread waiting for messages > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.006567, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/08/23 08:21:19.006594, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.006737, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.006891, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/08/23 08:21:19.006916, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007067, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007222, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/08/23 08:21:19.007248, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007391, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007540, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 445 >[2012/08/23 08:21:19.007566, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007708, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.007857, 10] lib/util_sock.c:680(open_socket_in) > bind succeeded on port 139 >[2012/08/23 08:21:19.007881, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 0 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.008032, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.008185, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 73660000FFFFFFFF >[2012/08/23 08:21:19.008211, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb251c8b0 >[2012/08/23 08:21:19.008240, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 73660000FFFFFFFF >[2012/08/23 08:21:19.008268, 10] smbd/process.c:920(event_add_idle) > event_add_idle: idle_evt(parent_housekeeping) 0x7f4eb2512810 >[2012/08/23 08:21:19.008292, 5] lib/messages.c:300(messaging_register) > Overriding messaging pointer for type 1 - private_data=(nil) >[2012/08/23 08:21:19.008338, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/23 08:21:19.008362, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:21:19.008382, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/23 08:21:19.008414, 2] smbd/server.c:842(smbd_parent_loop) > waiting for connections >[2012/08/23 08:21:19.145550, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 76660000FFFFFFFF >[2012/08/23 08:21:19.145657, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb24dd000 >[2012/08/23 08:21:19.145711, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 76660000FFFFFFFF >[2012/08/23 08:21:19.145773, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:21:19.146045, 5] lib/util_sock.c:165(print_socket_options) > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 1 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 262144 > SO_RCVBUF = 262144 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 >[2012/08/23 08:22:19.068266, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0x7f4eb2512810 >[2012/08/23 08:22:19.068354, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/08/23 08:22:19.068401, 5] smbd/server.c:627(smbd_parent_housekeeping) > parent housekeeping >[2012/08/23 08:22:19.068439, 3] smbd/server.c:632(smbd_parent_housekeeping) > Printcap cache time expired. >[2012/08/23 08:22:19.068476, 3] printing/pcap.c:138(pcap_cache_reload) > reloading printcap cache >[2012/08/23 08:22:19.068527, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 5052494E5445524C4953 >[2012/08/23 08:22:19.068578, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb250df00 >[2012/08/23 08:22:19.068629, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 5052494E5445524C4953 >[2012/08/23 08:22:19.068750, 3] printing/pcap.c:189(pcap_cache_reload) > reload status: ok >[2012/08/23 08:22:19.068840, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/23 08:22:19.068882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x000078a0 (30880) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.069227, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/23 08:22:19.069272, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.069590, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/23 08:22:19.069633, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00006537 (25911) > vnn : 0xffffffff (4294967295) > unique_id : 0xa1faf1ce59046c3d (11671907252843080765) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.069903, 2] lib/messages_local.c:310(message_notify) > message to process 25911 failed - No such process >[2012/08/23 08:22:19.069953, 2] lib/messages_local.c:400(messaging_tdb_send) > pid 25911 doesn't exist - deleting messages record >[2012/08/23 08:22:19.069998, 2] lib/messages.c:121(traverse_fn) > pid 25911 doesn't exist >[2012/08/23 08:22:19.070119, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/23 08:22:19.070161, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00006675 (26229) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.070462, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/23 08:22:19.070504, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) >[2012/08/23 08:22:19.070527, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) > messages: ARRAY(1) > messages: struct messaging_rec > messaging_tdb_signal_handler: sig[10] count[1] msgs[1] > msg_version : 0x00000002 (2) >[2012/08/23 08:22:19.070597, 10] lib/messages_local.c:466(message_dispatch) > msg_type : MSG_PRINTER_PCAP (519) > message_dispatch: received_messages = 1 > dest: struct server_id > pid : 0x00006676 (26230) > vnn : 0xffffffff (4294967295) >[2012/08/23 08:22:19.070663, 10] lib/messages_local.c:215(messaging_tdb_fetch) > unique_id : 0x16e0d699885d0012 (1648553418523738130) > messaging_tdb_fetch: > src: struct server_id >[2012/08/23 08:22:19.070703, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > result: struct messaging_array > unique_id : 0x44c22ab54009306d (4954569498012758125) > num_messages : 0x00000001 (1) > buf : DATA_BLOB length=0 > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) >[2012/08/23 08:22:19.070821, 10] lib/messages_local.c:255(messaging_tdb_store) > dest: struct server_id > messaging_tdb_store: > pid : 0x00006675 (26229) > vnn : 0xffffffff (4294967295) >[2012/08/23 08:22:19.070884, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > unique_id : 0x44c22ab54009306d (4954569498012758125) > src: struct server_id > array: struct messaging_array > pid : 0x00006673 (26227) > num_messages : 0x00000001 (1) > vnn : 0xffffffff (4294967295) > messages: ARRAY(1) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00007630 (30256) > vnn : 0xffffffff (4294967295) > unique_id : 0x0000000000000000 (0) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.071358, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/08/23 08:22:19.071431, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) > messaging_tdb_signal_handler: sig[10] count[1] msgs[1] >[2012/08/23 08:22:19.071486, 10] lib/messages_local.c:466(message_dispatch) > message_dispatch: received_messages = 1 >[2012/08/23 08:22:19.071558, 10] lib/messages_local.c:215(messaging_tdb_fetch) > messaging_tdb_fetch: >[2012/08/23 08:22:19.071614, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_PCAP (519) > dest: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > src: struct server_id > pid : 0x00006673 (26227) > vnn : 0xffffffff (4294967295) > unique_id : 0x44c22ab54009306d (4954569498012758125) > buf : DATA_BLOB length=0 >[2012/08/23 08:22:19.072066, 10] smbd/server.c:130(smb_pcap_updated) > Got message saying pcap was updated. Reloading. >[2012/08/23 08:22:19.072126, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:22:19.072187, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:22:19.072243, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:22:19.072336, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/23 08:22:19.072411, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:22:19.072468, 5] param/loadparm.c:7280(process_registry_service) > process_registry_service: service name printers >[2012/08/23 08:22:19.072526, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/08/23 08:22:19.072586, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:22:19.072651, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.072708, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.072769, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:22:19.072825, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.072900, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/08/23 08:22:19.072958, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:22:19.073021, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:22:19.073094, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:22:19.073154, 10] smbd/server_reload.c:53(reload_printers) > reloading printer services from pcap cache >[2012/08/23 08:22:19.073230, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:22:19.073289, 5] param/loadparm.c:7280(process_registry_service) > process_registry_service: service name printers >[2012/08/23 08:22:19.073348, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [printers] >[2012/08/23 08:22:19.073408, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/23 08:22:19.073459, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.073495, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.073532, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/23 08:22:19.073567, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7f4eb14f6ea0 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] >[2012/08/23 08:22:19.073615, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) > key [HKLM\SOFTWARE\Samba\smbconf\printers] not found >[2012/08/23 08:22:19.073654, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/23 08:22:19.073696, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find printers >[2012/08/23 08:23:19.128820, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0x7f4eb24f10f0 >[2012/08/23 08:23:19.128900, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called >[2012/08/23 08:23:19.128944, 5] smbd/server.c:627(smbd_parent_housekeeping) > parent housekeeping >[2012/08/23 08:23:19.128982, 10] smbd/process.c:874(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled >[2012/08/23 08:23:22.106711, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:23:22.172376, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:23:22.172425, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:23:22.172493, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/23 08:23:22.172544, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 73660000FFFFFFFF >[2012/08/23 08:23:22.172590, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb2519820 >[2012/08/23 08:23:22.172646, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 73660000FFFFFFFF >[2012/08/23 08:23:22.172790, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal) >[2012/08/23 08:23:22.489862, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/23 08:23:22.489934, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/23 08:23:22.489976, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/23 08:23:22.490044, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/23 08:23:22.490098, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 75660000FFFFFFFF >[2012/08/23 08:23:22.490159, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7f4eb250e110 >[2012/08/23 08:23:22.490219, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 75660000FFFFFFFF >[2012/08/23 08:23:22.490345, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (termination signal)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9058
:
7734
|
7741
|
7742
|
7743
|
7744
|
7801
|
7802
|
7803
|
7809
|
7812
|
7813
| 7814 |
7816
|
7817