[2012/11/09 16:29:11.061438, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 [2012/11/09 16:29:11.061622, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.061663, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/11/09 16:29:11.061751, 3] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/11/09 16:29:11.061794, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/11/09 16:29:11.061887, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x85 [2012/11/09 16:29:11.061963, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 137 (0 toread) [2012/11/09 16:29:11.061997, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.062017, 5] lib/util.c:342(show_msg) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2012/11/09 16:29:11.062183, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 12629) conn 0x0 [2012/11/09 16:29:11.062219, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.062257, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.062299, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.062362, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.062646, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/11/09 16:29:11.062694, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2012/11/09 16:29:11.062730, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2012/11/09 16:29:11.062767, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2012/11/09 16:29:11.062804, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2012/11/09 16:29:11.062841, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2012/11/09 16:29:11.062890, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 [2012/11/09 16:29:11.063047, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 [2012/11/09 16:29:11.063203, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/11/09 16:29:11.063234, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2012/11/09 16:29:11.063262, 5] smbd/negprot.c:711(reply_negprot) negprot index=5 [2012/11/09 16:29:11.063291, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.063308, 5] lib/util.c:342(show_msg) size=181 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51267 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=21760 (0x5500) smb_vwv[ 8]= 49 (0x31) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=17280 (0x4380) smb_vwv[12]=32865 (0x8061) smb_vwv[13]=36599 (0x8EF7) smb_vwv[14]=52670 (0xCDBE) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=112 [2012/11/09 16:29:11.069807, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x2310 [2012/11/09 16:29:11.069882, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 8980 (0 toread) [2012/11/09 16:29:11.069903, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.069915, 5] lib/util.c:342(show_msg) size=8976 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=48064 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 8913 (0x22D1) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=8917 [2012/11/09 16:29:11.070104, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 12629) conn 0x0 [2012/11/09 16:29:11.070125, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.070144, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.070163, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.070196, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.070220, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc817 [2012/11/09 16:29:11.070242, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/09 16:29:11.070263, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/09 16:29:11.070309, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/09 16:29:11.070392, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.2.840.48018.1.2.2 [2012/11/09 16:29:11.070421, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.2.840.113554.1.2.2 [2012/11/09 16:29:11.070441, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.30 [2012/11/09 16:29:11.070459, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2012/11/09 16:29:11.070478, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 8835 [2012/11/09 16:29:11.074572, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: PFOERFR [Pförtsch, Franz] [2012/11/09 16:29:11.074698, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [PFOERFR@XXXXX.XXX] [2012/11/09 16:29:11.074748, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user BROSE+PFOERFR [2012/11/09 16:29:11.074779, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr [2012/11/09 16:29:11.082136, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [BROSE+PFOERFR]! [2012/11/09 16:29:11.083743, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 [2012/11/09 16:29:11.083859, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user BROSE+pfoerfr [2012/11/09 16:29:11.083915, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr [2012/11/09 16:29:11.083943, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [BROSE+pfoerfr]! [2012/11/09 16:29:11.084919, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.084955, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.084978, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.085013, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.085045, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.086742, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.086796, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-19743] [2012/11/09 16:29:11.086845, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-513] [2012/11/09 16:29:11.086890, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334230] [2012/11/09 16:29:11.086935, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-23353] [2012/11/09 16:29:11.086963, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304793] [2012/11/09 16:29:11.086987, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269408] [2012/11/09 16:29:11.087011, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50420] [2012/11/09 16:29:11.087035, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113634] [2012/11/09 16:29:11.087059, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113662] [2012/11/09 16:29:11.087083, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260755] [2012/11/09 16:29:11.087107, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288770] [2012/11/09 16:29:11.087131, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67892] [2012/11/09 16:29:11.087155, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20800] [2012/11/09 16:29:11.087179, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269744] [2012/11/09 16:29:11.087203, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63803] [2012/11/09 16:29:11.087227, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360934] [2012/11/09 16:29:11.087251, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-421750] [2012/11/09 16:29:11.087274, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294313] [2012/11/09 16:29:11.087298, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-109619] [2012/11/09 16:29:11.087343, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13623] [2012/11/09 16:29:11.087394, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113660] [2012/11/09 16:29:11.087442, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13846] [2012/11/09 16:29:11.087488, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351693] [2012/11/09 16:29:11.087517, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56178] [2012/11/09 16:29:11.087542, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268914] [2012/11/09 16:29:11.087566, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276389] [2012/11/09 16:29:11.087590, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294265] [2012/11/09 16:29:11.087614, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289050] [2012/11/09 16:29:11.087639, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284074] [2012/11/09 16:29:11.087664, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353623] [2012/11/09 16:29:11.087688, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-60632] [2012/11/09 16:29:11.087712, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-299617] [2012/11/09 16:29:11.087737, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269875] [2012/11/09 16:29:11.087761, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260777] [2012/11/09 16:29:11.087785, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-72011] [2012/11/09 16:29:11.087809, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56174] [2012/11/09 16:29:11.087833, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294145] [2012/11/09 16:29:11.087858, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-46643] [2012/11/09 16:29:11.087887, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-110684] [2012/11/09 16:29:11.087935, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69476] [2012/11/09 16:29:11.087985, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-354438] [2012/11/09 16:29:11.088031, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288215] [2012/11/09 16:29:11.088066, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418124] [2012/11/09 16:29:11.088092, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32947] [2012/11/09 16:29:11.088128, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373447] [2012/11/09 16:29:11.088154, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21119] [2012/11/09 16:29:11.088178, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-254283] [2012/11/09 16:29:11.088203, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21918] [2012/11/09 16:29:11.088227, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268915] [2012/11/09 16:29:11.088251, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267093] [2012/11/09 16:29:11.088276, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-340888] [2012/11/09 16:29:11.088300, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294363] [2012/11/09 16:29:11.088324, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-414620] [2012/11/09 16:29:11.088349, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260959] [2012/11/09 16:29:11.088374, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56176] [2012/11/09 16:29:11.088398, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373472] [2012/11/09 16:29:11.088423, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294492] [2012/11/09 16:29:11.088447, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373554] [2012/11/09 16:29:11.088548, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104382] [2012/11/09 16:29:11.088597, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294361] [2012/11/09 16:29:11.088643, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-245149] [2012/11/09 16:29:11.088680, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32807] [2012/11/09 16:29:11.088705, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63805] [2012/11/09 16:29:11.088730, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290135] [2012/11/09 16:29:11.088754, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248439] [2012/11/09 16:29:11.088778, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58745] [2012/11/09 16:29:11.088803, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288316] [2012/11/09 16:29:11.088827, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373441] [2012/11/09 16:29:11.088861, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268916] [2012/11/09 16:29:11.088888, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-17597] [2012/11/09 16:29:11.088912, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113654] [2012/11/09 16:29:11.088937, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304050] [2012/11/09 16:29:11.088961, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-112626] [2012/11/09 16:29:11.088985, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360946] [2012/11/09 16:29:11.089009, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-1116] [2012/11/09 16:29:11.089034, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294490] [2012/11/09 16:29:11.089058, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373442] [2012/11/09 16:29:11.089082, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402137] [2012/11/09 16:29:11.089122, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373470] [2012/11/09 16:29:11.089170, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284963] [2012/11/09 16:29:11.089215, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21963] [2012/11/09 16:29:11.089260, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373556] [2012/11/09 16:29:11.089288, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351504] [2012/11/09 16:29:11.089313, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360382] [2012/11/09 16:29:11.089338, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266966] [2012/11/09 16:29:11.089362, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-21-160562036-3150058255-2134394716-63797 Privilege set: 0x20 [2012/11/09 16:29:11.089394, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31306] [2012/11/09 16:29:11.089419, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-420969] [2012/11/09 16:29:11.089443, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58439] [2012/11/09 16:29:11.089468, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351240] [2012/11/09 16:29:11.089492, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290160] [2012/11/09 16:29:11.089516, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-335340] [2012/11/09 16:29:11.089540, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32819] [2012/11/09 16:29:11.089581, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63801] [2012/11/09 16:29:11.089607, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-53171] [2012/11/09 16:29:11.089632, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294243] [2012/11/09 16:29:11.089656, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-350032] [2012/11/09 16:29:11.089680, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63737] [2012/11/09 16:29:11.089711, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13863] [2012/11/09 16:29:11.089758, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351719] [2012/11/09 16:29:11.089806, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56165] [2012/11/09 16:29:11.089851, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113646] [2012/11/09 16:29:11.089888, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430811] [2012/11/09 16:29:11.089914, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284081] [2012/11/09 16:29:11.089938, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256696] [2012/11/09 16:29:11.089963, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416414] [2012/11/09 16:29:11.089987, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49609] [2012/11/09 16:29:11.090012, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-377791] [2012/11/09 16:29:11.090036, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32821] [2012/11/09 16:29:11.090060, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-359223] [2012/11/09 16:29:11.090084, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284091] [2012/11/09 16:29:11.090109, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433713] [2012/11/09 16:29:11.090133, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-33100] [2012/11/09 16:29:11.090157, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416203] [2012/11/09 16:29:11.090181, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-317007] [2012/11/09 16:29:11.090205, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69542] [2012/11/09 16:29:11.090229, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268918] [2012/11/09 16:29:11.090267, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69428] [2012/11/09 16:29:11.090294, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-316764] [2012/11/09 16:29:11.090324, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55705] [2012/11/09 16:29:11.090372, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-291229] [2012/11/09 16:29:11.090423, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-250116] [2012/11/09 16:29:11.090469, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294315] [2012/11/09 16:29:11.090503, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402469] [2012/11/09 16:29:11.090528, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256697] [2012/11/09 16:29:11.090552, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418438] [2012/11/09 16:29:11.090577, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-435652] [2012/11/09 16:29:11.090608, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-45010] [2012/11/09 16:29:11.090634, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322368] [2012/11/09 16:29:11.090659, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267090] [2012/11/09 16:29:11.090683, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32825] [2012/11/09 16:29:11.090708, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-35099] [2012/11/09 16:29:11.090732, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56157] [2012/11/09 16:29:11.090756, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113648] [2012/11/09 16:29:11.090781, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55709] [2012/11/09 16:29:11.090805, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-108789] [2012/11/09 16:29:11.090830, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56159] [2012/11/09 16:29:11.090854, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268919] [2012/11/09 16:29:11.090879, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-245147] [2012/11/09 16:29:11.090903, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430693] [2012/11/09 16:29:11.090942, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289617] [2012/11/09 16:29:11.090990, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373445] [2012/11/09 16:29:11.091052, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-14282] [2012/11/09 16:29:11.091095, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433712] [2012/11/09 16:29:11.091122, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-59232] [2012/11/09 16:29:11.091146, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-33429] [2012/11/09 16:29:11.091171, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-437634] [2012/11/09 16:29:11.091195, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-23354] [2012/11/09 16:29:11.091220, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113636] [2012/11/09 16:29:11.091244, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63799] [2012/11/09 16:29:11.091268, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-261009] [2012/11/09 16:29:11.091293, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290498] [2012/11/09 16:29:11.091317, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-375928] [2012/11/09 16:29:11.091342, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276407] [2012/11/09 16:29:11.091366, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357401] [2012/11/09 16:29:11.091390, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357385] [2012/11/09 16:29:11.091415, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269404] [2012/11/09 16:29:11.091439, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67790] [2012/11/09 16:29:11.091463, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-392120] [2012/11/09 16:29:11.091488, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276395] [2012/11/09 16:29:11.091512, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113343] [2012/11/09 16:29:11.091551, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56172] [2012/11/09 16:29:11.091599, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402467] [2012/11/09 16:29:11.091646, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-293007] [2012/11/09 16:29:11.091693, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-427942] [2012/11/09 16:29:11.091723, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373529] [2012/11/09 16:29:11.091758, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-263163] [2012/11/09 16:29:11.091785, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64111] [2012/11/09 16:29:11.091810, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266852] [2012/11/09 16:29:11.091835, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357892] [2012/11/09 16:29:11.091860, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104429] [2012/11/09 16:29:11.091885, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32813] [2012/11/09 16:29:11.091909, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360722] [2012/11/09 16:29:11.091934, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284092] [2012/11/09 16:29:11.091959, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289619] [2012/11/09 16:29:11.091983, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-369316] [2012/11/09 16:29:11.092008, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49542] [2012/11/09 16:29:11.092032, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-329659] [2012/11/09 16:29:11.092057, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32809] [2012/11/09 16:29:11.092081, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-108767] [2012/11/09 16:29:11.092106, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-305399] [2012/11/09 16:29:11.092133, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-263161] [2012/11/09 16:29:11.092179, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-314050] [2012/11/09 16:29:11.092229, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31001] [2012/11/09 16:29:11.092275, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-279682] [2012/11/09 16:29:11.092313, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294147] [2012/11/09 16:29:11.092339, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56163] [2012/11/09 16:29:11.092364, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-285751] [2012/11/09 16:29:11.092389, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21723] [2012/11/09 16:29:11.092413, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-8332] [2012/11/09 16:29:11.092437, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32827] [2012/11/09 16:29:11.092495, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256460] [2012/11/09 16:29:11.092522, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256183] [2012/11/09 16:29:11.092547, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-300424] [2012/11/09 16:29:11.092571, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55677] [2012/11/09 16:29:11.092596, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-253145] [2012/11/09 16:29:11.092620, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63804] [2012/11/09 16:29:11.092644, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-358866] [2012/11/09 16:29:11.092668, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32823] [2012/11/09 16:29:11.092692, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276620] [2012/11/09 16:29:11.092717, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361940] [2012/11/09 16:29:11.092744, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49274] [2012/11/09 16:29:11.092791, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402177] [2012/11/09 16:29:11.092840, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252230] [2012/11/09 16:29:11.092885, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-321100] [2012/11/09 16:29:11.092923, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20801] [2012/11/09 16:29:11.092949, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276621] [2012/11/09 16:29:11.092973, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252010] [2012/11/09 16:29:11.092998, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-292766] [2012/11/09 16:29:11.093022, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37331] [2012/11/09 16:29:11.093046, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260776] [2012/11/09 16:29:11.093070, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-386708] [2012/11/09 16:29:11.093094, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-374616] [2012/11/09 16:29:11.093118, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21084] [2012/11/09 16:29:11.093142, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294267] [2012/11/09 16:29:11.093176, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63802] [2012/11/09 16:29:11.093203, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31186] [2012/11/09 16:29:11.093228, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-105575] [2012/11/09 16:29:11.093252, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361874] [2012/11/09 16:29:11.093276, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360362] [2012/11/09 16:29:11.093300, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357734] [2012/11/09 16:29:11.093324, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294241] [2012/11/09 16:29:11.093354, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-251778] [2012/11/09 16:29:11.093403, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49510] [2012/11/09 16:29:11.093450, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-35015] [2012/11/09 16:29:11.093495, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20749] [2012/11/09 16:29:11.093542, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294291] [2012/11/09 16:29:11.093581, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-254469] [2012/11/09 16:29:11.093607, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-247296] [2012/11/09 16:29:11.093632, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63798] [2012/11/09 16:29:11.093656, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-59035] [2012/11/09 16:29:11.093681, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430331] [2012/11/09 16:29:11.093705, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21301] [2012/11/09 16:29:11.093730, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55627] [2012/11/09 16:29:11.093755, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32815] [2012/11/09 16:29:11.093779, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-277164] [2012/11/09 16:29:11.093803, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21552] [2012/11/09 16:29:11.093828, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56622] [2012/11/09 16:29:11.093853, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37315] [2012/11/09 16:29:11.093877, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334225] [2012/11/09 16:29:11.093911, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338141] [2012/11/09 16:29:11.093938, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-246169] [2012/11/09 16:29:11.093973, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-297835] [2012/11/09 16:29:11.094020, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353615] [2012/11/09 16:29:11.094068, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322371] [2012/11/09 16:29:11.094114, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63235] [2012/11/09 16:29:11.094155, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266849] [2012/11/09 16:29:11.094182, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-293998] [2012/11/09 16:29:11.094207, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433714] [2012/11/09 16:29:11.094231, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-107694] [2012/11/09 16:29:11.094256, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288317] [2012/11/09 16:29:11.094281, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-44135] [2012/11/09 16:29:11.094305, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290560] [2012/11/09 16:29:11.094329, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322681] [2012/11/09 16:29:11.094353, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-283109] [2012/11/09 16:29:11.094378, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357879] [2012/11/09 16:29:11.094402, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289046] [2012/11/09 16:29:11.094426, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32803] [2012/11/09 16:29:11.094450, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-343968] [2012/11/09 16:29:11.094483, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50792] [2012/11/09 16:29:11.094509, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50518] [2012/11/09 16:29:11.094534, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37238] [2012/11/09 16:29:11.094560, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360465] [2012/11/09 16:29:11.094617, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-366652] [2012/11/09 16:29:11.094666, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294094] [2012/11/09 16:29:11.094728, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288540] [2012/11/09 16:29:11.094756, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-297984] [2012/11/09 16:29:11.094780, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276427] [2012/11/09 16:29:11.094805, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333792] [2012/11/09 16:29:11.094829, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-427342] [2012/11/09 16:29:11.094853, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333794] [2012/11/09 16:29:11.094878, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290460] [2012/11/09 16:29:11.094902, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294091] [2012/11/09 16:29:11.094926, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333793] [2012/11/09 16:29:11.094950, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338207] [2012/11/09 16:29:11.094974, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-409571] [2012/11/09 16:29:11.094999, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294054] [2012/11/09 16:29:11.095023, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-30854] [2012/11/09 16:29:11.095047, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288547] [2012/11/09 16:29:11.095071, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-365347] [2012/11/09 16:29:11.095096, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-6776287-465249537-1446904402-4108] [2012/11/09 16:29:11.095120, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58230] [2012/11/09 16:29:11.095144, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357400] [2012/11/09 16:29:11.095173, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-343966] [2012/11/09 16:29:11.095222, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104268] [2012/11/09 16:29:11.095270, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334228] [2012/11/09 16:29:11.095316, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357384] [2012/11/09 16:29:11.095350, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64500] [2012/11/09 16:29:11.095375, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-291227] [2012/11/09 16:29:11.095410, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62708] [2012/11/09 16:29:11.095437, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266847] [2012/11/09 16:29:11.095462, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-313857] [2012/11/09 16:29:11.095486, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-350031] [2012/11/09 16:29:11.095511, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373448] [2012/11/09 16:29:11.095535, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-420970] [2012/11/09 16:29:11.095560, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351238] [2012/11/09 16:29:11.095584, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-11861] [2012/11/09 16:29:11.095622, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353613] [2012/11/09 16:29:11.095649, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322679] [2012/11/09 16:29:11.095674, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-253148] [2012/11/09 16:29:11.095723, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-277162] [2012/11/09 16:29:11.095770, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304048] [2012/11/09 16:29:11.095816, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288768] [2012/11/09 16:29:11.095860, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62920] [2012/11/09 16:29:11.095887, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62814] [2012/11/09 16:29:11.095912, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338139] [2012/11/09 16:29:11.095939, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266850] [2012/11/09 16:29:11.095964, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-74038] [2012/11/09 16:29:11.095988, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62715] [2012/11/09 16:29:11.096013, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357877] [2012/11/09 16:29:11.096037, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252117] [2012/11/09 16:29:11.096062, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322372] [2012/11/09 16:29:11.096087, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-65121] [2012/11/09 16:29:11.096111, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62711] [2012/11/09 16:29:11.096147, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267091] [2012/11/09 16:29:11.096173, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-24652] [2012/11/09 16:29:11.096198, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360933] [2012/11/09 16:29:11.096234, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-354437] [2012/11/09 16:29:11.096282, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249119] [2012/11/09 16:29:11.096328, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248731] [2012/11/09 16:29:11.096374, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64215] [2012/11/09 16:29:11.096406, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373475] [2012/11/09 16:29:11.096431, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-250664] [2012/11/09 16:29:11.096474, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267088] [2012/11/09 16:29:11.096505, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50311] [2012/11/09 16:29:11.096531, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62644] [2012/11/09 16:29:11.096555, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69148] [2012/11/09 16:29:11.096579, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360380] [2012/11/09 16:29:11.096604, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-52124] [2012/11/09 16:29:11.096629, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351502] [2012/11/09 16:29:11.096653, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-317005] [2012/11/09 16:29:11.096677, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62713] [2012/11/09 16:29:11.096702, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-313855] [2012/11/09 16:29:11.096727, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-53143] [2012/11/09 16:29:11.096751, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-349705] [2012/11/09 16:29:11.096777, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357732] [2012/11/09 16:29:11.096817, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402142] [2012/11/09 16:29:11.096865, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50421] [2012/11/09 16:29:11.096925, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357890] [2012/11/09 16:29:11.096967, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416413] [2012/11/09 16:29:11.096998, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-255117] [2012/11/09 16:29:11.097049, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-73891] [2012/11/09 16:29:11.097097, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-377792] [2012/11/09 16:29:11.097148, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63081] [2012/11/09 16:29:11.097195, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-386707] [2012/11/09 16:29:11.097250, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64112] [2012/11/09 16:29:11.097296, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256555] [2012/11/09 16:29:11.097343, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361939] [2012/11/09 16:29:11.097370, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62709] [2012/11/09 16:29:11.097395, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248759] [2012/11/09 16:29:11.097433, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-359221] [2012/11/09 16:29:11.097483, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-310730] [2012/11/09 16:29:11.097531, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-109617] [2012/11/09 16:29:11.097577, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-60474] [2012/11/09 16:29:11.097607, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402472] [2012/11/09 16:29:11.097632, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55679] [2012/11/09 16:29:11.097672, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69153] [2012/11/09 16:29:11.097701, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-22265] [2012/11/09 16:29:11.097726, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-423112] [2012/11/09 16:29:11.097752, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289044] [2012/11/09 16:29:11.097798, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67791] [2012/11/09 16:29:11.097841, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69156] [2012/11/09 16:29:11.097886, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62712] [2012/11/09 16:29:11.097954, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360721] [2012/11/09 16:29:11.098002, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-435651] [2012/11/09 16:29:11.098052, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69149] [2012/11/09 16:29:11.098099, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-73730] [2012/11/09 16:29:11.098146, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-243660] [2012/11/09 16:29:11.098192, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104280] [2012/11/09 16:29:11.098237, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430692] [2012/11/09 16:29:11.098281, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256558] [2012/11/09 16:29:11.098326, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-54515] [2012/11/09 16:29:11.098373, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334223] [2012/11/09 16:29:11.098420, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304790] [2012/11/09 16:29:11.098465, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373528] [2012/11/09 16:29:11.098510, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-375927] [2012/11/09 16:29:11.098555, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-74039] [2012/11/09 16:29:11.098614, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62781] [2012/11/09 16:29:11.098664, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69157] [2012/11/09 16:29:11.098711, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-309445] [2012/11/09 16:29:11.098756, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62733] [2012/11/09 16:29:11.098803, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418123] [2012/11/09 16:29:11.098850, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64415] [2012/11/09 16:29:11.098895, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-414619] [2012/11/09 16:29:11.098941, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373446] [2012/11/09 16:29:11.098986, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289048] [2012/11/09 16:29:11.099033, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69158] [2012/11/09 16:29:11.099078, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373559] [2012/11/09 16:29:11.099138, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-110686] [2012/11/09 16:29:11.099186, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260757] [2012/11/09 16:29:11.099233, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249663] [2012/11/09 16:29:11.099278, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249619] [2012/11/09 16:29:11.099326, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-321098] [2012/11/09 16:29:11.099371, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64497] [2012/11/09 16:29:11.099417, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-112627] [2012/11/09 16:29:11.099463, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62710] [2012/11/09 16:29:11.099507, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360361] [2012/11/09 16:29:11.099552, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353621] [2012/11/09 16:29:11.099598, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-365152] [2012/11/09 16:29:11.099645, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69544] [2012/11/09 16:29:11.099691, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249644] [2012/11/09 16:29:11.099733, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55625] [2012/11/09 16:29:11.099760, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/11/09 16:29:11.099790, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/11/09 16:29:11.099813, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/11/09 16:29:11.099837, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2012/11/09 16:29:11.146640, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: BROSE+pfoerfr Real name: Pförtsch, Franz [2012/11/09 16:29:11.146723, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 10000 is UNIX user BROSE+pfoerfr, and will be vuid 101 [2012/11/09 16:29:11.147039, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find BROSE+pfoerfr [2012/11/09 16:29:11.147069, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user BROSE+pfoerfr [2012/11/09 16:29:11.147089, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr [2012/11/09 16:29:11.147110, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [BROSE+pfoerfr]! [2012/11/09 16:29:11.147128, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'BROSE+pfoerfr' using home directory: '/home/BROSE/pfoerfr' [2012/11/09 16:29:11.147151, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/11/09 16:29:11.147182, 3] smbd/signing.c:267(srv_set_signing) srv_set_signing: turning on SMB signing: signing negotiated = 1, mandatory_signing = 0. [2012/11/09 16:29:11.147224, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 [2012/11/09 16:29:11.147344, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.147360, 5] lib/util.c:342(show_msg) size=302 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=101 smb_mid=48064 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 152 (0x98) smb_bcc=259 [2012/11/09 16:29:11.148801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x52 [2012/11/09 16:29:11.148833, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 86 (0 toread) [2012/11/09 16:29:11.148853, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.148864, 5] lib/util.c:342(show_msg) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=48128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 12 (0xC) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [2012/11/09 16:29:11.148986, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 12629) conn 0x0 [2012/11/09 16:29:11.149008, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.149027, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.149045, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.149076, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.149103, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2012/11/09 16:29:11.149130, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2012/11/09 16:29:11.149154, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.149213, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user BROSE+pfoerfr [2012/11/09 16:29:11.149240, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr [2012/11/09 16:29:11.149260, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [BROSE+pfoerfr]! [2012/11/09 16:29:11.149283, 3] smbd/service.c:872(make_connection_snum) Connect path is '/var/tmp' for service [IPC$] [2012/11/09 16:29:11.149330, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/11/09 16:29:11.149356, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2012/11/09 16:29:11.149377, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2012/11/09 16:29:11.149395, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/11/09 16:29:11.149424, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2012/11/09 16:29:11.149705, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.149739, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:11.157119, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:11.160411, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:11.160473, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.160500, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.160531, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.160573, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.160612, 3] smbd/service.c:1114(make_connection_snum) 10.129.108.68 (10.129.108.68) signed connect to service IPC$ initially as user BROSE+pfoerfr (uid=10000, gid=10006) (pid 12629) [2012/11/09 16:29:11.160641, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2012/11/09 16:29:11.161487, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:11.161519, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 106 (0 toread) [2012/11/09 16:29:11.161547, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.161561, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48192 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:11.161848, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.161871, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.161891, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:11.168593, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:11.171382, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:11.171415, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/tmp [2012/11/09 16:29:11.171454, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:11.171490, 5] smbd/files.c:140(file_new) allocated file structure 4114, fnum = 8210 (1 used) [2012/11/09 16:29:11.171532, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:11.171606, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:11.171635, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:11.173048, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:11.173079, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 228 (0 toread) [2012/11/09 16:29:11.173098, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.173109, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48256 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:11.173297, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.173317, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.173340, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 160 [2012/11/09 16:29:11.173373, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:11.173409, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.173436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:11.173456, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:11.173476, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.173508, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:11.174630, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.174661, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 63 (0 toread) [2012/11/09 16:29:11.174680, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.174691, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48320 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.174866, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.174886, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.174908, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.174928, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:11.174956, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:11.176062, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:11.176100, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 296 (0 toread) [2012/11/09 16:29:11.176119, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.176129, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48384 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=225 [2012/11/09 16:29:11.176349, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.176371, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.176395, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:11.176417, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.176435, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.176472, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.176496, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:11.176516, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:11.176543, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.176566, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:11.176598, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:11.176644, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.176691, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:11.176720, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] [2012/11/09 16:29:11.176792, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.176823, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.176867, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.176893, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.176935, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.176959, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.176978, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.176996, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.177075, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.177132, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177194, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177238, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.177283, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.177323, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.177365, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.177406, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.177442, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.177491, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [_pdf] [2012/11/09 16:29:11.177540, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177599, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177734, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.177780, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177823, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.177854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.177927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.177968, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.177999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178040, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178070, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178112, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178183, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178406, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178482, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178555, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178637, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178737, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.178756, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.178791, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.178831, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.178926, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.178964, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.179004, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.179042, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.179080, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.179116, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.179160, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [_pdf] [2012/11/09 16:29:11.179208, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179318, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.179338, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.179384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179429, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] [2012/11/09 16:29:11.179449, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.179484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179564, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.179592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179670, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.179697, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179775, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.179802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.179880, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.179913, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.179941, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.179971, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.179993, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.180019, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.180042, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.180074, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.180093, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.180171, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.180216, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180296, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180345, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.180388, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.180428, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.180486, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.180529, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.180565, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.180611, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [lpt1] [2012/11/09 16:29:11.180663, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180797, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180842, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.180874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180916, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.180947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.180989, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181020, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181061, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181107, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181224, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181295, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181326, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181368, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181440, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181471, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181686, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181741, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181786, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181831, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.181850, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.181881, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.181921, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.181974, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182017, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.182055, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.182094, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.182132, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.182169, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.182205, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.182248, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [lpt1] [2012/11/09 16:29:11.182307, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182411, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.182430, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.182479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182532, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] [2012/11/09 16:29:11.182553, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.182586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182690, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.182741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182789, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182827, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.182855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182896, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.182936, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.182975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.183089, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.183117, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.183160, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.183185, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.183211, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.183234, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.183252, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.183270, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.183336, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.183386, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183494, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.183536, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.183576, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.183617, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.183677, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.183715, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.183760, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0705] [2012/11/09 16:29:11.183809, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183878, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.183964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184018, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184102, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184176, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184293, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184373, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184487, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184524, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184572, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184670, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184701, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184745, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184833, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184865, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184907, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.184950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.184997, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185030, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185071, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185110, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185158, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185325, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185362, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185405, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185497, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185577, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185636, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185697, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185718, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.185750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185793, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.185813, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.185858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.185914, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.185969, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186017, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.186066, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.186107, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.186146, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.186185, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.186243, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.186291, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0705] [2012/11/09 16:29:11.186340, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186456, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.186476, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.186526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186571, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] [2012/11/09 16:29:11.186603, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.186639, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186682, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186719, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.186748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186799, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186838, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.186866, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.186960, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.186992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187071, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.187119, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.187155, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.187187, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.187210, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.187236, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.187259, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.187277, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.187297, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.187375, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.187420, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187530, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.187573, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.187612, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.187654, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.187703, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.187742, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.187788, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0687ptx] [2012/11/09 16:29:11.187838, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187904, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.187988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188054, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188135, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188233, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188422, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188524, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188557, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188660, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188742, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188831, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188905, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.188937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.188991, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189081, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189112, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189171, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189206, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189250, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189415, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189488, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189523, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189576, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189654, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189703, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189757, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189788, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.189822, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.189866, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.189894, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.189940, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.189983, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190080, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.190118, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.190158, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.190196, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.190242, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.190289, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.190335, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0687ptx] [2012/11/09 16:29:11.190383, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190483, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.190502, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.190552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190600, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] [2012/11/09 16:29:11.190622, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.190655, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190707, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190758, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.190816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.190999, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.191053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191138, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.191168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191210, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191247, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.191287, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.191317, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.191348, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.191371, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.191399, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.191422, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.191441, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.191458, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.191532, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.191580, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.191687, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.191729, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.191769, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.191822, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.191861, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.191897, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.191943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0790] [2012/11/09 16:29:11.191991, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192128, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192174, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192259, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192295, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192338, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192410, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192507, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192666, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192701, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192775, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192817, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.192961, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.192993, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193035, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193107, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193211, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193253, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193334, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193409, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193481, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193528, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193573, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.193592, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.193623, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.193664, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.193760, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.193798, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.193838, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.193876, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.193914, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.193950, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.193994, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0790] [2012/11/09 16:29:11.194042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194097, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194140, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.194172, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.194226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] [2012/11/09 16:29:11.194290, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.194322, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194402, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.194430, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.194536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194621, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.194650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194729, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:11.194796, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/11/09 16:29:11.194821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.194901, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.194924, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.194963, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:11.194988, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.195012, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.195041, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.195064, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.195090, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.195113, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.195131, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.195149, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.195215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.195261, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195315, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195359, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.195400, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.195440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.195479, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.195517, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.195552, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.195608, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.195661, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195711, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:11.195745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195786, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195823, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.195850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195891, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.195942, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.195975, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.196009, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.196036, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 10301 [2012/11/09 16:29:11.196070, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:11.196092, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.196103, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48384 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:11.199430, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/11/09 16:29:11.199463, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 4244 (0 toread) [2012/11/09 16:29:11.199483, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.199494, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=4173 [2012/11/09 16:29:11.199699, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.199720, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.199744, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=4156 params=0 setup=2 [2012/11/09 16:29:11.199765, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.199783, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.199802, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.199820, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:11.199840, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2012/11/09 16:29:11.199866, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.199888, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:11.199909, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:11.199936, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.199978, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200016, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.200037, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.200078, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.200108, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.200129, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.200155, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.200178, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.200197, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.200215, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.200281, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.200327, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200424, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.200484, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.200529, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.200569, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.200607, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.200642, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.200688, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.200736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.200924, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.200958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201000, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201032, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201074, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201161, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201234, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201265, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201307, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201338, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201380, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201411, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201453, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201527, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201601, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201674, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201757, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201791, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201833, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201865, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201907, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.201938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.201980, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202053, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202084, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202125, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202200, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202232, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202321, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202366, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.202427, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202471, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.202490, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.202527, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.202569, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202630, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.202674, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.202712, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.202751, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.202790, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.202828, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.202863, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.202908, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.202955, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203053, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.203073, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.203123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203167, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.203187, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.203219, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203309, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.203339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203418, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.203445, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203524, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.203552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203593, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.203630, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.203674, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.203716, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.203744, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.203763, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.203781, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.203844, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.203873, 4] printing/printing.c:1316(print_cache_expired) print_cache_expired: cache expired for queue yyyp0708 (last_qscan_time = 1352473314, time now = 1352474951, qcachetime = 30) [2012/11/09 16:29:11.206552, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.206673, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.206726, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/11/09 16:29:11.206756, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/11/09 16:29:11.206776, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/11/09 16:29:11.206803, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.206815, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/11/09 16:29:11.208954, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.209003, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 63 (0 toread) [2012/11/09 16:29:11.209033, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.209051, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3112 (0xC28) smb_vwv[ 6]= 3112 (0xC28) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3112 (0xC28) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.209330, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.209364, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.209397, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3112 [2012/11/09 16:29:11.209429, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:11.209483, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3112 max=3112 nread=3112 [2012/11/09 16:29:11.213174, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:11.213219, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 4348 (0 toread) [2012/11/09 16:29:11.213239, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.213250, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48576 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:11.213473, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.213495, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.213514, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:11.213535, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:11.213568, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:11.214686, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1b8 [2012/11/09 16:29:11.214717, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 444 (0 toread) [2012/11/09 16:29:11.214736, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.214746, 5] lib/util.c:342(show_msg) size=440 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 356 (0x164) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4136 (0x1028) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 356 (0x164) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=373 [2012/11/09 16:29:11.214949, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.214969, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.214992, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=356 params=0 setup=2 [2012/11/09 16:29:11.215033, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.215052, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.215070, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.215088, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:11.215107, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 356 [2012/11/09 16:29:11.215130, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.215151, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:11.215171, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:11.215192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.215233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.215270, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.215294, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.215319, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.215351, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.215373, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.215407, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.215430, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.215449, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.215467, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.215559, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.215628, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.215691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.215734, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.215777, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.215818, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.215859, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.215898, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.215935, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.215982, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.216031, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216101, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216191, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216237, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216388, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216519, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216562, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216636, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216783, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216825, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216869, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216902, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.216944, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.216976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217196, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217237, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217269, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217310, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217342, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217416, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217458, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217546, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217714, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217733, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.217765, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217807, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.217825, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.217863, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.217905, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.217958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218001, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.218040, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.218079, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.218117, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.218155, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.218190, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.218234, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.218281, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218337, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218390, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.218412, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.218463, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218508, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.218528, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.218561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218648, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.218676, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218754, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.218781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218857, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.218885, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.218963, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.219048, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.219086, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4136 [2012/11/09 16:29:11.219116, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 4136 too large [2012/11/09 16:29:11.219138, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..4136] (align 0) [2012/11/09 16:29:11.219159, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/11/09 16:29:11.219190, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.219202, 5] lib/util.c:342(show_msg) size=4192 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4136 (0x1028) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 4136 (0x1028) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=4137 [2012/11/09 16:29:11.221073, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.221105, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2012/11/09 16:29:11.221124, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.221135, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 144 (0x90) smb_vwv[ 6]= 144 (0x90) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 144 (0x90) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.221311, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.221332, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.221352, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 144 [2012/11/09 16:29:11.221377, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=144 max=144 nread=144 [2012/11/09 16:29:11.222633, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.222677, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 63 (0 toread) [2012/11/09 16:29:11.222697, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.222708, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.222917, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.222939, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.222961, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.222986, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:11.223020, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=336 [2012/11/09 16:29:11.228228, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:11.228262, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 106 (0 toread) [2012/11/09 16:29:11.228282, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.228303, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=48832 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:11.228828, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.228867, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.228907, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:11.228947, 5] smbd/files.c:140(file_new) allocated file structure 4115, fnum = 8211 (2 used) [2012/11/09 16:29:11.228990, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:11.229059, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:11.229102, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:11.230333, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:11.230367, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 228 (0 toread) [2012/11/09 16:29:11.230387, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.230398, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48896 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8211 (0x2013) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:11.230587, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.230614, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.230634, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2013 name: spoolss len: 160 [2012/11/09 16:29:11.230653, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:11.230678, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.230698, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:11.230717, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:11.230736, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.230765, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:11.231961, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.231997, 3] smbd/process.c:1662(process_smb) Transaction 15 of length 63 (0 toread) [2012/11/09 16:29:11.232016, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.232027, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=48960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8211 (0x2013) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.232204, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.232239, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.232261, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.232282, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:11.232306, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:11.233415, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:11.233462, 3] smbd/process.c:1662(process_smb) Transaction 16 of length 296 (0 toread) [2012/11/09 16:29:11.233500, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.233522, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8211 (0x2013) smb_bcc=225 [2012/11/09 16:29:11.233834, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.233867, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.233909, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:11.233938, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.233957, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.233975, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.233993, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2013) [2012/11/09 16:29:11.234028, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:11.234054, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.234081, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:11.234116, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:11.234158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.234211, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:11.234238, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:11.234294, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/11/09 16:29:11.234314, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.234351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.234388, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.234410, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.234445, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:11.234466, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.234490, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.234519, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.234540, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.234577, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.234607, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.234627, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.234645, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.234731, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.234782, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.234838, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.234881, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.234923, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.234963, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.235003, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.235041, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.235077, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.235134, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.235216, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.235305, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:11.235354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.235432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.235504, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.235553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.235643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.235738, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.235792, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.235840, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.235881, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:11.235927, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:11.235965, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.235986, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:11.238119, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c [2012/11/09 16:29:11.238166, 3] smbd/process.c:1662(process_smb) Transaction 17 of length 144 (0 toread) [2012/11/09 16:29:11.238186, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.238198, 5] lib/util.c:342(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8211 (0x2013) smb_bcc=73 [2012/11/09 16:29:11.238402, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.238422, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.238445, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2012/11/09 16:29:11.238467, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.238484, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.238503, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.238521, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2013) [2012/11/09 16:29:11.238541, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 56 [2012/11/09 16:29:11.238566, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.238587, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:11.238613, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:11.238635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.238675, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.238712, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.238735, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.238776, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.238806, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.238828, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.238858, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.238881, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.238900, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.238918, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.239006, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.239073, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239176, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.239219, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.239258, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.239298, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.239336, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.239373, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.239419, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.239468, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239523, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239609, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.239689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239731, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.239762, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239814, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.239849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239891, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.239923, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.239966, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240017, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240063, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240137, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240211, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240285, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240359, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240432, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240548, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240583, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240625, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240843, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.240915, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.240953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.241052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241094, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.241143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241188, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.241219, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.241255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241298, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.241317, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.241355, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.241396, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241492, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.241530, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.241569, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.241607, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.241645, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.241680, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.241724, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.241771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.241869, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.241888, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.241949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242007, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.242028, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.242063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242154, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.242183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242262, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.242288, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242329, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242366, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.242394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.242471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.242536, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.242571, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.242602, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:11.242635, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:11.242656, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.242667, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:11.244949, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:11.244982, 3] smbd/process.c:1662(process_smb) Transaction 18 of length 4348 (0 toread) [2012/11/09 16:29:11.245002, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.245013, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49152 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8211 (0x2013) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:11.245202, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.245235, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.245257, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2013 name: spoolss len: 4280 [2012/11/09 16:29:11.245277, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:11.245306, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:11.246410, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x138 [2012/11/09 16:29:11.246441, 3] smbd/process.c:1662(process_smb) Transaction 19 of length 316 (0 toread) [2012/11/09 16:29:11.246461, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.246472, 5] lib/util.c:342(show_msg) size=312 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49216 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 228 (0xE4) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8211 (0x2013) smb_bcc=245 [2012/11/09 16:29:11.246674, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.246694, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.246716, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=228 params=0 setup=2 [2012/11/09 16:29:11.246736, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.246754, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.246771, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.246789, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2013) [2012/11/09 16:29:11.246816, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 228 [2012/11/09 16:29:11.246853, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.246876, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:11.246896, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:11.246917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.246956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.246993, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.247014, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.247039, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.247067, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.247088, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.247116, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.247139, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.247158, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.247175, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.247265, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.247312, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.247370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.247419, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.247461, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.247500, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.247539, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.247577, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.247612, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.247657, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.247704, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.247758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.247886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.247935, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.247969, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248011, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248043, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248085, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248157, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248316, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248390, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248433, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248505, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248583, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248729, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248822, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.248931, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.248992, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249069, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249141, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249172, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249214, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249289, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249361, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249454, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249473, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.249503, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249545, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.249564, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.249599, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.249653, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.249773, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.249822, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.249862, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.249900, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.249937, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.249971, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.250014, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.250062, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250189, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.250208, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.250259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250303, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.250322, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.250354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250433, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.250461, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250538, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.250565, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250622, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250661, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.250690, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.250797, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.250874, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.250910, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.250940, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/11/09 16:29:11.250962, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/11/09 16:29:11.250982, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/11/09 16:29:11.251001, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.251012, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49216 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/11/09 16:29:11.252371, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.252404, 3] smbd/process.c:1662(process_smb) Transaction 20 of length 63 (0 toread) [2012/11/09 16:29:11.252423, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.252434, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8211 (0x2013) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3256 (0xCB8) smb_vwv[ 6]= 3256 (0xCB8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3256 (0xCB8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.252633, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.252654, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.252675, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3256 [2012/11/09 16:29:11.252700, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3256 max=3256 nread=3256 [2012/11/09 16:29:11.254044, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.254104, 3] smbd/process.c:1662(process_smb) Transaction 21 of length 63 (0 toread) [2012/11/09 16:29:11.254140, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.254154, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8211 (0x2013) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.254456, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.254488, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.254513, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.254557, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:11.254615, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=208 [2012/11/09 16:29:11.256546, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:11.256581, 3] smbd/process.c:1662(process_smb) Transaction 22 of length 132 (0 toread) [2012/11/09 16:29:11.256606, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.256629, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8211 (0x2013) smb_bcc=61 [2012/11/09 16:29:11.256860, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.256883, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.256907, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:11.256929, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.256947, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.256966, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.256985, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2013) [2012/11/09 16:29:11.257005, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:11.257031, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.257053, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:11.257073, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:11.257102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.257145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.257183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.257221, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.257245, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.257273, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.257317, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:11.257344, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:11.257365, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.257376, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:11.259057, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:11.259090, 3] smbd/process.c:1662(process_smb) Transaction 23 of length 45 (0 toread) [2012/11/09 16:29:11.259110, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.259121, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49472 smt_wct=3 smb_vwv[ 0]= 8211 (0x2013) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:11.259239, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.259259, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.259281, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8211 (numopen=2) [2012/11/09 16:29:11.259303, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:11.259371, 5] smbd/files.c:482(file_free) freed files structure 8211 (1 used) [2012/11/09 16:29:11.259395, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.259407, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49472 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:11.260568, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:11.260601, 3] smbd/process.c:1662(process_smb) Transaction 24 of length 106 (0 toread) [2012/11/09 16:29:11.260621, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.260632, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49536 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:11.260903, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.260923, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.260946, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:11.260968, 5] smbd/files.c:140(file_new) allocated file structure 4116, fnum = 8212 (2 used) [2012/11/09 16:29:11.260995, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:11.261044, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:11.261083, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:11.262456, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:11.262498, 3] smbd/process.c:1662(process_smb) Transaction 25 of length 228 (0 toread) [2012/11/09 16:29:11.262523, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.262535, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49600 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:11.262741, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.262764, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.262784, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2014 name: spoolss len: 160 [2012/11/09 16:29:11.262804, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:11.262829, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.262850, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:11.262869, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:11.262889, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:11.262919, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:11.264112, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.264144, 3] smbd/process.c:1662(process_smb) Transaction 26 of length 63 (0 toread) [2012/11/09 16:29:11.264164, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.264175, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49664 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.264386, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.264410, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.264432, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.264500, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:11.264530, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:11.265567, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:11.265610, 3] smbd/process.c:1662(process_smb) Transaction 27 of length 296 (0 toread) [2012/11/09 16:29:11.265633, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.265644, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=225 [2012/11/09 16:29:11.265875, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.265897, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.265920, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:11.265942, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.265960, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.265979, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.265998, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.266018, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:11.266042, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.266063, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:11.266084, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:11.266123, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.266164, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:11.266191, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:11.266249, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/11/09 16:29:11.266269, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.266308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.266346, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.266382, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.266409, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:11.266431, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.266456, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.266486, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.266508, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.266542, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.266566, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.266585, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.266615, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.266708, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.266760, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.266817, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.266861, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.266912, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.266958, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.266999, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.267039, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.267076, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.267124, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.267173, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.267224, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:11.267253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.267294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.267333, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.267375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.267419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.267457, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.267489, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.267520, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.267545, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:11.267572, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:11.267593, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.267604, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:11.273719, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:11.273794, 3] smbd/process.c:1662(process_smb) Transaction 28 of length 148 (0 toread) [2012/11/09 16:29:11.273815, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.273827, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=77 [2012/11/09 16:29:11.274044, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.274066, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.274092, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2012/11/09 16:29:11.274114, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.274133, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.274159, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.274192, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.274229, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2012/11/09 16:29:11.274267, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.274306, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/11/09 16:29:11.274339, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fa2ea3e4850 [2012/11/09 16:29:11.274371, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [0] Info level [2] [2012/11/09 16:29:11.274412, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.274447, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.274475, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:11.274501, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2012/11/09 16:29:11.274522, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.274533, 5] lib/util.c:342(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/11/09 16:29:11.275665, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:11.275697, 3] smbd/process.c:1662(process_smb) Transaction 29 of length 148 (0 toread) [2012/11/09 16:29:11.275718, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.275729, 5] lib/util.c:342(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=77 [2012/11/09 16:29:11.275968, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.275990, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.276012, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2012/11/09 16:29:11.276033, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.276051, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.276070, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.276089, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.276109, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 60 [2012/11/09 16:29:11.276132, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.276154, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/11/09 16:29:11.276175, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fa2ea3e4850 [2012/11/09 16:29:11.276196, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [0] Info level [1] [2012/11/09 16:29:11.276231, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.276271, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.276321, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.276349, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.276384, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.276408, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.276428, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.276485, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.276588, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.276651, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.276719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.276778, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.276801, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/11/09 16:29:11.276841, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.276864, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/11/09 16:29:11.276901, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.276924, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/11/09 16:29:11.276974, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.276997, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.277035, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Forms] [2012/11/09 16:29:11.277076, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277136, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms [2012/11/09 16:29:11.277167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277293, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277332, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.277360, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.277440, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.277583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.277624, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.277651, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 31741 [2012/11/09 16:29:11.277696, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2012/11/09 16:29:11.277721, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.277733, 5] lib/util.c:342(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=49856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/11/09 16:29:11.279464, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:11.279505, 3] smbd/process.c:1662(process_smb) Transaction 30 of length 4348 (0 toread) [2012/11/09 16:29:11.279526, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.279537, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:11.279799, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.279823, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.279844, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2014 name: spoolss len: 4280 [2012/11/09 16:29:11.279865, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:11.279896, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:11.281586, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:11.281628, 3] smbd/process.c:1662(process_smb) Transaction 31 of length 4348 (0 toread) [2012/11/09 16:29:11.281650, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.281662, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=49984 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:11.281887, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.281924, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.281946, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2014 name: spoolss len: 4280 [2012/11/09 16:29:11.281967, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:11.281997, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:11.283143, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x440 [2012/11/09 16:29:11.283176, 3] smbd/process.c:1662(process_smb) Transaction 32 of length 1092 (0 toread) [2012/11/09 16:29:11.283196, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.283208, 5] lib/util.c:342(show_msg) size=1088 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1004 (0x3EC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1004 (0x3EC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=1021 [2012/11/09 16:29:11.283421, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.283441, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.283465, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1004 params=0 setup=2 [2012/11/09 16:29:11.283488, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.283506, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.283526, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.283545, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.283565, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1004 [2012/11/09 16:29:11.283590, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.283623, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS [2012/11/09 16:29:11.283647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[34].fn == 0x7fa2ea3e4850 [2012/11/09 16:29:11.283687, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) _spoolss_EnumForms Offered buffer size [9456] Info level [1] [2012/11/09 16:29:11.283732, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.283758, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.283785, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.283807, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.283837, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.283870, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.283902, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.283923, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.284025, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.284100, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.284163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.284220, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.284245, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/11/09 16:29:11.284301, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.284330, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/11/09 16:29:11.284369, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.284401, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/11/09 16:29:11.284442, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:11.284493, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.284561, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Forms] [2012/11/09 16:29:11.284636, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.284748, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms [2012/11/09 16:29:11.284815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.284954, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.285059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.285138, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.285182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.285227, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.285266, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.285583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.285640, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:11.285673, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/11/09 16:29:11.285697, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/11/09 16:29:11.285717, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/11/09 16:29:11.285738, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.285750, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/11/09 16:29:11.287075, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.287111, 3] smbd/process.c:1662(process_smb) Transaction 33 of length 63 (0 toread) [2012/11/09 16:29:11.287131, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.287142, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=50112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 3256 (0xCB8) smb_vwv[ 6]= 3256 (0xCB8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 3256 (0xCB8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.287329, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.287350, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.287372, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 3256 [2012/11/09 16:29:11.287399, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=3256 max=3256 nread=3256 [2012/11/09 16:29:11.288803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.288847, 3] smbd/process.c:1662(process_smb) Transaction 34 of length 63 (0 toread) [2012/11/09 16:29:11.288870, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.288882, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=50176 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.289079, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.289100, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.289122, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.289152, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:11.290719, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:11.290775, 3] smbd/process.c:1662(process_smb) Transaction 35 of length 63 (0 toread) [2012/11/09 16:29:11.290800, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.290812, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=50240 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:11.291050, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.291075, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.291096, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.291124, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 31741 [2012/11/09 16:29:11.291177, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=988 [2012/11/09 16:29:11.306726, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xac [2012/11/09 16:29:11.306826, 3] smbd/process.c:1662(process_smb) Transaction 36 of length 176 (0 toread) [2012/11/09 16:29:11.306859, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.306877, 5] lib/util.c:342(show_msg) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50304 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=105 [2012/11/09 16:29:11.307234, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.307275, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.307321, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=88 params=0 setup=2 [2012/11/09 16:29:11.307365, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.307402, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.307440, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.307476, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.307514, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 88 [2012/11/09 16:29:11.307563, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.307605, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/11/09 16:29:11.307670, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 [2012/11/09 16:29:11.307725, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.307807, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/11/09 16:29:11.307845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.307919, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.307962, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.308011, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.308065, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.308107, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.308160, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.308200, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.308236, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.308270, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.308413, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.308534, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.308644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.308729, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.308806, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.308875, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.308947, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.309016, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.309080, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.309161, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.309240, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:11.309325, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.309431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.309513, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:11.309572, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.309663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.309747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.309824, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.309878, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.309959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.310039, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.310099, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.310157, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.310205, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:11.310253, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) [2012/11/09 16:29:11.310293, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.310315, 5] lib/util.c:342(show_msg) size=1120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50304 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1064 (0x428) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1064 (0x428) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1065 [2012/11/09 16:29:11.312328, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c0 [2012/11/09 16:29:11.312409, 3] smbd/process.c:1662(process_smb) Transaction 37 of length 2244 (0 toread) [2012/11/09 16:29:11.312475, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.312503, 5] lib/util.c:342(show_msg) size=2240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2156 (0x86C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2156 (0x86C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2173 [2012/11/09 16:29:11.312884, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.312923, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.312966, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2156 params=0 setup=2 [2012/11/09 16:29:11.313006, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:11.313042, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:11.313078, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:11.313114, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:11.313181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2156 [2012/11/09 16:29:11.313228, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:11.313270, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 [2012/11/09 16:29:11.313309, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[53].fn == 0x7fa2ea3e16c0 [2012/11/09 16:29:11.313357, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) _spoolss_GetPrinterDriver2 [2012/11/09 16:29:11.313398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.313476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.313552, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:11.313592, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:11.313639, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:11.313692, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.313735, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.313787, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.313827, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.313863, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.313899, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.314031, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.314115, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.314218, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.314300, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.314376, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.314447, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.314518, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.314585, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.314659, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.314744, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.314827, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.314927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315183, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.315244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.315384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315464, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.315522, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.315677, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315783, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.315854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.315947, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316021, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316118, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316445, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316627, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316767, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.316906, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.316965, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317046, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317188, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317242, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317317, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317534, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317572, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317628, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317664, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317711, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317793, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.317868, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.317900, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.317949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.318022, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.318054, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.318112, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.318185, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.318274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.318349, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:11.318413, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:11.318475, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:11.318536, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:11.318604, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.318663, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:11.318736, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.318813, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.318909, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.318998, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.319033, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.319092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319146, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:11.319168, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:11.319205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319249, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319288, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.319319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319419, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.319450, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319530, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.319561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319613, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.319661, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.319707, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/11/09 16:29:11.319750, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:11.319775, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.319812, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.319838, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.319858, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.319888, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.319993, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.320053, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320162, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/11/09 16:29:11.320203, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/11/09 16:29:11.320257, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Control] [2012/11/09 16:29:11.320315, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:11.320362, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Environments] [2012/11/09 16:29:11.320412, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows x64] [2012/11/09 16:29:11.320491, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Drivers] [2012/11/09 16:29:11.320541, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Version-3] [2012/11/09 16:29:11.320599, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:11.320655, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320849, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.320883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.320938, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.320975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321148, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321199, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321236, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321281, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321356, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321435, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321470, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321528, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321566, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321610, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321686, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321795, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321895, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.321928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.321972, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322007, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322061, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322097, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322147, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322226, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322301, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322334, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322382, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322461, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322494, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322551, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322637, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322715, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] [2012/11/09 16:29:11.322781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322842, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322884, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.322915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:11.322997, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:11.323039, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) construct_printer_driver_info_level: status: WERR_OK [2012/11/09 16:29:11.323129, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:11.323170, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:11.323199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2323 [2012/11/09 16:29:11.323231, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2096] (align 0) [2012/11/09 16:29:11.323252, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.323265, 5] lib/util.c:342(show_msg) size=2152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2096 (0x830) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2096 (0x830) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2097 [2012/11/09 16:29:11.325274, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2012/11/09 16:29:11.325311, 3] smbd/process.c:1662(process_smb) Transaction 38 of length 108 (0 toread) [2012/11/09 16:29:11.325331, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.325357, 5] lib/util.c:342(show_msg) size=104 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50432 smt_wct=15 smb_vwv[ 0]= 36 (0x24) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 36 (0x24) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=39 [2012/11/09 16:29:11.325565, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:11.325587, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.325638, 3] smbd/msdfs.c:891(get_referred_path) get_referred_path: |print$| in dfs path \yyyu0031\print$ is not a dfs root. [2012/11/09 16:29:11.325674, 3] smbd/error.c:81(error_packet_set) error packet at smbd/trans2.c(8340) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2012/11/09 16:29:11.325699, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.325711, 5] lib/util.c:342(show_msg) size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=50432 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:11.326971, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x56 [2012/11/09 16:29:11.327020, 3] smbd/process.c:1662(process_smb) Transaction 39 of length 90 (0 toread) [2012/11/09 16:29:11.327051, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.327064, 5] lib/util.c:342(show_msg) size=86 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=50496 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 86 (0x56) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=43 [2012/11/09 16:29:11.327206, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 12629) conn 0x0 [2012/11/09 16:29:11.327229, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.327248, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.327267, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.327300, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.327328, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [PRINT$] [2012/11/09 16:29:11.327354, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service print$ [2012/11/09 16:29:11.327377, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:11.327429, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user BROSE+pfoerfr [2012/11/09 16:29:11.327456, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr [2012/11/09 16:29:11.327477, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [BROSE+pfoerfr]! [2012/11/09 16:29:11.327507, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.327528, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.327547, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.327565, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.327583, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.327655, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.330863, 3] smbd/service.c:581(find_forced_group) Forced group ntadmin [2012/11/09 16:29:11.330926, 3] smbd/service.c:872(make_connection_snum) Connect path is '/var/lib/samba/drivers' for service [print$] [2012/11/09 16:29:11.330973, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/11/09 16:29:11.330995, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/11/09 16:29:11.331026, 5] smbd/connection.c:134(claim_connection) claiming [print$] [2012/11/09 16:29:11.331102, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID @BROSE+YYY_CUPS_Printer_Admin is not in a valid format [2012/11/09 16:29:11.331159, 5] auth/user_util.c:152(user_in_netgroup) looking for user BROSE+pfoerfr of domain in netgroup BROSE+YYY_CUPS_Printer_Admin [2012/11/09 16:29:11.331461, 5] auth/user_util.c:175(user_in_netgroup) looking for user brose+pfoerfr of domain in netgroup BROSE+YYY_CUPS_Printer_Admin [2012/11/09 16:29:11.333107, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 71 [2012/11/09 16:29:11.333139, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.333160, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:11.333180, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:11.333199, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.333235, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.333299, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.333326, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.333347, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-22-2-71 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:11.340697, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 71 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:11.343688, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,71) [2012/11/09 16:29:11.343723, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.343743, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:11.343761, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:11.343792, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:11.343827, 1] smbd/service.c:1114(make_connection_snum) 10.129.108.68 (10.129.108.68) signed connect to service print$ initially as user BROSE+pfoerfr (uid=10000, gid=71) (pid 12629) [2012/11/09 16:29:11.343858, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=PRINT$ [2012/11/09 16:29:11.345575, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2012/11/09 16:29:11.345624, 3] smbd/process.c:1662(process_smb) Transaction 40 of length 92 (0 toread) [2012/11/09 16:29:11.345645, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.345656, 5] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50560 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [2012/11/09 16:29:11.345863, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:11.345902, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:11.345927, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-22-2-71 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:11.353214, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 71 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:11.356268, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,71) [2012/11/09 16:29:11.356302, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/drivers [2012/11/09 16:29:11.356334, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2012/11/09 16:29:11.356366, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3" [2012/11/09 16:29:11.356393, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3, dirpath = , start = x64/3 [2012/11/09 16:29:11.356421, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eacb2620:size 5) X64/3 -> x64/3 [2012/11/09 16:29:11.356442, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3 -> x64/3 [2012/11/09 16:29:11.356487, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:11.356522, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:11.356567, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3 (fnum = -1) level=1004 call=5 total_data=0 [2012/11/09 16:29:11.356594, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1004 max_data=40 [2012/11/09 16:29:11.356617, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3 [2012/11/09 16:29:11.356637, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2012/11/09 16:29:11.356657, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2012/11/09 16:29:11.356682, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) SMB_QFBI - create: Tue Oct 30 11:28:16 2012 access: Thu Nov 8 18:45:19 2012 write: Tue Oct 30 11:28:16 2012 change: Tue Oct 30 11:28:16 2012 mode: 10 [2012/11/09 16:29:11.356754, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 [2012/11/09 16:29:11.356774, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 [2012/11/09 16:29:11.356794, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.356805, 5] lib/util.c:342(show_msg) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50560 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2012/11/09 16:29:11.358270, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2012/11/09 16:29:11.358310, 3] smbd/process.c:1662(process_smb) Transaction 41 of length 92 (0 toread) [2012/11/09 16:29:11.358330, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.358341, 5] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50624 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [2012/11/09 16:29:11.358549, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:11.358570, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.358591, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 [2012/11/09 16:29:11.358641, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3" [2012/11/09 16:29:11.358667, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:11.358693, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:11.358722, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3 (fnum = -1) level=1005 call=5 total_data=0 [2012/11/09 16:29:11.358744, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1005 max_data=24 [2012/11/09 16:29:11.358773, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3 [2012/11/09 16:29:11.358802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2012/11/09 16:29:11.358824, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2012/11/09 16:29:11.358846, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:11.358867, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:11.358886, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.358897, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50624 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:11.360372, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/11/09 16:29:11.360405, 3] smbd/process.c:1662(process_smb) Transaction 42 of length 124 (0 toread) [2012/11/09 16:29:11.360425, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.360436, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50688 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/11/09 16:29:11.360667, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:11.360689, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.360716, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:11.360740, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/11/09 16:29:11.360764, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript5.dll, dirpath = x64/3, start = pscript5.dll [2012/11/09 16:29:11.360787, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eacb2630:size 12) X64/3/PSCRIPT5.DLL -> x64/3/pscript5.dll [2012/11/09 16:29:11.360807, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript5.dll -> x64/3/pscript5.dll [2012/11/09 16:29:11.360827, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:11.360853, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll [2012/11/09 16:29:11.360883, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/11/09 16:29:11.360907, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:11.360928, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:11.360952, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:11.360994, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:11.361017, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/11/09 16:29:11.361037, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:11.361064, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eacb9120 now at offset -1 [2012/11/09 16:29:11.361089, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:11.361113, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:11.361133, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:11.361156, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/11/09 16:29:11.361200, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:11.361224, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:11.361255, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/11/09 16:29:11.361277, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/11/09 16:29:11.361297, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.361308, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50688 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/11/09 16:29:11.361488, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:11.371673, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/11/09 16:29:11.371750, 3] smbd/process.c:1662(process_smb) Transaction 43 of length 128 (0 toread) [2012/11/09 16:29:11.371772, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:11.371784, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50752 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/11/09 16:29:11.372075, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:11.372099, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:11.372128, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/11/09 16:29:11.372177, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:11.372211, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll [2012/11/09 16:29:11.372238, 5] smbd/files.c:140(file_new) allocated file structure 4117, fnum = 8213 (3 used) [2012/11/09 16:29:11.372266, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0664 [2012/11/09 16:29:11.372287, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:11.372307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:11.372326, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:11.372374, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:11.372406, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) [2012/11/09 16:29:11.372445, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) linux_set_kernel_oplock: Refused oplock on file x64/3/pscript5.dll, fd = 32, file_id = fd02:e10:0. (Keine Berechtigung) [2012/11/09 16:29:11.372767, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:11.372802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:11.372835, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.379623, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8213, open name = x64/3/pscript5.dll [2012/11/09 16:29:16.380807, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.380852, 3] smbd/process.c:1662(process_smb) Transaction 44 of length 76 (0 toread) [2012/11/09 16:29:16.380874, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.380886, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50816 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.381637, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.381675, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.381703, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/11/09 16:29:16.381739, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8213) level=1006 call=7 total_data=0 [2012/11/09 16:29:16.381762, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8213) level=1006 max_data=8 [2012/11/09 16:29:16.381782, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.381802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.381821, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.381845, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/11/09 16:29:16.381865, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/11/09 16:29:16.381883, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.381894, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50816 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/11/09 16:29:16.383426, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.383462, 3] smbd/process.c:1662(process_smb) Transaction 45 of length 76 (0 toread) [2012/11/09 16:29:16.383482, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.383494, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50880 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.383732, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.383755, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.383775, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.383801, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8213) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.383823, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8213) level=1005 max_data=24 [2012/11/09 16:29:16.383842, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.383861, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.383880, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.383902, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.383921, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.383940, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.383951, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50880 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.385607, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/11/09 16:29:16.385651, 3] smbd/process.c:1662(process_smb) Transaction 46 of length 122 (0 toread) [2012/11/09 16:29:16.385672, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.385683, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=50944 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/11/09 16:29:16.385964, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.385986, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.386011, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/11/09 16:29:16.386036, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/ps5ui.dll, dirpath = x64/3, start = ps5ui.dll [2012/11/09 16:29:16.386060, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eacb9bf0:size f) X64/3/PS5UI.DLL -> x64/3/ps5ui.dll [2012/11/09 16:29:16.386079, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/ps5ui.dll -> x64/3/ps5ui.dll [2012/11/09 16:29:16.386098, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.386127, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll [2012/11/09 16:29:16.386151, 5] smbd/files.c:140(file_new) allocated file structure 4118, fnum = 8214 (4 used) [2012/11/09 16:29:16.386175, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0664 [2012/11/09 16:29:16.386195, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.386214, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.386232, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.386265, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.386292, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=2) [2012/11/09 16:29:16.386317, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) linux_set_kernel_oplock: Refused oplock on file x64/3/ps5ui.dll, fd = 33, file_id = fd02:e12:0. (Keine Berechtigung) [2012/11/09 16:29:16.386357, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.386379, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.386405, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.386475, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8214, open name = x64/3/ps5ui.dll [2012/11/09 16:29:16.387482, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.387527, 3] smbd/process.c:1662(process_smb) Transaction 47 of length 76 (0 toread) [2012/11/09 16:29:16.387550, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.387561, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51008 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.387761, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.387780, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.387801, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/11/09 16:29:16.387827, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8214) level=1006 call=7 total_data=0 [2012/11/09 16:29:16.387863, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8214) level=1006 max_data=8 [2012/11/09 16:29:16.387886, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.387905, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.387924, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.387946, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/11/09 16:29:16.387965, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/11/09 16:29:16.387984, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.387995, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51008 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/11/09 16:29:16.389357, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.389401, 3] smbd/process.c:1662(process_smb) Transaction 48 of length 76 (0 toread) [2012/11/09 16:29:16.389433, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.389452, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51072 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.389757, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.389789, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.389821, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.389861, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8214) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.389896, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8214) level=1005 max_data=24 [2012/11/09 16:29:16.389927, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.389958, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.389987, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.390021, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.390053, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.390083, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.390101, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51072 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.391811, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/11/09 16:29:16.391862, 3] smbd/process.c:1662(process_smb) Transaction 49 of length 128 (0 toread) [2012/11/09 16:29:16.391886, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.391897, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51136 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/11/09 16:29:16.392157, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.392177, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.392200, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/yyyp0708.ppd" [2012/11/09 16:29:16.392224, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/yyyp0708.ppd, dirpath = x64/3, start = yyyp0708.ppd [2012/11/09 16:29:16.392250, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eaca50a0:size 12) X64/3/YYYP0708.PPD -> x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392271, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/yyyp0708.ppd -> x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392290, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/yyyp0708.ppd] [/var/lib/samba/drivers] [2012/11/09 16:29:16.392316, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/yyyp0708.ppd reduced to /var/lib/samba/drivers/x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392338, 5] smbd/files.c:140(file_new) allocated file structure 4119, fnum = 8215 (5 used) [2012/11/09 16:29:16.392361, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/yyyp0708.ppd) returning 0664 [2012/11/09 16:29:16.392381, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392401, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.392419, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.392451, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.392502, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/yyyp0708.ppd read=Yes write=No (numopen=3) [2012/11/09 16:29:16.392527, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) linux_set_kernel_oplock: Refused oplock on file x64/3/yyyp0708.ppd, fd = 34, file_id = fd02:e18:0. (Keine Berechtigung) [2012/11/09 16:29:16.392562, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392585, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.392604, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.392653, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8215, open name = x64/3/yyyp0708.ppd [2012/11/09 16:29:16.392691, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.392715, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.392734, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.392768, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:16.394151, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.394202, 3] smbd/process.c:1662(process_smb) Transaction 50 of length 76 (0 toread) [2012/11/09 16:29:16.394237, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.394258, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51200 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.394602, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.394645, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.394683, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-22-2-71 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:16.402020, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 71 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:16.405074, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,71) [2012/11/09 16:29:16.405123, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/11/09 16:29:16.405164, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/yyyp0708.ppd (fnum = 8215) level=1006 call=7 total_data=0 [2012/11/09 16:29:16.405188, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/yyyp0708.ppd (fnum = 8215) level=1006 max_data=8 [2012/11/09 16:29:16.405208, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/yyyp0708.ppd [2012/11/09 16:29:16.405229, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.405248, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.405272, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/11/09 16:29:16.405292, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/11/09 16:29:16.405311, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.405322, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51200 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/11/09 16:29:16.406839, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.406891, 3] smbd/process.c:1662(process_smb) Transaction 51 of length 76 (0 toread) [2012/11/09 16:29:16.406920, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.406933, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51264 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.407195, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.407219, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.407240, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.407280, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/yyyp0708.ppd (fnum = 8215) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.407321, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/yyyp0708.ppd (fnum = 8215) level=1005 max_data=24 [2012/11/09 16:29:16.407357, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/yyyp0708.ppd [2012/11/09 16:29:16.407395, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.407430, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.407456, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.407476, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.407495, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.407507, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51264 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.409231, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/11/09 16:29:16.409268, 3] smbd/process.c:1662(process_smb) Transaction 52 of length 126 (0 toread) [2012/11/09 16:29:16.409289, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.409301, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51328 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/11/09 16:29:16.409625, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.409674, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.409723, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/11/09 16:29:16.409778, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript.hlp, dirpath = x64/3, start = pscript.hlp [2012/11/09 16:29:16.409839, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eaccf5f0:size 11) X64/3/PSCRIPT.HLP -> x64/3/pscript.hlp [2012/11/09 16:29:16.409882, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript.hlp -> x64/3/pscript.hlp [2012/11/09 16:29:16.409916, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/drivers] [2012/11/09 16:29:16.409961, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/drivers/x64/3/pscript.hlp [2012/11/09 16:29:16.409999, 5] smbd/files.c:140(file_new) allocated file structure 4120, fnum = 8216 (6 used) [2012/11/09 16:29:16.410042, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.hlp) returning 0664 [2012/11/09 16:29:16.410081, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/11/09 16:29:16.410136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.410175, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.410236, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.410287, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) [2012/11/09 16:29:16.410328, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) linux_set_kernel_oplock: Refused oplock on file x64/3/pscript.hlp, fd = 35, file_id = fd02:e13:0. (Keine Berechtigung) [2012/11/09 16:29:16.410372, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/11/09 16:29:16.410396, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.410415, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.410471, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8216, open name = x64/3/pscript.hlp [2012/11/09 16:29:16.411387, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.411430, 3] smbd/process.c:1662(process_smb) Transaction 53 of length 76 (0 toread) [2012/11/09 16:29:16.411468, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.411483, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51392 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.411767, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.411808, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.411847, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/11/09 16:29:16.411884, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 8216) level=1006 call=7 total_data=0 [2012/11/09 16:29:16.411907, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 8216) level=1006 max_data=8 [2012/11/09 16:29:16.411928, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/11/09 16:29:16.411948, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.411967, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.411990, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/11/09 16:29:16.412010, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/11/09 16:29:16.412029, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.412048, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51392 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/11/09 16:29:16.413189, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.413222, 3] smbd/process.c:1662(process_smb) Transaction 54 of length 76 (0 toread) [2012/11/09 16:29:16.413242, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.413268, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51456 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.413477, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.413498, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.413519, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.413545, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 8216) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.413568, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 8216) level=1005 max_data=24 [2012/11/09 16:29:16.413588, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/11/09 16:29:16.413607, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.413630, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.413672, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.413710, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.413747, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.413770, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51456 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.415155, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7a [2012/11/09 16:29:16.415187, 3] smbd/process.c:1662(process_smb) Transaction 55 of length 126 (0 toread) [2012/11/09 16:29:16.415208, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.415219, 5] lib/util.c:342(show_msg) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51520 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=17408 (0x4400) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=39 [2012/11/09 16:29:16.415506, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.415543, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.415581, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/11/09 16:29:16.415641, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/pscript.ntf, dirpath = x64/3, start = pscript.ntf [2012/11/09 16:29:16.415691, 5] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (7fa2eacd1660:size 11) X64/3/PSCRIPT.NTF -> x64/3/pscript.ntf [2012/11/09 16:29:16.415718, 5] smbd/filename.c:439(unix_convert) conversion of base_name finished x64/3/pscript.ntf -> x64/3/pscript.ntf [2012/11/09 16:29:16.415753, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/drivers] [2012/11/09 16:29:16.415785, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/drivers/x64/3/pscript.ntf [2012/11/09 16:29:16.415824, 5] smbd/files.c:140(file_new) allocated file structure 4121, fnum = 8217 (7 used) [2012/11/09 16:29:16.415857, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript.ntf) returning 0664 [2012/11/09 16:29:16.415879, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/11/09 16:29:16.415898, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.415918, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.415954, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.415989, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) [2012/11/09 16:29:16.416019, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) linux_set_kernel_oplock: Refused oplock on file x64/3/pscript.ntf, fd = 36, file_id = fd02:e14:0. (Keine Berechtigung) [2012/11/09 16:29:16.416066, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/11/09 16:29:16.416091, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.416110, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.416157, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8217, open name = x64/3/pscript.ntf [2012/11/09 16:29:16.416914, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.416946, 3] smbd/process.c:1662(process_smb) Transaction 56 of length 76 (0 toread) [2012/11/09 16:29:16.416966, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.416977, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51584 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.417204, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.417227, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.417247, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2012/11/09 16:29:16.417278, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 8217) level=1006 call=7 total_data=0 [2012/11/09 16:29:16.417306, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 8217) level=1006 max_data=8 [2012/11/09 16:29:16.417326, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/11/09 16:29:16.417345, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.417366, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.417401, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 [2012/11/09 16:29:16.417436, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 [2012/11/09 16:29:16.417458, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.417470, 5] lib/util.c:342(show_msg) size=68 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51584 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 8 (0x8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 8 (0x8) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=13 [2012/11/09 16:29:16.418618, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.418651, 3] smbd/process.c:1662(process_smb) Transaction 57 of length 76 (0 toread) [2012/11/09 16:29:16.418671, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.418684, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51648 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.418910, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.418933, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.418954, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.418980, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 8217) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.419003, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 8217) level=1005 max_data=24 [2012/11/09 16:29:16.419023, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/11/09 16:29:16.419042, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.419061, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.419084, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.419113, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.419134, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.419146, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51648 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.421012, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/11/09 16:29:16.421059, 3] smbd/process.c:1662(process_smb) Transaction 58 of length 128 (0 toread) [2012/11/09 16:29:16.421093, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.421107, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51712 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/11/09 16:29:16.421451, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.421490, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.421527, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/11/09 16:29:16.421563, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.421607, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll [2012/11/09 16:29:16.421643, 5] smbd/files.c:140(file_new) allocated file structure 4122, fnum = 8218 (8 used) [2012/11/09 16:29:16.421678, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0664 [2012/11/09 16:29:16.421710, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.421740, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.421769, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.421807, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.421849, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=6) [2012/11/09 16:29:16.421886, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript5.dll, fd02:e10:0/2976701240, tv_sec = 509d214c, tv_usec = 66f0a [2012/11/09 16:29:16.421939, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.421973, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.422003, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.422064, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8218, open name = x64/3/pscript5.dll [2012/11/09 16:29:16.423126, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.423166, 3] smbd/process.c:1662(process_smb) Transaction 59 of length 76 (0 toread) [2012/11/09 16:29:16.423197, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.423214, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51776 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.423526, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.423559, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.423591, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.423641, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8218) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.423677, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8218) level=1005 max_data=24 [2012/11/09 16:29:16.423721, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.423756, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.423786, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.423820, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.423852, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.423882, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.423900, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=51776 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.425008, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.425045, 3] smbd/process.c:1662(process_smb) Transaction 60 of length 63 (0 toread) [2012/11/09 16:29:16.425065, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.425077, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=51840 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8218 (0x201A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.425341, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.425389, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.425450, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 37 0 4096 0 [2012/11/09 16:29:16.425519, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=37 offset=0 count=4096 type=0 [2012/11/09 16:29:16.425563, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 37 is returned info 2 pid 0 [2012/11/09 16:29:16.425598, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.425672, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8218 max=4096 nread=4096 [2012/11/09 16:29:16.427093, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.427146, 3] smbd/process.c:1662(process_smb) Transaction 61 of length 63 (0 toread) [2012/11/09 16:29:16.427181, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.427200, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=51904 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8213 (0x2015) smb_vwv[ 3]=35328 (0x8A00) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]= 5120 (0x1400) smb_vwv[ 6]= 5120 (0x1400) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 5120 (0x1400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.427489, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.427527, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.427570, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 32 625152 5120 0 [2012/11/09 16:29:16.427610, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=32 offset=625152 count=5120 type=0 [2012/11/09 16:29:16.427669, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 32 is returned info 2 pid 0 [2012/11/09 16:29:16.427710, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.427749, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8213 max=5120 nread=5120 [2012/11/09 16:29:16.429333, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.429382, 3] smbd/process.c:1662(process_smb) Transaction 62 of length 45 (0 toread) [2012/11/09 16:29:16.429420, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.429439, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=51968 smt_wct=3 smb_vwv[ 0]= 8218 (0x201A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.429594, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.429617, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.429647, 3] smbd/reply.c:4848(reply_close) close fd=37 fnum=8218 (numopen=6) [2012/11/09 16:29:16.429686, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.429784, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=5) NT_STATUS_OK [2012/11/09 16:29:16.429826, 5] smbd/files.c:482(file_free) freed files structure 8218 (7 used) [2012/11/09 16:29:16.429860, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.429884, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=51968 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.431082, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.431127, 3] smbd/process.c:1662(process_smb) Transaction 63 of length 63 (0 toread) [2012/11/09 16:29:16.431164, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.431180, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=52032 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8213 (0x2015) smb_vwv[ 3]=34816 (0x8800) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.431397, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.431425, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.431450, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 32 428032 16384 0 [2012/11/09 16:29:16.431474, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=32 offset=428032 count=16384 type=0 [2012/11/09 16:29:16.431496, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 32 is returned info 2 pid 0 [2012/11/09 16:29:16.431516, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.431543, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8213 max=16384 nread=16384 [2012/11/09 16:29:16.434170, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:16.434211, 3] smbd/process.c:1662(process_smb) Transaction 64 of length 148 (0 toread) [2012/11/09 16:29:16.434232, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.434244, 5] lib/util.c:342(show_msg) size=144 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52096 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=14848 (0x3A00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=61 [2012/11/09 16:29:16.434643, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.434667, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.434693, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de-DE/pscript5.dll.mui" [2012/11/09 16:29:16.434721, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de-DE/pscript5.dll.mui, dirpath = x64/3, start = de-DE/pscript5.dll.mui [2012/11/09 16:29:16.434789, 5] smbd/filename.c:675(unix_convert) Intermediate not found de-DE [2012/11/09 16:29:16.434817, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.434842, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.434854, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52096 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.436371, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.436414, 3] smbd/process.c:1662(process_smb) Transaction 65 of length 142 (0 toread) [2012/11/09 16:29:16.436444, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.436487, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52160 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.436891, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.436922, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.436954, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de/pscript5.dll.mui" [2012/11/09 16:29:16.436988, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de/pscript5.dll.mui, dirpath = x64/3, start = de/pscript5.dll.mui [2012/11/09 16:29:16.437042, 5] smbd/filename.c:675(unix_convert) Intermediate not found de [2012/11/09 16:29:16.437076, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.437106, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.437123, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52160 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.438593, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:16.438640, 3] smbd/process.c:1662(process_smb) Transaction 66 of length 148 (0 toread) [2012/11/09 16:29:16.438676, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.438689, 5] lib/util.c:342(show_msg) size=144 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52224 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=14848 (0x3A00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=61 [2012/11/09 16:29:16.438960, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.438980, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.439003, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en-US/pscript5.dll.mui" [2012/11/09 16:29:16.439027, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en-US/pscript5.dll.mui, dirpath = x64/3, start = en-US/pscript5.dll.mui [2012/11/09 16:29:16.439062, 5] smbd/filename.c:675(unix_convert) Intermediate not found en-US [2012/11/09 16:29:16.439085, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.439106, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.439117, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52224 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.440597, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.440634, 3] smbd/process.c:1662(process_smb) Transaction 67 of length 142 (0 toread) [2012/11/09 16:29:16.440674, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.440694, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52288 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.441102, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.441140, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.441186, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en/pscript5.dll.mui" [2012/11/09 16:29:16.441237, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en/pscript5.dll.mui, dirpath = x64/3, start = en/pscript5.dll.mui [2012/11/09 16:29:16.441320, 5] smbd/filename.c:675(unix_convert) Intermediate not found en [2012/11/09 16:29:16.441362, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.441397, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.441420, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52288 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.444611, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x7c [2012/11/09 16:29:16.444687, 3] smbd/process.c:1662(process_smb) Transaction 68 of length 128 (0 toread) [2012/11/09 16:29:16.444724, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.444738, 5] lib/util.c:342(show_msg) size=124 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52352 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9728 (0x2600) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=41 [2012/11/09 16:29:16.445032, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.445055, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.445093, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/11/09 16:29:16.445147, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.445195, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll [2012/11/09 16:29:16.445232, 5] smbd/files.c:140(file_new) allocated file structure 4123, fnum = 8219 (8 used) [2012/11/09 16:29:16.445262, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/pscript5.dll) returning 0664 [2012/11/09 16:29:16.445283, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.445302, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.445322, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.445361, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.445391, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=6) [2012/11/09 16:29:16.445432, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/pscript5.dll, fd02:e10:0/2976701241, tv_sec = 509d214c, tv_usec = 6cb2f [2012/11/09 16:29:16.445486, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.445516, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.445545, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.445607, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8219, open name = x64/3/pscript5.dll [2012/11/09 16:29:16.446831, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.446869, 3] smbd/process.c:1662(process_smb) Transaction 69 of length 76 (0 toread) [2012/11/09 16:29:16.446889, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.446901, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52416 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.447152, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.447175, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.447198, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.447228, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8219) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.447251, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8219) level=1005 max_data=24 [2012/11/09 16:29:16.447271, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.447291, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.447310, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.447335, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.447355, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.447374, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.447385, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52416 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.448548, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.448581, 3] smbd/process.c:1662(process_smb) Transaction 70 of length 63 (0 toread) [2012/11/09 16:29:16.448600, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.448611, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=52480 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8219 (0x201B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.448795, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.448815, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.448840, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 37 0 4096 0 [2012/11/09 16:29:16.448866, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=37 offset=0 count=4096 type=0 [2012/11/09 16:29:16.448887, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 37 is returned info 2 pid 0 [2012/11/09 16:29:16.448906, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.448930, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8219 max=4096 nread=4096 [2012/11/09 16:29:16.450635, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.450685, 3] smbd/process.c:1662(process_smb) Transaction 71 of length 63 (0 toread) [2012/11/09 16:29:16.450719, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.450738, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=52544 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8219 (0x201B) smb_vwv[ 3]=35328 (0x8A00) smb_vwv[ 4]= 9 (0x9) smb_vwv[ 5]= 5120 (0x1400) smb_vwv[ 6]= 5120 (0x1400) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 5120 (0x1400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.451040, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.451064, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.451089, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 37 625152 5120 0 [2012/11/09 16:29:16.451113, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=37 offset=625152 count=5120 type=0 [2012/11/09 16:29:16.451153, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 37 is returned info 2 pid 0 [2012/11/09 16:29:16.451175, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.451199, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8219 max=5120 nread=5120 [2012/11/09 16:29:16.453368, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.453411, 3] smbd/process.c:1662(process_smb) Transaction 72 of length 63 (0 toread) [2012/11/09 16:29:16.453440, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.453452, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=52608 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8219 (0x201B) smb_vwv[ 3]=34816 (0x8800) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.453653, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.453683, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.453708, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 37 428032 16384 0 [2012/11/09 16:29:16.453733, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=37 offset=428032 count=16384 type=0 [2012/11/09 16:29:16.453754, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 37 is returned info 2 pid 0 [2012/11/09 16:29:16.453774, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.453801, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8219 max=16384 nread=16384 [2012/11/09 16:29:16.457099, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:16.457160, 3] smbd/process.c:1662(process_smb) Transaction 73 of length 148 (0 toread) [2012/11/09 16:29:16.457181, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.457192, 5] lib/util.c:342(show_msg) size=144 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52672 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=14848 (0x3A00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=61 [2012/11/09 16:29:16.457455, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.457499, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.457526, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de-DE/pscript5.dll.mui" [2012/11/09 16:29:16.457554, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de-DE/pscript5.dll.mui, dirpath = x64/3, start = de-DE/pscript5.dll.mui [2012/11/09 16:29:16.457600, 5] smbd/filename.c:675(unix_convert) Intermediate not found de-DE [2012/11/09 16:29:16.457624, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.457645, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.457655, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52672 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.459303, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.459346, 3] smbd/process.c:1662(process_smb) Transaction 74 of length 142 (0 toread) [2012/11/09 16:29:16.459366, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.459377, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52736 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.459639, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.459659, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.459681, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de/pscript5.dll.mui" [2012/11/09 16:29:16.459705, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de/pscript5.dll.mui, dirpath = x64/3, start = de/pscript5.dll.mui [2012/11/09 16:29:16.459742, 5] smbd/filename.c:675(unix_convert) Intermediate not found de [2012/11/09 16:29:16.459778, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.459800, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.459811, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52736 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.461341, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x90 [2012/11/09 16:29:16.461376, 3] smbd/process.c:1662(process_smb) Transaction 75 of length 148 (0 toread) [2012/11/09 16:29:16.461396, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.461407, 5] lib/util.c:342(show_msg) size=144 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52800 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=14848 (0x3A00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=61 [2012/11/09 16:29:16.461687, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.461724, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.461757, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en-US/pscript5.dll.mui" [2012/11/09 16:29:16.461782, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en-US/pscript5.dll.mui, dirpath = x64/3, start = en-US/pscript5.dll.mui [2012/11/09 16:29:16.461819, 5] smbd/filename.c:675(unix_convert) Intermediate not found en-US [2012/11/09 16:29:16.461843, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.461863, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.461873, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52800 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.463371, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.463417, 3] smbd/process.c:1662(process_smb) Transaction 76 of length 142 (0 toread) [2012/11/09 16:29:16.463439, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.463450, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52864 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.463714, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.463734, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.463756, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en/pscript5.dll.mui" [2012/11/09 16:29:16.463781, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en/pscript5.dll.mui, dirpath = x64/3, start = en/pscript5.dll.mui [2012/11/09 16:29:16.463818, 5] smbd/filename.c:675(unix_convert) Intermediate not found en [2012/11/09 16:29:16.463842, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.463862, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.463872, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52864 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.465945, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.466003, 3] smbd/process.c:1662(process_smb) Transaction 77 of length 63 (0 toread) [2012/11/09 16:29:16.466042, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.466064, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=52928 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8219 (0x201B) smb_vwv[ 3]=51200 (0xC800) smb_vwv[ 4]= 6 (0x6) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.466392, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.466429, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.466473, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 37 444416 16384 0 [2012/11/09 16:29:16.466518, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=37 offset=444416 count=16384 type=0 [2012/11/09 16:29:16.466559, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 37 is returned info 2 pid 0 [2012/11/09 16:29:16.466598, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.466653, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8219 max=16384 nread=16384 [2012/11/09 16:29:16.470740, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/11/09 16:29:16.470802, 3] smbd/process.c:1662(process_smb) Transaction 78 of length 122 (0 toread) [2012/11/09 16:29:16.470823, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.470834, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=52992 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/11/09 16:29:16.471114, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.471136, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.471162, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/11/09 16:29:16.471190, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.471220, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll [2012/11/09 16:29:16.471244, 5] smbd/files.c:140(file_new) allocated file structure 4124, fnum = 8220 (9 used) [2012/11/09 16:29:16.471268, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0664 [2012/11/09 16:29:16.471288, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.471307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.471326, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.471363, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.471394, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=7) [2012/11/09 16:29:16.471415, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/ps5ui.dll, fd02:e12:0/2976701242, tv_sec = 509d214c, tv_usec = 730cb [2012/11/09 16:29:16.471457, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.471484, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.471523, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.471582, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8220, open name = x64/3/ps5ui.dll [2012/11/09 16:29:16.473028, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.473077, 3] smbd/process.c:1662(process_smb) Transaction 79 of length 76 (0 toread) [2012/11/09 16:29:16.473097, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.473108, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53056 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.473306, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.473327, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.473349, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.473380, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8220) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.473423, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8220) level=1005 max_data=24 [2012/11/09 16:29:16.473452, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.473473, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.473491, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.473515, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.473548, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.473571, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.473588, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53056 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.474891, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.474938, 3] smbd/process.c:1662(process_smb) Transaction 80 of length 63 (0 toread) [2012/11/09 16:29:16.474971, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.474990, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53120 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8220 (0x201C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.475256, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.475287, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.475325, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 38 0 4096 0 [2012/11/09 16:29:16.475376, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=38 offset=0 count=4096 type=0 [2012/11/09 16:29:16.475399, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2012/11/09 16:29:16.475418, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.475451, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8220 max=4096 nread=4096 [2012/11/09 16:29:16.482135, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.482216, 3] smbd/process.c:1662(process_smb) Transaction 81 of length 63 (0 toread) [2012/11/09 16:29:16.482244, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.482257, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53184 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8214 (0x2016) smb_vwv[ 3]=56832 (0xDE00) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]= 4608 (0x1200) smb_vwv[ 6]= 4608 (0x1200) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4608 (0x1200) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.482437, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.482458, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.482485, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 33 843264 4608 0 [2012/11/09 16:29:16.482511, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=33 offset=843264 count=4608 type=0 [2012/11/09 16:29:16.482533, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 33 is returned info 2 pid 0 [2012/11/09 16:29:16.482552, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.482577, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8214 max=4608 nread=4608 [2012/11/09 16:29:16.484727, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.484787, 3] smbd/process.c:1662(process_smb) Transaction 82 of length 45 (0 toread) [2012/11/09 16:29:16.484826, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.484847, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53248 smt_wct=3 smb_vwv[ 0]= 8220 (0x201C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.485054, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.485094, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.485135, 3] smbd/reply.c:4848(reply_close) close fd=38 fnum=8220 (numopen=7) [2012/11/09 16:29:16.485173, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.485263, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=6) NT_STATUS_OK [2012/11/09 16:29:16.485302, 5] smbd/files.c:482(file_free) freed files structure 8220 (8 used) [2012/11/09 16:29:16.485332, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.485350, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53248 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.486844, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.486882, 3] smbd/process.c:1662(process_smb) Transaction 83 of length 63 (0 toread) [2012/11/09 16:29:16.486902, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.486913, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53312 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8214 (0x2016) smb_vwv[ 3]=35840 (0x8C00) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.487121, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.487146, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.487190, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 33 560128 16384 0 [2012/11/09 16:29:16.487231, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=33 offset=560128 count=16384 type=0 [2012/11/09 16:29:16.487263, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 33 is returned info 2 pid 0 [2012/11/09 16:29:16.487290, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.487331, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8214 max=16384 nread=16384 [2012/11/09 16:29:16.490902, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.490979, 3] smbd/process.c:1662(process_smb) Transaction 84 of length 142 (0 toread) [2012/11/09 16:29:16.491008, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.491024, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53376 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.491389, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.491417, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.491452, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de-DE/ps5ui.dll.mui" [2012/11/09 16:29:16.491488, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de-DE/ps5ui.dll.mui, dirpath = x64/3, start = de-DE/ps5ui.dll.mui [2012/11/09 16:29:16.491545, 5] smbd/filename.c:675(unix_convert) Intermediate not found de-DE [2012/11/09 16:29:16.491582, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.491613, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.491632, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53376 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.493195, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x84 [2012/11/09 16:29:16.493250, 3] smbd/process.c:1662(process_smb) Transaction 85 of length 136 (0 toread) [2012/11/09 16:29:16.493285, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.493306, 5] lib/util.c:342(show_msg) size=132 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53440 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=11776 (0x2E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:16.493761, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.493799, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.493834, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de/ps5ui.dll.mui" [2012/11/09 16:29:16.493880, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de/ps5ui.dll.mui, dirpath = x64/3, start = de/ps5ui.dll.mui [2012/11/09 16:29:16.493941, 5] smbd/filename.c:675(unix_convert) Intermediate not found de [2012/11/09 16:29:16.493969, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.493993, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.494015, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53440 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.495506, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.495559, 3] smbd/process.c:1662(process_smb) Transaction 86 of length 142 (0 toread) [2012/11/09 16:29:16.495597, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.495631, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53504 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.496081, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.496117, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.496153, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en-US/ps5ui.dll.mui" [2012/11/09 16:29:16.496197, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en-US/ps5ui.dll.mui, dirpath = x64/3, start = en-US/ps5ui.dll.mui [2012/11/09 16:29:16.496257, 5] smbd/filename.c:675(unix_convert) Intermediate not found en-US [2012/11/09 16:29:16.496299, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.496337, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.496357, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53504 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.497946, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x84 [2012/11/09 16:29:16.497998, 3] smbd/process.c:1662(process_smb) Transaction 87 of length 136 (0 toread) [2012/11/09 16:29:16.498037, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.498079, 5] lib/util.c:342(show_msg) size=132 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53568 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=11776 (0x2E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:16.498526, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.498563, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.498605, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en/ps5ui.dll.mui" [2012/11/09 16:29:16.498662, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en/ps5ui.dll.mui, dirpath = x64/3, start = en/ps5ui.dll.mui [2012/11/09 16:29:16.498726, 5] smbd/filename.c:675(unix_convert) Intermediate not found en [2012/11/09 16:29:16.498764, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.498799, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.498819, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53568 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.500705, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.500761, 3] smbd/process.c:1662(process_smb) Transaction 88 of length 63 (0 toread) [2012/11/09 16:29:16.500795, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.500817, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53632 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8214 (0x2016) smb_vwv[ 3]=35840 (0x8C00) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.501122, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.501159, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.501199, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 33 822272 16384 0 [2012/11/09 16:29:16.501246, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=33 offset=822272 count=16384 type=0 [2012/11/09 16:29:16.501291, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 33 is returned info 2 pid 0 [2012/11/09 16:29:16.501328, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.501381, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8214 max=16384 nread=16384 [2012/11/09 16:29:16.505702, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/11/09 16:29:16.505790, 3] smbd/process.c:1662(process_smb) Transaction 89 of length 122 (0 toread) [2012/11/09 16:29:16.505830, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.505851, 5] lib/util.c:342(show_msg) size=118 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53696 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8192 (0x2000) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=35 [2012/11/09 16:29:16.506328, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.506364, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.506407, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/11/09 16:29:16.506458, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.506514, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll [2012/11/09 16:29:16.506555, 5] smbd/files.c:140(file_new) allocated file structure 4125, fnum = 8221 (9 used) [2012/11/09 16:29:16.506596, 3] smbd/dosmode.c:159(unix_mode) unix_mode(x64/3/ps5ui.dll) returning 0664 [2012/11/09 16:29:16.506633, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.506667, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.506700, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.506760, 4] smbd/open.c:2065(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 [2012/11/09 16:29:16.506814, 2] smbd/open.c:704(open_file) BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=7) [2012/11/09 16:29:16.506853, 5] smbd/oplock.c:92(set_file_oplock) set_file_oplock: granted oplock on file x64/3/ps5ui.dll, fd02:e12:0/2976701243, tv_sec = 509d214c, tv_usec = 7baba [2012/11/09 16:29:16.506904, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.506940, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.506973, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.507059, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) reply_ntcreate_and_X: fnum = 8221, open name = x64/3/ps5ui.dll [2012/11/09 16:29:16.508510, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:16.508561, 3] smbd/process.c:1662(process_smb) Transaction 90 of length 76 (0 toread) [2012/11/09 16:29:16.508596, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.508616, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53760 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:16.508952, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.508988, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.509023, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 [2012/11/09 16:29:16.509070, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8221) level=1005 call=7 total_data=0 [2012/11/09 16:29:16.509135, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8221) level=1005 max_data=24 [2012/11/09 16:29:16.509176, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.509211, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.509244, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.509282, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:16.509316, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:16.509349, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.509367, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=53760 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:16.510648, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.510693, 3] smbd/process.c:1662(process_smb) Transaction 91 of length 63 (0 toread) [2012/11/09 16:29:16.510713, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.510724, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53824 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8221 (0x201D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4096 (0x1000) smb_vwv[ 6]= 4096 (0x1000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4096 (0x1000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.510933, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.510959, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.510985, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 38 0 4096 0 [2012/11/09 16:29:16.511010, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=38 offset=0 count=4096 type=0 [2012/11/09 16:29:16.511031, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2012/11/09 16:29:16.511050, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.511073, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8221 max=4096 nread=4096 [2012/11/09 16:29:16.512647, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.512703, 3] smbd/process.c:1662(process_smb) Transaction 92 of length 63 (0 toread) [2012/11/09 16:29:16.512737, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.512758, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53888 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8221 (0x201D) smb_vwv[ 3]=56832 (0xDE00) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]= 4608 (0x1200) smb_vwv[ 6]= 4608 (0x1200) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4608 (0x1200) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.513044, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.513079, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.513114, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 38 843264 4608 0 [2012/11/09 16:29:16.513180, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=38 offset=843264 count=4608 type=0 [2012/11/09 16:29:16.513220, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2012/11/09 16:29:16.513296, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.513334, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8221 max=4608 nread=4608 [2012/11/09 16:29:16.515539, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.515582, 3] smbd/process.c:1662(process_smb) Transaction 93 of length 63 (0 toread) [2012/11/09 16:29:16.515611, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.515663, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=53952 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8221 (0x201D) smb_vwv[ 3]=35840 (0x8C00) smb_vwv[ 4]= 8 (0x8) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.515878, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.515912, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.515952, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 38 560128 16384 0 [2012/11/09 16:29:16.515991, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=38 offset=560128 count=16384 type=0 [2012/11/09 16:29:16.516034, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2012/11/09 16:29:16.516074, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.516120, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8221 max=16384 nread=16384 [2012/11/09 16:29:16.519462, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.519525, 3] smbd/process.c:1662(process_smb) Transaction 94 of length 142 (0 toread) [2012/11/09 16:29:16.519547, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.519559, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54016 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.519836, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.519858, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.519886, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de-DE/ps5ui.dll.mui" [2012/11/09 16:29:16.519915, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de-DE/ps5ui.dll.mui, dirpath = x64/3, start = de-DE/ps5ui.dll.mui [2012/11/09 16:29:16.519967, 5] smbd/filename.c:675(unix_convert) Intermediate not found de-DE [2012/11/09 16:29:16.519992, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.520014, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.520045, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54016 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.523137, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x84 [2012/11/09 16:29:16.523208, 3] smbd/process.c:1662(process_smb) Transaction 95 of length 136 (0 toread) [2012/11/09 16:29:16.523233, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.523244, 5] lib/util.c:342(show_msg) size=132 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54080 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=11776 (0x2E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:16.523552, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.523575, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.523598, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/de/ps5ui.dll.mui" [2012/11/09 16:29:16.523624, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/de/ps5ui.dll.mui, dirpath = x64/3, start = de/ps5ui.dll.mui [2012/11/09 16:29:16.523666, 5] smbd/filename.c:675(unix_convert) Intermediate not found de [2012/11/09 16:29:16.523690, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.523710, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.523721, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54080 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.525324, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8a [2012/11/09 16:29:16.525372, 3] smbd/process.c:1662(process_smb) Transaction 96 of length 142 (0 toread) [2012/11/09 16:29:16.525401, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.525417, 5] lib/util.c:342(show_msg) size=138 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54144 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=13312 (0x3400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=55 [2012/11/09 16:29:16.525809, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.525839, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.525871, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en-US/ps5ui.dll.mui" [2012/11/09 16:29:16.525906, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en-US/ps5ui.dll.mui, dirpath = x64/3, start = en-US/ps5ui.dll.mui [2012/11/09 16:29:16.525977, 5] smbd/filename.c:675(unix_convert) Intermediate not found en-US [2012/11/09 16:29:16.526011, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.526041, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.526058, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54144 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.527482, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x84 [2012/11/09 16:29:16.527530, 3] smbd/process.c:1662(process_smb) Transaction 97 of length 136 (0 toread) [2012/11/09 16:29:16.527562, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.527578, 5] lib/util.c:342(show_msg) size=132 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54208 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=11776 (0x2E00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:16.527971, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.528007, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.528047, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/en/ps5ui.dll.mui" [2012/11/09 16:29:16.528089, 5] smbd/filename.c:416(unix_convert) unix_convert begin: name = x64/3/en/ps5ui.dll.mui, dirpath = x64/3, start = en/ps5ui.dll.mui [2012/11/09 16:29:16.528149, 5] smbd/filename.c:675(unix_convert) Intermediate not found en [2012/11/09 16:29:16.528186, 3] smbd/error.c:81(error_packet_set) error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2012/11/09 16:29:16.528221, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.528243, 5] lib/util.c:342(show_msg) size=35 smb_com=0xa2 smb_rcls=58 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54208 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.530134, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.530182, 3] smbd/process.c:1662(process_smb) Transaction 98 of length 63 (0 toread) [2012/11/09 16:29:16.530218, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.530239, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=59415 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54272 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8221 (0x201D) smb_vwv[ 3]=35840 (0x8C00) smb_vwv[ 4]= 12 (0xC) smb_vwv[ 5]=16384 (0x4000) smb_vwv[ 6]=16384 (0x4000) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]=16384 (0x4000) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.530553, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.530592, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.530645, 8] locking/posix.c:254(posix_fcntl_getlock) posix_fcntl_getlock 38 822272 16384 0 [2012/11/09 16:29:16.530690, 8] lib/util.c:1474(fcntl_getlock) fcntl_getlock fd=38 offset=822272 count=16384 type=0 [2012/11/09 16:29:16.530773, 3] lib/util.c:1498(fcntl_getlock) fcntl_getlock: fd 38 is returned info 2 pid 0 [2012/11/09 16:29:16.530813, 8] locking/posix.c:284(posix_fcntl_getlock) posix_fcntl_getlock: Lock query call successful [2012/11/09 16:29:16.530862, 3] smbd/reply.c:3702(send_file_readX) send_file_readX fnum=8221 max=16384 nread=16384 [2012/11/09 16:29:16.535101, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/11/09 16:29:16.535157, 3] smbd/process.c:1662(process_smb) Transaction 99 of length 124 (0 toread) [2012/11/09 16:29:16.535177, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.535189, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54336 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/11/09 16:29:16.535389, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.535409, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.535435, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:16.535461, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript5.dll" [2012/11/09 16:29:16.535508, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.535559, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll [2012/11/09 16:29:16.535590, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript5.dll [2012/11/09 16:29:16.535643, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:16.535683, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:16.535727, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:16.535775, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:16.535810, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript5.dll, attr = 22 [2012/11/09 16:29:16.535840, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:16.535879, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 [2012/11/09 16:29:16.535921, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript5.dll [2012/11/09 16:29:16.535960, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.535992, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.536041, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) [2012/11/09 16:29:16.536088, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:16.536125, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:16.536167, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/11/09 16:29:16.536202, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/11/09 16:29:16.536240, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.536284, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54336 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/11/09 16:29:16.536647, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:16.536684, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.536707, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.536726, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.536762, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:16.539486, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x72 [2012/11/09 16:29:16.539543, 3] smbd/process.c:1662(process_smb) Transaction 100 of length 118 (0 toread) [2012/11/09 16:29:16.539577, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.539598, 5] lib/util.c:342(show_msg) size=114 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54400 smt_wct=15 smb_vwv[ 0]= 46 (0x2E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 46 (0x2E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=49 [2012/11/09 16:29:16.539937, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.539975, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.540011, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-22-2-71 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:16.549887, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 71 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:16.553827, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,71) [2012/11/09 16:29:16.553883, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:16.553932, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/ps5ui.dll" [2012/11/09 16:29:16.553981, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] [2012/11/09 16:29:16.554017, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll [2012/11/09 16:29:16.554037, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = ps5ui.dll [2012/11/09 16:29:16.554057, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:16.554076, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:16.554098, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:16.554127, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:16.554148, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = ps5ui.dll, attr = 22 [2012/11/09 16:29:16.554167, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:16.554193, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eacbb820 now at offset -1 [2012/11/09 16:29:16.554215, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/ps5ui.dll [2012/11/09 16:29:16.554246, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.554267, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.554299, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) [2012/11/09 16:29:16.554327, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:16.554367, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:16.554396, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 [2012/11/09 16:29:16.554417, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 [2012/11/09 16:29:16.554435, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.554446, 5] lib/util.c:342(show_msg) size=180 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54400 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=125 [2012/11/09 16:29:16.554641, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:16.557677, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x78 [2012/11/09 16:29:16.557748, 3] smbd/process.c:1662(process_smb) Transaction 101 of length 124 (0 toread) [2012/11/09 16:29:16.557789, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.557811, 5] lib/util.c:342(show_msg) size=120 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54464 smt_wct=15 smb_vwv[ 0]= 52 (0x34) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 52 (0x34) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=55 [2012/11/09 16:29:16.558168, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.558204, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.558247, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:16.558292, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/yyyp0708.ppd" [2012/11/09 16:29:16.558324, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/yyyp0708.ppd] [/var/lib/samba/drivers] [2012/11/09 16:29:16.558355, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/yyyp0708.ppd reduced to /var/lib/samba/drivers/x64/3/yyyp0708.ppd [2012/11/09 16:29:16.558375, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = yyyp0708.ppd [2012/11/09 16:29:16.558395, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:16.558414, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:16.558437, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:16.558464, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:16.558484, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = yyyp0708.ppd, attr = 22 [2012/11/09 16:29:16.558503, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:16.558547, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 [2012/11/09 16:29:16.558570, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/yyyp0708.ppd [2012/11/09 16:29:16.558590, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.558609, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.558640, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[yyyp0708.ppd] found x64/3/yyyp0708.ppd fname=yyyp0708.ppd (yyyp0708.ppd) [2012/11/09 16:29:16.558668, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:16.558688, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:16.558712, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 [2012/11/09 16:29:16.558732, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 [2012/11/09 16:29:16.558750, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.558761, 5] lib/util.c:342(show_msg) size=188 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54464 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 120 (0x78) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2012/11/09 16:29:16.558939, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=yyyp0708.ppd directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:16.562046, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/11/09 16:29:16.562116, 3] smbd/process.c:1662(process_smb) Transaction 102 of length 122 (0 toread) [2012/11/09 16:29:16.562150, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.562170, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54528 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/11/09 16:29:16.562527, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.562568, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.562612, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:16.562660, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.hlp" [2012/11/09 16:29:16.562708, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/drivers] [2012/11/09 16:29:16.562758, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/drivers/x64/3/pscript.hlp [2012/11/09 16:29:16.562793, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.hlp [2012/11/09 16:29:16.562827, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:16.562860, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:16.562900, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:16.562965, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:16.563000, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.hlp, attr = 22 [2012/11/09 16:29:16.563032, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:16.563073, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 [2012/11/09 16:29:16.563115, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.hlp [2012/11/09 16:29:16.563153, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.563193, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.563243, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) [2012/11/09 16:29:16.563292, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:16.563332, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:16.563380, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/11/09 16:29:16.563422, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/11/09 16:29:16.563462, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.563485, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54528 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/11/09 16:29:16.563767, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:16.566501, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x76 [2012/11/09 16:29:16.566581, 3] smbd/process.c:1662(process_smb) Transaction 103 of length 122 (0 toread) [2012/11/09 16:29:16.566618, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.566635, 5] lib/util.c:342(show_msg) size=118 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54592 smt_wct=15 smb_vwv[ 0]= 50 (0x32) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 50 (0x32) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=53 [2012/11/09 16:29:16.566924, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.566957, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.566991, 3] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 [2012/11/09 16:29:16.567031, 5] smbd/filename.c:257(unix_convert) unix_convert called on file "x64/3/pscript.ntf" [2012/11/09 16:29:16.567077, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/drivers] [2012/11/09 16:29:16.567124, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/drivers/x64/3/pscript.ntf [2012/11/09 16:29:16.567157, 5] smbd/trans2.c:2371(call_trans2findfirst) dir=x64/3, mask = pscript.ntf [2012/11/09 16:29:16.567189, 5] smbd/dir.c:439(dptr_create) dptr_create dir=x64/3 [2012/11/09 16:29:16.567242, 3] smbd/vfs.c:905(check_reduced_name) check_reduced_name [x64/3] [/var/lib/samba/drivers] [2012/11/09 16:29:16.567283, 3] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 [2012/11/09 16:29:16.567323, 3] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path x64/3, expect_close = 1 [2012/11/09 16:29:16.567354, 4] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = pscript.ntf, attr = 22 [2012/11/09 16:29:16.567383, 8] smbd/trans2.c:2448(call_trans2findfirst) dirpath= dontdescend=<> [2012/11/09 16:29:16.567422, 6] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 [2012/11/09 16:29:16.567456, 8] smbd/dosmode.c:621(dos_mode) dos_mode: x64/3/pscript.ntf [2012/11/09 16:29:16.567485, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning [2012/11/09 16:29:16.567507, 8] smbd/dosmode.c:672(dos_mode) dos_mode returning [2012/11/09 16:29:16.567537, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) [2012/11/09 16:29:16.567565, 5] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2012/11/09 16:29:16.567586, 4] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2012/11/09 16:29:16.567611, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 [2012/11/09 16:29:16.567640, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 [2012/11/09 16:29:16.567675, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.567696, 5] lib/util.c:342(show_msg) size=184 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=5012 smb_uid=101 smb_mid=54592 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [2012/11/09 16:29:16.567959, 4] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 [2012/11/09 16:29:16.570123, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.570167, 3] smbd/process.c:1662(process_smb) Transaction 104 of length 45 (0 toread) [2012/11/09 16:29:16.570188, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.570199, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54656 smt_wct=3 smb_vwv[ 0]= 8219 (0x201B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.570315, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.570336, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.570355, 3] smbd/reply.c:4848(reply_close) close fd=37 fnum=8219 (numopen=7) [2012/11/09 16:29:16.570375, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.570427, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=6) NT_STATUS_OK [2012/11/09 16:29:16.570453, 5] smbd/files.c:482(file_free) freed files structure 8219 (8 used) [2012/11/09 16:29:16.570474, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.570486, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54656 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.574066, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.574170, 3] smbd/process.c:1662(process_smb) Transaction 105 of length 45 (0 toread) [2012/11/09 16:29:16.574208, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.574230, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54720 smt_wct=3 smb_vwv[ 0]= 8213 (0x2015) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.574431, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.574462, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.574498, 3] smbd/reply.c:4848(reply_close) close fd=32 fnum=8213 (numopen=6) [2012/11/09 16:29:16.574531, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.574620, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=5) NT_STATUS_OK [2012/11/09 16:29:16.574662, 5] smbd/files.c:482(file_free) freed files structure 8213 (7 used) [2012/11/09 16:29:16.574702, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.574725, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54720 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.576164, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.576221, 3] smbd/process.c:1662(process_smb) Transaction 106 of length 45 (0 toread) [2012/11/09 16:29:16.576258, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.576279, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54784 smt_wct=3 smb_vwv[ 0]= 8221 (0x201D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.576500, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.576538, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.576573, 3] smbd/reply.c:4848(reply_close) close fd=38 fnum=8221 (numopen=5) [2012/11/09 16:29:16.576611, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.576691, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=4) NT_STATUS_OK [2012/11/09 16:29:16.576736, 5] smbd/files.c:482(file_free) freed files structure 8221 (6 used) [2012/11/09 16:29:16.576775, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.576797, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54784 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.578238, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.578305, 3] smbd/process.c:1662(process_smb) Transaction 107 of length 45 (0 toread) [2012/11/09 16:29:16.578342, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.578363, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54848 smt_wct=3 smb_vwv[ 0]= 8214 (0x2016) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.578536, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.578567, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.578597, 3] smbd/reply.c:4848(reply_close) close fd=33 fnum=8214 (numopen=4) [2012/11/09 16:29:16.578635, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.578733, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=3) NT_STATUS_OK [2012/11/09 16:29:16.578773, 5] smbd/files.c:482(file_free) freed files structure 8214 (5 used) [2012/11/09 16:29:16.578806, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.578821, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54848 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.580174, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.580221, 3] smbd/process.c:1662(process_smb) Transaction 108 of length 45 (0 toread) [2012/11/09 16:29:16.580248, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.580263, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54912 smt_wct=3 smb_vwv[ 0]= 8215 (0x2017) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.580429, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.580457, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.580517, 3] smbd/reply.c:4848(reply_close) close fd=34 fnum=8215 (numopen=3) [2012/11/09 16:29:16.580549, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.580606, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/yyyp0708.ppd (numopen=2) NT_STATUS_OK [2012/11/09 16:29:16.580640, 5] smbd/files.c:482(file_free) freed files structure 8215 (4 used) [2012/11/09 16:29:16.580670, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.580686, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54912 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.582283, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.582341, 3] smbd/process.c:1662(process_smb) Transaction 109 of length 45 (0 toread) [2012/11/09 16:29:16.582362, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.582374, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54976 smt_wct=3 smb_vwv[ 0]= 8216 (0x2018) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.582494, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.582516, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.582537, 3] smbd/reply.c:4848(reply_close) close fd=35 fnum=8216 (numopen=2) [2012/11/09 16:29:16.582557, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.582608, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/pscript.hlp (numopen=1) NT_STATUS_OK [2012/11/09 16:29:16.582634, 5] smbd/files.c:482(file_free) freed files structure 8216 (3 used) [2012/11/09 16:29:16.582656, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.582668, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=54976 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.583883, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.583920, 3] smbd/process.c:1662(process_smb) Transaction 110 of length 45 (0 toread) [2012/11/09 16:29:16.583940, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.583951, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=55040 smt_wct=3 smb_vwv[ 0]= 8217 (0x2019) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.584093, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:16.584114, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.584134, 3] smbd/reply.c:4848(reply_close) close fd=36 fnum=8217 (numopen=1) [2012/11/09 16:29:16.584154, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.584196, 2] smbd/close.c:696(close_normal_file) BROSE+pfoerfr closed file x64/3/pscript.ntf (numopen=0) NT_STATUS_OK [2012/11/09 16:29:16.584221, 5] smbd/files.c:482(file_free) freed files structure 8217 (2 used) [2012/11/09 16:29:16.584243, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.584255, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=55040 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.742693, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x890 [2012/11/09 16:29:16.742794, 3] smbd/process.c:1662(process_smb) Transaction 111 of length 2196 (0 toread) [2012/11/09 16:29:16.742826, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.742850, 5] lib/util.c:342(show_msg) size=2192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55104 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2108 (0x83C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2108 (0x83C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2125 [2012/11/09 16:29:16.743192, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.743227, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.743266, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:16.755753, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:16.759736, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:16.759784, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/tmp [2012/11/09 16:29:16.759828, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2108 params=0 setup=2 [2012/11/09 16:29:16.759862, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.759890, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.759919, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.759947, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.759980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2108 [2012/11/09 16:29:16.760026, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.760061, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:16.760095, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:16.760129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.760200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.760268, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.760318, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.760359, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.760405, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.760438, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.760519, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.760556, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.760585, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.760613, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.760742, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.760820, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.760917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.760991, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.761056, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.761118, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.761181, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.761240, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.761295, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.761371, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.761447, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.761543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.761733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.761808, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.761855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.761918, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.761961, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762259, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762303, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762366, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762474, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762518, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762580, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762688, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762795, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762839, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.762904, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.762948, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763023, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763067, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763130, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763340, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763672, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763777, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.763910, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.763952, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.763998, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.764063, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.764091, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.764141, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.764200, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.764277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.764343, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.764395, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.764448, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.764529, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.764582, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.764629, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.764692, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.764763, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.764849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.764918, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.764946, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.765019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765088, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.765115, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.765160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765304, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.765346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765415, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765484, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.765530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765605, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765686, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.765735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.765875, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.765948, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.765998, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.766043, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.766078, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.766124, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.766161, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.766192, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.766220, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.766339, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.766410, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.766501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.766574, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.766638, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.766698, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.766765, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.766848, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.766904, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.766977, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.767054, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767219, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.767250, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.767329, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767405, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.767438, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.767487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767559, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767628, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.767671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767743, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.767810, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.767872, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.767922, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.767962, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 7481 [2012/11/09 16:29:16.768010, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) [2012/11/09 16:29:16.768042, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.768060, 5] lib/util.c:342(show_msg) size=2144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55104 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2088 (0x828) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2088 (0x828) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2089 [2012/11/09 16:29:16.769685, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x890 [2012/11/09 16:29:16.769750, 3] smbd/process.c:1662(process_smb) Transaction 112 of length 2196 (0 toread) [2012/11/09 16:29:16.769771, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.769782, 5] lib/util.c:342(show_msg) size=2192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55168 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2108 (0x83C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2108 (0x83C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2125 [2012/11/09 16:29:16.769990, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.770012, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.770037, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2108 params=0 setup=2 [2012/11/09 16:29:16.770060, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.770078, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.770097, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.770115, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.770136, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2108 [2012/11/09 16:29:16.770165, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.770189, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:16.770209, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:16.770231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.770311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.770352, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.770376, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.770404, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.770435, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.770458, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.770491, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.770516, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.770534, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.770552, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.770643, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.770696, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.770773, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.770817, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.770861, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.770903, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.770943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.770983, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.771019, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.771066, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.771115, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771306, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771381, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771455, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771529, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771560, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771601, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771728, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771779, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.771898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.771968, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772016, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772086, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772204, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772446, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772600, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772717, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772777, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772851, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.772902, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.772973, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773021, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773141, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773213, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773262, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773407, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773480, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773510, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.773556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773627, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.773656, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.773710, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.773771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.773942, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.774000, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.774063, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.774122, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.774179, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.774232, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.774301, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.774375, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.774465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.774537, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.774566, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.774650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.774725, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.774755, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.774804, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.774874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.774940, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.774982, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775117, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.775157, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775229, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775312, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.775357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.775495, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.775594, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.775663, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.775702, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:16.775749, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:16.775780, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.775798, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55168 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:16.777323, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:16.777396, 3] smbd/process.c:1662(process_smb) Transaction 113 of length 4348 (0 toread) [2012/11/09 16:29:16.777427, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.777447, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55232 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:16.777754, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.777789, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.777825, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2014 name: spoolss len: 4280 [2012/11/09 16:29:16.777857, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:16.777909, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:16.778869, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x138 [2012/11/09 16:29:16.778915, 3] smbd/process.c:1662(process_smb) Transaction 114 of length 316 (0 toread) [2012/11/09 16:29:16.778947, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.778965, 5] lib/util.c:342(show_msg) size=312 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55296 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 228 (0xE4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 228 (0xE4) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=245 [2012/11/09 16:29:16.779307, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.779337, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.779370, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=228 params=0 setup=2 [2012/11/09 16:29:16.779404, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.779430, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.779455, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.779480, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.779506, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 228 [2012/11/09 16:29:16.779547, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.779579, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:16.779607, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:16.779636, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.779704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.779770, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.779801, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.779836, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.779883, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.779922, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.779968, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.780005, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.780042, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.780079, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.780215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.780316, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.780422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.780529, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.780607, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.780673, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.780742, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.780808, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.780885, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.780963, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.781045, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781359, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.781410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781484, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.781534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781606, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.781660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781736, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.781785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781855, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.781904, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.781972, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782093, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782159, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782353, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782402, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782477, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782533, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782604, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782733, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782780, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.782897, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.782966, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783014, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783084, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783202, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783342, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783465, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783737, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783767, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.783815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.783887, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.783916, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.783974, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.784043, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.784131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.784203, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.784263, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.784325, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.784384, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.784443, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.784597, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.784704, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.784786, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.784883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.784958, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.784990, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.785070, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785144, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.785174, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.785225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785363, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.785406, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785475, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785541, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.785582, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785733, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.785778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.785913, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.786039, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.786107, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.786153, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..4280] (align 0) [2012/11/09 16:29:16.786186, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.786204, 5] lib/util.c:342(show_msg) size=4336 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55296 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4280 (0x10B8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:16.787696, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.787741, 3] smbd/process.c:1662(process_smb) Transaction 115 of length 63 (0 toread) [2012/11/09 16:29:16.787771, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.787788, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55360 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8212 (0x2014) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.788055, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.788086, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.788119, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.788156, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 8991 [2012/11/09 16:29:16.788205, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=208 [2012/11/09 16:29:16.789322, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x890 [2012/11/09 16:29:16.789373, 3] smbd/process.c:1662(process_smb) Transaction 116 of length 2196 (0 toread) [2012/11/09 16:29:16.789403, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.789420, 5] lib/util.c:342(show_msg) size=2192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55424 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2108 (0x83C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2108 (0x83C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2125 [2012/11/09 16:29:16.789745, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.789777, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.789812, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2108 params=0 setup=2 [2012/11/09 16:29:16.789845, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.789871, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.789900, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.789927, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.789957, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2108 [2012/11/09 16:29:16.789996, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.790052, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:16.790083, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:16.790115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.790184, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.790250, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.790284, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.790323, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.790369, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.790403, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.790448, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.790482, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.790511, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.790538, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.790662, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.790737, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.790826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.790899, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.790964, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.791027, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.791089, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.791148, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.791202, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.791274, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.791350, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.791439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.791575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.791682, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.791736, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.791808, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.791857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.791926, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.791973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792042, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792088, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792156, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792202, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792269, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792388, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792436, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792541, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792662, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792801, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.792922, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.792970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793040, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793088, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793158, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793206, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793276, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793324, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793394, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793442, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793559, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793752, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793822, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.793900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.793980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.794058, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.794088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.794135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.794206, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.794235, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.794290, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.794353, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.794440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.794513, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.794573, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.794640, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.794702, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.794759, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.794813, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.794883, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.794957, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795118, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.795148, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.795225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795314, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.795344, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.795395, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795535, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.795579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795735, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.795778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.795913, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.795956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.796026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.796091, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.796151, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.796192, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.796236, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.796268, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.796319, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.796354, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.796383, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.796411, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.796552, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.796643, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.796733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.796805, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.796867, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.796927, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.796987, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.797045, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.797097, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.797168, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.797243, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797541, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.797592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797664, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.797716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797790, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.797842, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.797912, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.797960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798033, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798103, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798181, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798238, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798437, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798556, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798690, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798742, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798813, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798862, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.798937, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.798988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799108, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799321, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799440, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799559, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799680, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799800, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.799947, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.799977, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.800025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.800098, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.800127, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.800187, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.800262, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.800371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.800445, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.800583, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.800647, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.800708, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.800771, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.800828, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.800899, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.800975, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801135, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.801164, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.801241, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801315, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.801345, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.801394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801531, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.801574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801712, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.801754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.801904, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.801949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.802019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.802084, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.802144, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.802179, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.802221, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.802255, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.802284, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.802311, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.802425, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.802490, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.802579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.802661, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.802725, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.802785, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.802844, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.802902, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.802955, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.803026, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.803092, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:16.803162, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803252, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803322, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.803352, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.803432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803573, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.803613, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.803746, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.803803, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.803853, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.803890, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 7451 [2012/11/09 16:29:16.803943, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) [2012/11/09 16:29:16.803975, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.803992, 5] lib/util.c:342(show_msg) size=2144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55424 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2088 (0x828) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2088 (0x828) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2089 [2012/11/09 16:29:16.831207, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:16.831331, 3] smbd/process.c:1662(process_smb) Transaction 117 of length 106 (0 toread) [2012/11/09 16:29:16.831370, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.831439, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55488 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:16.831998, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.832036, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.832077, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:16.832114, 5] smbd/files.c:140(file_new) allocated file structure 4126, fnum = 8222 (3 used) [2012/11/09 16:29:16.832162, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:16.832282, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:16.832330, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:16.833361, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:16.833415, 3] smbd/process.c:1662(process_smb) Transaction 118 of length 228 (0 toread) [2012/11/09 16:29:16.833446, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.833469, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55552 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8222 (0x201E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:16.833741, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.833764, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.833785, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 201e name: spoolss len: 160 [2012/11/09 16:29:16.833805, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:16.833833, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.833854, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:16.833889, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:16.833928, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.833974, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:16.834924, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.834957, 3] smbd/process.c:1662(process_smb) Transaction 119 of length 63 (0 toread) [2012/11/09 16:29:16.834985, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.835009, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55616 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8222 (0x201E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.835246, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.835269, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.835291, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.835312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:16.835336, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:16.836353, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc4 [2012/11/09 16:29:16.836399, 3] smbd/process.c:1662(process_smb) Transaction 120 of length 200 (0 toread) [2012/11/09 16:29:16.836434, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.836484, 5] lib/util.c:342(show_msg) size=196 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55680 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8222 (0x201E) smb_bcc=129 [2012/11/09 16:29:16.836773, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.836796, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.836820, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=112 params=0 setup=2 [2012/11/09 16:29:16.836842, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.836860, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.836879, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.836897, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 201e) [2012/11/09 16:29:16.836929, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 112 [2012/11/09 16:29:16.836969, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.836994, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x33 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTPROCDATATYPES [2012/11/09 16:29:16.837017, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[51].fn == 0x7fa2ea3e1cc0 [2012/11/09 16:29:16.837048, 5] rpc_server/spoolss/srv_spoolss_nt.c:8810(_spoolss_EnumPrintProcDataTypes) _spoolss_EnumPrintProcDataTypes [2012/11/09 16:29:16.837078, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.837106, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.837131, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1257 [2012/11/09 16:29:16.837157, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.837177, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.837189, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55680 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.841916, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.841955, 3] smbd/process.c:1662(process_smb) Transaction 121 of length 45 (0 toread) [2012/11/09 16:29:16.841975, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.841987, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55744 smt_wct=3 smb_vwv[ 0]= 8222 (0x201E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.842136, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.842168, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.842196, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8222 (numopen=3) [2012/11/09 16:29:16.842225, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.842285, 5] smbd/files.c:482(file_free) freed files structure 8222 (2 used) [2012/11/09 16:29:16.842318, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.842335, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55744 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.843529, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:16.843569, 3] smbd/process.c:1662(process_smb) Transaction 122 of length 106 (0 toread) [2012/11/09 16:29:16.843598, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.843614, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=55808 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:16.843999, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.844029, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.844059, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:16.844090, 5] smbd/files.c:140(file_new) allocated file structure 4127, fnum = 8223 (3 used) [2012/11/09 16:29:16.844127, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:16.844194, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:16.844231, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:16.845121, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:16.845162, 3] smbd/process.c:1662(process_smb) Transaction 123 of length 228 (0 toread) [2012/11/09 16:29:16.845190, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.845206, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55872 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8223 (0x201F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:16.845489, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.845518, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.845547, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 201f name: spoolss len: 160 [2012/11/09 16:29:16.845576, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:16.845611, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.845657, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:16.845686, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:16.845715, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.845757, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:16.846725, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.846777, 3] smbd/process.c:1662(process_smb) Transaction 124 of length 63 (0 toread) [2012/11/09 16:29:16.846799, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.846810, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=55936 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8223 (0x201F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.847009, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.847033, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.847075, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.847123, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:16.847172, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:16.848087, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe8 [2012/11/09 16:29:16.848134, 3] smbd/process.c:1662(process_smb) Transaction 125 of length 236 (0 toread) [2012/11/09 16:29:16.848170, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.848193, 5] lib/util.c:342(show_msg) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56000 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8223 (0x201F) smb_bcc=165 [2012/11/09 16:29:16.848526, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.848565, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.848607, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=148 params=0 setup=2 [2012/11/09 16:29:16.848646, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.848679, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.848716, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.848747, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 201f) [2012/11/09 16:29:16.848785, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 148 [2012/11/09 16:29:16.848839, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.848879, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x33 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTPROCDATATYPES [2012/11/09 16:29:16.848915, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[51].fn == 0x7fa2ea3e1cc0 [2012/11/09 16:29:16.848954, 5] rpc_server/spoolss/srv_spoolss_nt.c:8810(_spoolss_EnumPrintProcDataTypes) _spoolss_EnumPrintProcDataTypes [2012/11/09 16:29:16.849000, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.849047, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.849089, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1257 [2012/11/09 16:29:16.849133, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..76] (align 0) [2012/11/09 16:29:16.849197, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.849217, 5] lib/util.c:342(show_msg) size=132 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56000 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 76 (0x4C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=77 [2012/11/09 16:29:16.850347, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.850389, 3] smbd/process.c:1662(process_smb) Transaction 126 of length 45 (0 toread) [2012/11/09 16:29:16.850411, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.850423, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56064 smt_wct=3 smb_vwv[ 0]= 8223 (0x201F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.850556, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.850579, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.850599, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8223 (numopen=3) [2012/11/09 16:29:16.850626, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.850680, 5] smbd/files.c:482(file_free) freed files structure 8223 (2 used) [2012/11/09 16:29:16.850706, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.850727, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56064 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.852084, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbc [2012/11/09 16:29:16.852119, 3] smbd/process.c:1662(process_smb) Transaction 127 of length 192 (0 toread) [2012/11/09 16:29:16.852139, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.852151, 5] lib/util.c:342(show_msg) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56128 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=121 [2012/11/09 16:29:16.852411, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.852434, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.852474, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=104 params=0 setup=2 [2012/11/09 16:29:16.852503, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.852522, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.852541, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.852560, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.852590, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 104 [2012/11/09 16:29:16.852628, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.852653, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/11/09 16:29:16.852674, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 [2012/11/09 16:29:16.852712, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.852756, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/11/09 16:29:16.852778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.852840, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.852868, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.852896, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.852928, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.852951, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.852986, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.853011, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.853031, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.853050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.853155, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.853211, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.853273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.853334, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.853404, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.853454, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.853496, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.853537, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.853575, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.853652, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.853725, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.853799, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.853884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.853940, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.853972, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.854028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.854074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.854114, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.854143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.854215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.854258, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.854293, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.854326, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.854352, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:16.854381, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) [2012/11/09 16:29:16.854402, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.854421, 5] lib/util.c:342(show_msg) size=1120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56128 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1064 (0x428) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1064 (0x428) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1065 [2012/11/09 16:29:16.855396, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc4 [2012/11/09 16:29:16.855430, 3] smbd/process.c:1662(process_smb) Transaction 128 of length 200 (0 toread) [2012/11/09 16:29:16.855451, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.855462, 5] lib/util.c:342(show_msg) size=196 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56192 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 112 (0x70) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=129 [2012/11/09 16:29:16.855692, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.855714, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.855738, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=112 params=0 setup=2 [2012/11/09 16:29:16.855760, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.855778, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.855797, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.855817, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.855848, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 112 [2012/11/09 16:29:16.855875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.855916, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/11/09 16:29:16.855948, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 [2012/11/09 16:29:16.855972, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.856014, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/11/09 16:29:16.856033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.856072, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.856096, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.856121, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.856149, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.856183, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.856232, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.856271, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.856293, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.856320, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.856404, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.856453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.856536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.856581, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.856625, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.856666, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.856707, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.856746, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.856783, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.856830, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.856874, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.856921, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.856979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.857035, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.857056, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:16.857134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.857198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.857256, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.857289, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.857332, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.857371, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.857403, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.857438, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.857485, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:16.857532, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) [2012/11/09 16:29:16.857568, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.857587, 5] lib/util.c:342(show_msg) size=1120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56192 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1064 (0x428) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1064 (0x428) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1065 [2012/11/09 16:29:16.858854, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:16.858900, 3] smbd/process.c:1662(process_smb) Transaction 129 of length 106 (0 toread) [2012/11/09 16:29:16.858923, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.858935, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:16.859235, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.859275, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.859301, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:16.859323, 5] smbd/files.c:140(file_new) allocated file structure 4128, fnum = 8224 (3 used) [2012/11/09 16:29:16.859350, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:16.859396, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:16.859425, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:16.860218, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:16.860252, 3] smbd/process.c:1662(process_smb) Transaction 130 of length 228 (0 toread) [2012/11/09 16:29:16.860272, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.860284, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8224 (0x2020) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:16.860507, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.860529, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.860551, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2020 name: spoolss len: 160 [2012/11/09 16:29:16.860572, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:16.860597, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.860619, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:16.860639, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:16.860659, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:16.860690, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:16.861478, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:16.861512, 3] smbd/process.c:1662(process_smb) Transaction 131 of length 63 (0 toread) [2012/11/09 16:29:16.861532, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.861543, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8224 (0x2020) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:16.861732, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.861753, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.861775, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.861797, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:16.861821, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:16.862628, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1cc [2012/11/09 16:29:16.862672, 3] smbd/process.c:1662(process_smb) Transaction 132 of length 464 (0 toread) [2012/11/09 16:29:16.862714, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.862755, 5] lib/util.c:342(show_msg) size=460 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 376 (0x178) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 376 (0x178) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8224 (0x2020) smb_bcc=393 [2012/11/09 16:29:16.863151, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.863196, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.863253, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=376 params=0 setup=2 [2012/11/09 16:29:16.863293, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.863314, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.863334, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.863353, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2020) [2012/11/09 16:29:16.863375, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 376 [2012/11/09 16:29:16.863414, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.863444, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0xc - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVERDIRECTORY [2012/11/09 16:29:16.863481, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[12].fn == 0x7fa2ea3e8280 [2012/11/09 16:29:16.863526, 5] rpc_server/spoolss/srv_spoolss_nt.c:8207(_spoolss_GetPrinterDriverDirectory) _spoolss_GetPrinterDriverDirectory: level 1 [2012/11/09 16:29:16.863574, 4] rpc_server/spoolss/srv_spoolss_nt.c:8184(getprinterdriverdir_level_1) printer driver directory: [\\yyyu0031\print$\x64] [2012/11/09 16:29:16.863608, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.863651, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:16.863690, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 51 [2012/11/09 16:29:16.863718, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..296] (align 0) [2012/11/09 16:29:16.863739, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.863751, 5] lib/util.c:342(show_msg) size=352 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 296 (0x128) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 296 (0x128) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=297 [2012/11/09 16:29:16.864796, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:16.864829, 3] smbd/process.c:1662(process_smb) Transaction 133 of length 45 (0 toread) [2012/11/09 16:29:16.864850, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.864861, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56512 smt_wct=3 smb_vwv[ 0]= 8224 (0x2020) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:16.865001, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.865039, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.865076, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8224 (numopen=3) [2012/11/09 16:29:16.865112, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:16.865160, 5] smbd/files.c:482(file_free) freed files structure 8224 (2 used) [2012/11/09 16:29:16.865184, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.865196, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=56512 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:16.866103, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x94 [2012/11/09 16:29:16.866137, 3] smbd/process.c:1662(process_smb) Transaction 134 of length 152 (0 toread) [2012/11/09 16:29:16.866158, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.866169, 5] lib/util.c:342(show_msg) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=81 [2012/11/09 16:29:16.866385, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.866406, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.866428, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=64 params=0 setup=2 [2012/11/09 16:29:16.866450, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.866469, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.866488, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.866507, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.866528, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 64 [2012/11/09 16:29:16.866552, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.866574, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.866595, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.866619, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.866661, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.866681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.866719, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.866744, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.866771, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.866800, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.866822, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.866868, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.866908, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.866938, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.866959, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.867063, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.867117, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867175, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867220, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.867264, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.867305, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.867346, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.867386, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.867423, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.867471, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.867522, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867715, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.867749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867802, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.867838, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867881, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.867915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.867985, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.868031, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.868063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.868106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.868145, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.868183, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.868214, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.868239, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2765 [2012/11/09 16:29:16.868267, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:16.868288, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.868308, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:16.869289, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x94 [2012/11/09 16:29:16.869322, 3] smbd/process.c:1662(process_smb) Transaction 135 of length 152 (0 toread) [2012/11/09 16:29:16.869342, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.869354, 5] lib/util.c:342(show_msg) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=81 [2012/11/09 16:29:16.869568, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.869589, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.869611, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=64 params=0 setup=2 [2012/11/09 16:29:16.869632, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.869651, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.869670, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.869689, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.869710, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 64 [2012/11/09 16:29:16.869734, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.869756, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.869786, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.869810, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.869851, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.869871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.869943, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.869971, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.869998, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.870025, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.870046, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.870073, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.870097, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.870117, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.870136, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.870206, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.870252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870353, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.870396, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.870437, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.870478, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.870517, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.870554, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.870601, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.870658, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870715, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870799, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870867, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.870921, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.870970, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.871003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.871046, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:16.871078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.871121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.871160, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.871190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.871233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.871272, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.871307, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.871338, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.871364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2842 [2012/11/09 16:29:16.871391, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..112] (align 0) [2012/11/09 16:29:16.871412, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.871423, 5] lib/util.c:342(show_msg) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [2012/11/09 16:29:16.872347, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.872385, 3] smbd/process.c:1662(process_smb) Transaction 136 of length 168 (0 toread) [2012/11/09 16:29:16.872407, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.872419, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56704 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.872666, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.872689, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.872712, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.872733, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.872752, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.872771, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.872790, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.872819, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.872859, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.872892, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.872915, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.872937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.872978, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.872997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.873035, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.873057, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.873083, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.873109, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.873131, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.873157, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.873182, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.873201, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.873220, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.873308, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.873370, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.873453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.873525, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.873585, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.873661, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.873770, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.873853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.873939, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.874055, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.874160, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsDriver] [2012/11/09 16:29:16.874292, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.874467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.874693, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.874843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.874979, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.875096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.875264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.875400, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.875544, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.875726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.875830, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2765 [2012/11/09 16:29:16.875935, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:16.876013, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.876054, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56704 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:16.877460, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.877588, 3] smbd/process.c:1662(process_smb) Transaction 137 of length 168 (0 toread) [2012/11/09 16:29:16.877640, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.877670, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56768 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.878168, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.878204, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.878242, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.878277, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.878308, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.878340, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.878385, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.878442, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.878517, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.878585, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.878645, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.878699, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.878792, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.878820, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.878893, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.878946, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.879001, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.879058, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.879093, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.879153, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.879197, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.879236, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.879289, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.879473, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.879589, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.879731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.879838, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.879942, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.880035, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.880165, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.880249, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.880331, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.880451, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.880604, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsDriver] [2012/11/09 16:29:16.880704, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.880849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.880985, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.881066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.881133, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.881175, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.881244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.881321, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.881397, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.881465, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.881519, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2782 [2012/11/09 16:29:16.881575, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.881622, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.881653, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56768 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.882891, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.882957, 3] smbd/process.c:1662(process_smb) Transaction 138 of length 168 (0 toread) [2012/11/09 16:29:16.882994, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.883015, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56832 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.883391, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.883420, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.883447, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.883470, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.883488, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.883507, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.883526, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.883566, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.883605, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.883633, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX [2012/11/09 16:29:16.883654, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[79].fn == 0x7fa2ea3dd410 [2012/11/09 16:29:16.883679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.883720, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) _spoolss_EnumPrinterDataEx [2012/11/09 16:29:16.883739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.883777, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.883801, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.883829, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.883859, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.883880, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.883916, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.883940, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.883959, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.883978, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.884083, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.884175, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.884275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.884398, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.884510, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.884588, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.884692, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.884763, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.884828, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.884911, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.884988, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsDriver] [2012/11/09 16:29:16.885067, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885290, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885444, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.885493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.885666, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.885722, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.885776, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.885819, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:16.885866, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.885895, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.885907, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56832 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.886983, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.887021, 3] smbd/process.c:1662(process_smb) Transaction 139 of length 168 (0 toread) [2012/11/09 16:29:16.887042, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.887053, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56896 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.887282, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.887304, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.887329, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.887350, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.887377, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.887406, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.887426, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.887447, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.887488, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.887515, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.887536, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.887558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.887600, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.887618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.887656, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.887679, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.887705, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.887732, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.887754, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.887790, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.887814, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.887834, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.887852, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.887938, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.887987, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888090, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.888133, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.888184, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.888226, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.888266, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.888301, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.888349, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.888392, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:16.888444, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888705, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.888733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.888811, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.888847, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.888877, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.888902, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2765 [2012/11/09 16:29:16.888929, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:16.888949, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.888961, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56896 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:16.890121, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.890154, 3] smbd/process.c:1662(process_smb) Transaction 140 of length 168 (0 toread) [2012/11/09 16:29:16.890173, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.890184, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.890424, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.890447, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.890469, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.890490, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.890508, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.890526, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.890544, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.890563, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.890586, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.890608, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.890635, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.890656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.890695, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.890713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.890750, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.890772, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.890797, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.890823, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.890843, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.890872, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.890896, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.890914, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.890932, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.891007, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.891054, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891154, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.891195, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.891255, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.891296, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.891334, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.891378, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.891456, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.891509, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:16.891556, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891770, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.891798, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891839, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.891877, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.891910, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.891939, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.891964, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2782 [2012/11/09 16:29:16.891990, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.892011, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.892022, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=56960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.893094, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.893131, 3] smbd/process.c:1662(process_smb) Transaction 141 of length 168 (0 toread) [2012/11/09 16:29:16.893151, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.893163, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.893383, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.893405, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.893427, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.893448, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.893466, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.893484, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.893503, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.893523, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.893546, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.893568, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX [2012/11/09 16:29:16.893588, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[79].fn == 0x7fa2ea3dd410 [2012/11/09 16:29:16.893610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.893650, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) _spoolss_EnumPrinterDataEx [2012/11/09 16:29:16.893669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.893706, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.893728, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.893753, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.893779, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.893800, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.893828, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.893852, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.893871, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.893977, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.894096, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.894176, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894282, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894363, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.894423, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.894480, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.894522, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.894562, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.894598, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.894645, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.894689, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:16.894734, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894919, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.894953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.894996, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895070, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895145, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895408, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895557, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895589, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895649, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895700, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895765, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.895889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.895942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.896021, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.896084, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.896163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.896237, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.896291, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.896387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.896492, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.896570, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.896622, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.896657, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 18478 [2012/11/09 16:29:16.896698, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.896727, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.896742, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.897990, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/11/09 16:29:16.898029, 3] smbd/process.c:1662(process_smb) Transaction 142 of length 168 (0 toread) [2012/11/09 16:29:16.898056, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.898071, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=97 [2012/11/09 16:29:16.898389, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.898427, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.898464, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/11/09 16:29:16.898504, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.898532, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.898556, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.898579, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.898605, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/11/09 16:29:16.898644, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.898673, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX [2012/11/09 16:29:16.898700, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[79].fn == 0x7fa2ea3dd410 [2012/11/09 16:29:16.898728, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.898790, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) _spoolss_EnumPrinterDataEx [2012/11/09 16:29:16.898830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.898889, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.898918, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.898951, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.898989, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.899021, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.899064, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.899099, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.899128, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.899157, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.899260, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.899327, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.899419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.899491, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.899554, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.899608, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.899664, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.899717, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.899764, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.899826, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.899882, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:16.899944, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900136, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900203, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900246, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900432, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900573, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900734, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900852, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.900896, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.900960, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901077, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901127, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901199, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901330, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901403, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901612, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901742, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:16.901803, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901880, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.901950, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.902003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.902089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.902171, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.902279, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.902338, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.902386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 18478 [2012/11/09 16:29:16.902443, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1424] (align 0) [2012/11/09 16:29:16.902484, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.902506, 5] lib/util.c:342(show_msg) size=1480 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1424 (0x590) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1424 (0x590) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1425 [2012/11/09 16:29:16.967279, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/11/09 16:29:16.967363, 3] smbd/process.c:1662(process_smb) Transaction 143 of length 184 (0 toread) [2012/11/09 16:29:16.967384, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.967418, 5] lib/util.c:342(show_msg) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57152 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=113 [2012/11/09 16:29:16.967665, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.967688, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.967715, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=96 params=0 setup=2 [2012/11/09 16:29:16.967737, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.967755, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.967773, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.967792, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.967812, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 96 [2012/11/09 16:29:16.967841, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.967864, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.967885, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.967908, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.967949, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.967967, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.968004, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.968029, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.968055, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.968085, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.968107, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.968142, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.968166, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.968185, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.968203, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.968302, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.968356, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.968415, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.968494, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.968562, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.968659, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.968748, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.968808, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.968850, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.968899, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.968942, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.968990, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969127, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969172, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969209, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.969237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.969315, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.969351, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.969382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.969407, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2765 [2012/11/09 16:29:16.969434, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/11/09 16:29:16.969455, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.969466, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57152 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/11/09 16:29:16.970523, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/11/09 16:29:16.970555, 3] smbd/process.c:1662(process_smb) Transaction 144 of length 184 (0 toread) [2012/11/09 16:29:16.970575, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.970596, 5] lib/util.c:342(show_msg) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57216 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=113 [2012/11/09 16:29:16.970853, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.970875, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.970897, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=96 params=0 setup=2 [2012/11/09 16:29:16.970918, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.970936, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.970954, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.970972, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.970991, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 96 [2012/11/09 16:29:16.971014, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.971036, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY [2012/11/09 16:29:16.971055, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 [2012/11/09 16:29:16.971076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.971115, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) _spoolss_EnumPrinterKey [2012/11/09 16:29:16.971134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.971171, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.971192, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.971216, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.971241, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.971262, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.971289, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.971312, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.971331, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.971349, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.971417, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.971477, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.971542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.971597, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.971641, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.971680, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.971719, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.971758, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.971792, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.971838, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.971880, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.971926, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.971981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.972124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.972214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.972295, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.972355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.972435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.972545, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.972606, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.972661, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.972713, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2782 [2012/11/09 16:29:16.972749, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.972770, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.972781, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57216 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.973764, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/11/09 16:29:16.973795, 3] smbd/process.c:1662(process_smb) Transaction 145 of length 184 (0 toread) [2012/11/09 16:29:16.973829, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.973842, 5] lib/util.c:342(show_msg) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57280 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=113 [2012/11/09 16:29:16.974048, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.974069, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.974091, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=96 params=0 setup=2 [2012/11/09 16:29:16.974111, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.974129, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.974147, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.974166, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.974185, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 96 [2012/11/09 16:29:16.974209, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.974230, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX [2012/11/09 16:29:16.974250, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[79].fn == 0x7fa2ea3dd410 [2012/11/09 16:29:16.974272, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.974311, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) _spoolss_EnumPrinterDataEx [2012/11/09 16:29:16.974330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.974367, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.974390, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.974415, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.974441, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.974462, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.974493, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.974516, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.974535, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.974553, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.974640, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.974691, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.974747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.974806, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.974849, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.974888, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.974928, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.974966, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.975002, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.975047, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.975090, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.975137, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975321, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975396, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975469, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975500, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975542, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975673, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975718, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975792, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975823, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975864, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.975937, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.975971, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.976054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976096, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.976128, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976170, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.976201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976243, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.976280, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976338, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976378, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.976407, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.976513, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.976570, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.976604, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.976629, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 20290 [2012/11/09 16:29:16.976670, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2012/11/09 16:29:16.976693, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.976704, 5] lib/util.c:342(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57280 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2012/11/09 16:29:16.977659, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb4 [2012/11/09 16:29:16.977691, 3] smbd/process.c:1662(process_smb) Transaction 146 of length 184 (0 toread) [2012/11/09 16:29:16.977710, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.977721, 5] lib/util.c:342(show_msg) size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57344 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=113 [2012/11/09 16:29:16.977927, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:16.977947, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:16.977969, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=96 params=0 setup=2 [2012/11/09 16:29:16.977989, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:16.978007, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:16.978025, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:16.978043, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:16.978063, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 96 [2012/11/09 16:29:16.978086, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:16.978107, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX [2012/11/09 16:29:16.978137, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[79].fn == 0x7fa2ea3dd410 [2012/11/09 16:29:16.978161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.978200, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) _spoolss_EnumPrinterDataEx [2012/11/09 16:29:16.978219, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.978256, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:16.978277, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:16.978302, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:16.978336, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:16.978365, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.978393, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:16.978417, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:16.978436, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:16.978454, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:16.978526, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:16.978572, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.978634, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.978679, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:16.978721, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:16.978761, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:16.978800, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:16.978841, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:16.978889, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:16.978937, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:16.978979, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [PrinterDriverData] [2012/11/09 16:29:16.979026, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979081, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979340, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979421, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979495, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979567, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979599, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979640, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979713, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979785, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979857, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.979943, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.979975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.980048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980090, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.980122, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] [2012/11/09 16:29:16.980199, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980285, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.980332, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:16.980476, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:16.980542, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:16.980575, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:16.980601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 20290 [2012/11/09 16:29:16.980632, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2708] (align 0) [2012/11/09 16:29:16.980653, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:16.980664, 5] lib/util.c:342(show_msg) size=2764 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57344 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2708 (0xA94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2708 (0xA94) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2709 [2012/11/09 16:29:17.048766, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.048852, 3] smbd/process.c:1662(process_smb) Transaction 147 of length 106 (0 toread) [2012/11/09 16:29:17.048874, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.048885, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57408 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.049169, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.049192, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.049218, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.049241, 5] smbd/files.c:140(file_new) allocated file structure 4129, fnum = 8225 (3 used) [2012/11/09 16:29:17.049270, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.049329, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.049357, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.050545, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.050603, 3] smbd/process.c:1662(process_smb) Transaction 148 of length 228 (0 toread) [2012/11/09 16:29:17.050639, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.050661, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57472 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8225 (0x2021) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.050975, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.051009, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.051046, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2021 name: spoolss len: 160 [2012/11/09 16:29:17.051080, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.051125, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.051162, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.051196, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.051230, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.051313, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.052308, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.052354, 3] smbd/process.c:1662(process_smb) Transaction 149 of length 63 (0 toread) [2012/11/09 16:29:17.052387, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.052406, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57536 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8225 (0x2021) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.052733, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.052770, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.052805, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.052843, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.052881, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.052916, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.052947, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.053004, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:17.053047, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.054149, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.054192, 3] smbd/process.c:1662(process_smb) Transaction 150 of length 296 (0 toread) [2012/11/09 16:29:17.054227, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.054246, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8225 (0x2021) smb_bcc=225 [2012/11/09 16:29:17.054576, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.054615, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.054659, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:17.064799, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:17.068078, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:17.068128, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.068166, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.068187, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.068206, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.068225, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2021) [2012/11/09 16:29:17.068246, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.068288, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.068324, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.068360, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.068398, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.068440, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.068517, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.068581, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.068602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.068641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.068679, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.068701, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.068725, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.068746, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.068772, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.068803, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.068825, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.068854, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.068878, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.068897, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.068915, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.069003, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.069055, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069212, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.069267, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.069309, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.069351, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.069389, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.069439, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.069486, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.069534, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069585, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.069614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069691, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.069718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069759, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.069796, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.069827, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.069858, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.069884, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.069912, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.069933, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.069945, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.072437, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.072493, 3] smbd/process.c:1662(process_smb) Transaction 151 of length 132 (0 toread) [2012/11/09 16:29:17.072514, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.072526, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57664 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8225 (0x2021) smb_bcc=61 [2012/11/09 16:29:17.072733, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.072781, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.072810, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.072832, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.072851, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.072869, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.072888, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2021) [2012/11/09 16:29:17.072907, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.072931, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.072952, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.072972, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.072993, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.073062, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.073104, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.073141, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.073162, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.073190, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.073215, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.073240, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.073260, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.073271, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.074366, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.074398, 3] smbd/process.c:1662(process_smb) Transaction 152 of length 106 (0 toread) [2012/11/09 16:29:17.074418, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.074429, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57729 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.074706, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.074728, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.074750, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.074772, 5] smbd/files.c:140(file_new) allocated file structure 4130, fnum = 8226 (4 used) [2012/11/09 16:29:17.074799, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.074845, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.074873, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.075836, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.075875, 3] smbd/process.c:1662(process_smb) Transaction 153 of length 45 (0 toread) [2012/11/09 16:29:17.075894, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.075906, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57793 smt_wct=3 smb_vwv[ 0]= 8225 (0x2021) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.076049, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.076072, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.076092, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8225 (numopen=4) [2012/11/09 16:29:17.076111, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.076155, 5] smbd/files.c:482(file_free) freed files structure 8225 (3 used) [2012/11/09 16:29:17.076176, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.076188, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57793 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.077394, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.077429, 3] smbd/process.c:1662(process_smb) Transaction 154 of length 228 (0 toread) [2012/11/09 16:29:17.077449, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.077460, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57857 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8226 (0x2022) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.077654, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.077675, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.077695, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2022 name: spoolss len: 160 [2012/11/09 16:29:17.077715, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.077741, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.077762, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.077781, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.077801, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.077847, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.079105, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.079143, 3] smbd/process.c:1662(process_smb) Transaction 155 of length 63 (0 toread) [2012/11/09 16:29:17.079163, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.079174, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=57921 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8226 (0x2022) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.079353, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.079374, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.079395, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.079416, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.079440, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.080631, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.080670, 3] smbd/process.c:1662(process_smb) Transaction 156 of length 296 (0 toread) [2012/11/09 16:29:17.080690, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.080702, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57985 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8226 (0x2022) smb_bcc=225 [2012/11/09 16:29:17.080962, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.080985, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.081009, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.081031, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.081049, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.081067, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.081086, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2022) [2012/11/09 16:29:17.081106, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.081131, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.081153, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.081173, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.081208, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.081249, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.081292, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.081352, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.081373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.081439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.081514, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.081562, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.081612, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.081656, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.081704, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.081753, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.081787, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.081851, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.081893, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.081933, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.081966, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.082100, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.082180, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.082276, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.082359, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.082431, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.082502, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.082574, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.082655, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.082718, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.082798, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.082877, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.082937, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.082988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.083032, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.083070, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.083099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.083140, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.083178, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.083211, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.083245, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.083271, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.083312, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.083348, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.083362, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=57985 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.085233, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.085283, 3] smbd/process.c:1662(process_smb) Transaction 157 of length 132 (0 toread) [2012/11/09 16:29:17.085304, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.085315, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58049 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8226 (0x2022) smb_bcc=61 [2012/11/09 16:29:17.085566, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.085590, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.085615, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.085653, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.085672, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.085690, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.085708, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2022) [2012/11/09 16:29:17.085746, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.085814, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.085852, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.085876, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.085898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.085938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.085976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.086014, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.086034, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.086062, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.086087, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.086112, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.086132, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.086144, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58049 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.087018, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.087053, 3] smbd/process.c:1662(process_smb) Transaction 158 of length 106 (0 toread) [2012/11/09 16:29:17.087073, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.087084, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58112 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.087352, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.087372, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.087395, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.087417, 5] smbd/files.c:140(file_new) allocated file structure 4131, fnum = 8227 (4 used) [2012/11/09 16:29:17.087445, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.087499, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.087539, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.088368, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.088415, 3] smbd/process.c:1662(process_smb) Transaction 159 of length 45 (0 toread) [2012/11/09 16:29:17.088436, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.088447, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58176 smt_wct=3 smb_vwv[ 0]= 8226 (0x2022) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.088590, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.088612, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.088641, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8226 (numopen=4) [2012/11/09 16:29:17.088681, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.088734, 5] smbd/files.c:482(file_free) freed files structure 8226 (3 used) [2012/11/09 16:29:17.088758, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.088780, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58176 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.089825, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.089863, 3] smbd/process.c:1662(process_smb) Transaction 160 of length 228 (0 toread) [2012/11/09 16:29:17.089898, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.089920, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58240 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8227 (0x2023) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.090113, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.090133, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.090153, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2023 name: spoolss len: 160 [2012/11/09 16:29:17.090174, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.090200, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.090221, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.090241, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.090261, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.090292, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.091227, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.091274, 3] smbd/process.c:1662(process_smb) Transaction 161 of length 63 (0 toread) [2012/11/09 16:29:17.091306, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.091324, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8227 (0x2023) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.091612, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.091643, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.091676, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.091712, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.091754, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.092690, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.092726, 3] smbd/process.c:1662(process_smb) Transaction 162 of length 296 (0 toread) [2012/11/09 16:29:17.092747, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.092759, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8227 (0x2023) smb_bcc=225 [2012/11/09 16:29:17.092988, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.093010, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.093034, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.093057, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.093075, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.093094, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.093113, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2023) [2012/11/09 16:29:17.093132, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.093157, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.093179, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.093200, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.093235, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.093277, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.093304, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.093373, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.093394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.093432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.093511, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.093552, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.093595, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.093639, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.093685, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.093719, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.093741, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.093775, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.093800, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.093819, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.093837, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.093930, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.094010, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.094091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.094181, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.094255, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.094322, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.094391, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.094454, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.094512, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.094591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.094673, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.094759, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.094804, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.094876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.094945, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.095006, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.095081, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.095151, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.095203, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.095251, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.095291, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.095333, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.095367, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.095386, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.096851, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.096900, 3] smbd/process.c:1662(process_smb) Transaction 163 of length 132 (0 toread) [2012/11/09 16:29:17.096924, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.096935, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58432 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8227 (0x2023) smb_bcc=61 [2012/11/09 16:29:17.097267, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.097311, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.097353, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.097390, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.097420, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.097450, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.097482, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2023) [2012/11/09 16:29:17.097520, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.097566, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.097608, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.097647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.097688, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.097776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.097873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.097915, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.097936, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.097966, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.097992, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.098018, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.098038, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.098050, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58432 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.099058, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.099098, 3] smbd/process.c:1662(process_smb) Transaction 164 of length 106 (0 toread) [2012/11/09 16:29:17.099119, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.099130, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58497 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.099485, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.099515, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.099541, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.099563, 5] smbd/files.c:140(file_new) allocated file structure 4132, fnum = 8228 (4 used) [2012/11/09 16:29:17.099590, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.099650, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.099679, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.100507, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.100542, 3] smbd/process.c:1662(process_smb) Transaction 165 of length 45 (0 toread) [2012/11/09 16:29:17.100562, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.100573, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58561 smt_wct=3 smb_vwv[ 0]= 8227 (0x2023) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.100703, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.100732, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.100772, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8227 (numopen=4) [2012/11/09 16:29:17.100803, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.100858, 5] smbd/files.c:482(file_free) freed files structure 8227 (3 used) [2012/11/09 16:29:17.100886, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.100898, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58561 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.101844, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.101877, 3] smbd/process.c:1662(process_smb) Transaction 166 of length 228 (0 toread) [2012/11/09 16:29:17.101897, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.101908, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58625 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8228 (0x2024) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.102100, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.102120, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.102140, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2024 name: spoolss len: 160 [2012/11/09 16:29:17.102160, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.102185, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.102206, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.102225, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.102245, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.102276, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.103075, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.103108, 3] smbd/process.c:1662(process_smb) Transaction 167 of length 63 (0 toread) [2012/11/09 16:29:17.103128, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.103139, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58689 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8228 (0x2024) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.103353, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.103376, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.103407, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.103448, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.103499, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.104385, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.104419, 3] smbd/process.c:1662(process_smb) Transaction 168 of length 296 (0 toread) [2012/11/09 16:29:17.104439, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.104450, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58753 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8228 (0x2024) smb_bcc=225 [2012/11/09 16:29:17.104715, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.104739, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.104762, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.104783, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.104801, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.104820, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.104838, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2024) [2012/11/09 16:29:17.104858, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.104882, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.104903, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.104924, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.104958, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.104998, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.105024, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.105081, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.105102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.105140, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.105177, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.105199, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.105225, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.105260, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.105316, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.105350, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.105372, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.105409, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.105433, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.105452, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.105471, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.105565, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.105650, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.105732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.105790, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.105859, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.105913, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.105959, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.105999, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.106036, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.106083, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.106131, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.106182, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.106220, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.106297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.106339, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.106368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.106409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.106447, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.106479, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.106522, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.106549, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.106576, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.106596, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.106607, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58753 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.107643, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.107686, 3] smbd/process.c:1662(process_smb) Transaction 169 of length 132 (0 toread) [2012/11/09 16:29:17.107711, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.107722, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58817 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8228 (0x2024) smb_bcc=61 [2012/11/09 16:29:17.107952, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.107975, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.107997, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.108018, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.108035, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.108053, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.108071, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2024) [2012/11/09 16:29:17.108090, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.108113, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.108134, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.108156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.108192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.108253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.108294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.108355, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.108377, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.108415, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.108446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.108495, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.108517, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.108537, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58817 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.109469, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.109504, 3] smbd/process.c:1662(process_smb) Transaction 170 of length 106 (0 toread) [2012/11/09 16:29:17.109539, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.109560, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=58880 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.109854, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.109891, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.109917, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.109938, 5] smbd/files.c:140(file_new) allocated file structure 4133, fnum = 8229 (4 used) [2012/11/09 16:29:17.109982, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.110051, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.110091, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.111003, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.111041, 3] smbd/process.c:1662(process_smb) Transaction 171 of length 45 (0 toread) [2012/11/09 16:29:17.111079, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.111102, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58944 smt_wct=3 smb_vwv[ 0]= 8228 (0x2024) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.111261, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.111290, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.111319, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8228 (numopen=4) [2012/11/09 16:29:17.111340, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.111379, 5] smbd/files.c:482(file_free) freed files structure 8228 (3 used) [2012/11/09 16:29:17.111402, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.111424, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=58944 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.112987, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.113046, 3] smbd/process.c:1662(process_smb) Transaction 172 of length 228 (0 toread) [2012/11/09 16:29:17.113078, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.113094, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59008 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8229 (0x2025) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.113343, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.113370, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.113396, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2025 name: spoolss len: 160 [2012/11/09 16:29:17.113422, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.113474, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.113509, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.113533, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.113558, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.113597, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.114861, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.114902, 3] smbd/process.c:1662(process_smb) Transaction 173 of length 63 (0 toread) [2012/11/09 16:29:17.114929, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.114944, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59072 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8229 (0x2025) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.115173, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.115199, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.115226, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.115253, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.115283, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.116191, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.116238, 3] smbd/process.c:1662(process_smb) Transaction 174 of length 296 (0 toread) [2012/11/09 16:29:17.116329, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.116354, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59136 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8229 (0x2025) smb_bcc=225 [2012/11/09 16:29:17.116769, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.116808, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.116848, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.116887, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.116919, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.116953, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.116984, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2025) [2012/11/09 16:29:17.117022, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.117061, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.117101, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.117138, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.117194, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.117264, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.117303, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.117383, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.117424, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.117490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.117555, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.117587, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.117621, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.117653, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.117690, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.117763, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.117797, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.117844, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.117883, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.117913, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.117957, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.118088, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.118161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.118251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.118322, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.118386, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.118446, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.118506, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.118564, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.118644, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.118721, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.118797, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.118877, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.118919, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.118987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.119053, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.119093, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.119161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.119226, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.119271, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.119314, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.119350, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.119390, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.119421, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.119438, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59136 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.120643, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.120685, 3] smbd/process.c:1662(process_smb) Transaction 175 of length 132 (0 toread) [2012/11/09 16:29:17.120714, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.120731, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59200 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8229 (0x2025) smb_bcc=61 [2012/11/09 16:29:17.121048, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.121080, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.121112, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.121143, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.121171, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.121199, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.121226, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2025) [2012/11/09 16:29:17.121255, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.121288, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.121320, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.121350, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.121386, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.121456, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.121522, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.121586, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.121616, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.121656, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.121699, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.121743, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.121782, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.121806, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59200 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.122915, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.122965, 3] smbd/process.c:1662(process_smb) Transaction 176 of length 106 (0 toread) [2012/11/09 16:29:17.123002, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.123024, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59265 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.123491, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.123529, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.123568, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.123607, 5] smbd/files.c:140(file_new) allocated file structure 4134, fnum = 8230 (4 used) [2012/11/09 16:29:17.123654, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.123726, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.123771, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.124437, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.124507, 3] smbd/process.c:1662(process_smb) Transaction 177 of length 45 (0 toread) [2012/11/09 16:29:17.124544, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.124565, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59329 smt_wct=3 smb_vwv[ 0]= 8229 (0x2025) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.124774, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.124812, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.124851, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8229 (numopen=4) [2012/11/09 16:29:17.124890, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.124960, 5] smbd/files.c:482(file_free) freed files structure 8229 (3 used) [2012/11/09 16:29:17.125002, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.125023, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59329 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.126122, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.126168, 3] smbd/process.c:1662(process_smb) Transaction 178 of length 228 (0 toread) [2012/11/09 16:29:17.126204, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.126225, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59393 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8230 (0x2026) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.126596, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.126636, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.126676, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2026 name: spoolss len: 160 [2012/11/09 16:29:17.126715, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.126758, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.126796, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.126830, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.126865, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.126915, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.127780, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.127816, 3] smbd/process.c:1662(process_smb) Transaction 179 of length 63 (0 toread) [2012/11/09 16:29:17.127836, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.127854, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59457 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8230 (0x2026) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.128127, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.128156, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.128184, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.128212, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.128244, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.129202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.129254, 3] smbd/process.c:1662(process_smb) Transaction 180 of length 296 (0 toread) [2012/11/09 16:29:17.129285, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.129303, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59521 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8230 (0x2026) smb_bcc=225 [2012/11/09 16:29:17.129640, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.129675, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.129742, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.129783, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.129816, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.129853, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.129883, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2026) [2012/11/09 16:29:17.129904, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.129930, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.129952, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.129972, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.130014, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.130069, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.130109, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.130189, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.130218, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.130257, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.130305, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.130329, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.130353, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.130374, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.130400, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.130430, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.130451, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.130485, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.130567, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.130595, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.130613, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.130717, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.130786, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.130855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.130934, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.130988, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.131030, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.131072, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.131119, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.131158, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.131221, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.131277, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.131344, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.131380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.131427, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.131465, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.131501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.131558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.131603, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.131640, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.131672, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.131709, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.131738, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.131759, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.131770, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59521 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.132801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.132848, 3] smbd/process.c:1662(process_smb) Transaction 181 of length 132 (0 toread) [2012/11/09 16:29:17.132888, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.132903, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59585 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8230 (0x2026) smb_bcc=61 [2012/11/09 16:29:17.133238, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.133269, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.133310, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.133346, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.133383, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.133419, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.133451, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2026) [2012/11/09 16:29:17.133491, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.133531, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.133572, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.133616, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.133642, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.133681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.133729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.133768, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.133788, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.133815, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.133849, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.133879, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.133910, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.133931, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59585 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.134941, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.134986, 3] smbd/process.c:1662(process_smb) Transaction 182 of length 106 (0 toread) [2012/11/09 16:29:17.135018, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.135035, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59648 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.135476, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.135504, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.135532, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.135558, 5] smbd/files.c:140(file_new) allocated file structure 4135, fnum = 8231 (4 used) [2012/11/09 16:29:17.135595, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.135681, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.135725, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.136470, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.136504, 3] smbd/process.c:1662(process_smb) Transaction 183 of length 45 (0 toread) [2012/11/09 16:29:17.136523, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.136534, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59712 smt_wct=3 smb_vwv[ 0]= 8230 (0x2026) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.136648, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.136668, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.136687, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8230 (numopen=4) [2012/11/09 16:29:17.136706, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.136746, 5] smbd/files.c:482(file_free) freed files structure 8230 (3 used) [2012/11/09 16:29:17.136769, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.136780, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59712 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.137774, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.137821, 3] smbd/process.c:1662(process_smb) Transaction 184 of length 228 (0 toread) [2012/11/09 16:29:17.137855, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.137875, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59776 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8231 (0x2027) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.138189, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.138227, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.138299, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2027 name: spoolss len: 160 [2012/11/09 16:29:17.138340, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.138385, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.138421, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.138452, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.138484, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.138530, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.140480, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.140531, 3] smbd/process.c:1662(process_smb) Transaction 185 of length 63 (0 toread) [2012/11/09 16:29:17.140573, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.140594, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=59840 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8231 (0x2027) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.140896, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.140928, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.140960, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.140991, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.141027, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.142143, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.142185, 3] smbd/process.c:1662(process_smb) Transaction 186 of length 296 (0 toread) [2012/11/09 16:29:17.142215, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.142232, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59904 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8231 (0x2027) smb_bcc=225 [2012/11/09 16:29:17.142511, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.142541, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.142572, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.142600, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.142624, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.142648, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.142672, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2027) [2012/11/09 16:29:17.142703, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.142744, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.142800, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.142838, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.142875, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.142917, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.142952, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.143035, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.143057, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.143096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.143147, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.143191, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.143233, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.143270, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.143313, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.143347, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.143369, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.143404, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.143429, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.143467, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.143500, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.143614, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.143697, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.143761, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.143805, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.143858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.143954, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.144034, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.144109, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.144203, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.144319, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.144406, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.144541, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.144587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.144649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.144713, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.144750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.144812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.144879, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.144926, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.144967, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.145001, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.145037, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.145064, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.145080, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59904 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.146514, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.146553, 3] smbd/process.c:1662(process_smb) Transaction 187 of length 132 (0 toread) [2012/11/09 16:29:17.146580, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.146594, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59968 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8231 (0x2027) smb_bcc=61 [2012/11/09 16:29:17.146850, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.146897, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.146939, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.146964, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.146982, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.147001, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.147019, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2027) [2012/11/09 16:29:17.147038, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.147062, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.147096, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.147135, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.147174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.147245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.147312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.147376, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.147409, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.147451, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.147487, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.147521, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.147551, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.147567, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=59968 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.148799, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.148840, 3] smbd/process.c:1662(process_smb) Transaction 188 of length 106 (0 toread) [2012/11/09 16:29:17.148868, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.148885, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60033 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.149297, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.149328, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.149360, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.149391, 5] smbd/files.c:140(file_new) allocated file structure 4136, fnum = 8232 (4 used) [2012/11/09 16:29:17.149427, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.149492, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.149530, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.150529, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.150562, 3] smbd/process.c:1662(process_smb) Transaction 189 of length 45 (0 toread) [2012/11/09 16:29:17.150582, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.150593, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60097 smt_wct=3 smb_vwv[ 0]= 8231 (0x2027) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.150715, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.150735, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.150756, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8231 (numopen=4) [2012/11/09 16:29:17.150775, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.150834, 5] smbd/files.c:482(file_free) freed files structure 8231 (3 used) [2012/11/09 16:29:17.150857, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.150869, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60097 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.152426, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.152484, 3] smbd/process.c:1662(process_smb) Transaction 190 of length 228 (0 toread) [2012/11/09 16:29:17.152507, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.152518, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60161 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8232 (0x2028) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.152729, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.152762, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.152784, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2028 name: spoolss len: 160 [2012/11/09 16:29:17.152804, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.152828, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.152849, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.152868, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.152887, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.152932, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.154137, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.154179, 3] smbd/process.c:1662(process_smb) Transaction 191 of length 63 (0 toread) [2012/11/09 16:29:17.154209, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.154222, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60225 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8232 (0x2028) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.154411, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.154433, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.154454, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.154475, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.154509, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.155563, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.155608, 3] smbd/process.c:1662(process_smb) Transaction 192 of length 296 (0 toread) [2012/11/09 16:29:17.155655, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.155669, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60289 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8232 (0x2028) smb_bcc=225 [2012/11/09 16:29:17.155876, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.155896, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.155918, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.155939, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.155957, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.155977, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.156004, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2028) [2012/11/09 16:29:17.156025, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.156060, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.156083, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.156102, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.156135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.156174, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.156226, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.156284, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.156304, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.156357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.156400, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.156422, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.156446, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.156493, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.156527, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.156568, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.156592, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.156630, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.156661, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.156684, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.156718, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.156819, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.156886, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.156949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.156993, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.157036, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.157077, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.157128, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.157169, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.157205, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.157255, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.157314, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.157366, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.157419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.157463, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.157500, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.157527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.157568, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.157606, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.157636, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.157666, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.157691, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.157717, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.157737, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.157748, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60289 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.159163, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.159208, 3] smbd/process.c:1662(process_smb) Transaction 193 of length 132 (0 toread) [2012/11/09 16:29:17.159241, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.159260, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60353 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8232 (0x2028) smb_bcc=61 [2012/11/09 16:29:17.159599, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.159640, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.159683, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.159722, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.159764, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.159802, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.159825, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2028) [2012/11/09 16:29:17.159845, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.159884, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.159907, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.159927, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.159947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.159987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.160024, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.160061, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.160081, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.160108, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.160133, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.160156, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.160176, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.160187, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60353 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.161337, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.161371, 3] smbd/process.c:1662(process_smb) Transaction 194 of length 106 (0 toread) [2012/11/09 16:29:17.161390, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.161401, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60416 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.161664, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.161684, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.161707, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.161728, 5] smbd/files.c:140(file_new) allocated file structure 4137, fnum = 8233 (4 used) [2012/11/09 16:29:17.161754, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.161805, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.161845, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.162844, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.162879, 3] smbd/process.c:1662(process_smb) Transaction 195 of length 45 (0 toread) [2012/11/09 16:29:17.162899, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.162910, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60480 smt_wct=3 smb_vwv[ 0]= 8232 (0x2028) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.163023, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.163043, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.163062, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8232 (numopen=4) [2012/11/09 16:29:17.163082, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.163122, 5] smbd/files.c:482(file_free) freed files structure 8232 (3 used) [2012/11/09 16:29:17.163144, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.163155, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60480 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.164360, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.164397, 3] smbd/process.c:1662(process_smb) Transaction 196 of length 228 (0 toread) [2012/11/09 16:29:17.164417, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.164428, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60544 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8233 (0x2029) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.164641, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.164663, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.164682, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2029 name: spoolss len: 160 [2012/11/09 16:29:17.164702, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.164727, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.164747, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.164766, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.164786, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.164815, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.170110, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.170150, 3] smbd/process.c:1662(process_smb) Transaction 197 of length 63 (0 toread) [2012/11/09 16:29:17.170170, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.170181, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60608 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8233 (0x2029) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.170376, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.170397, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.170419, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.170440, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.170465, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.171420, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.171451, 3] smbd/process.c:1662(process_smb) Transaction 198 of length 296 (0 toread) [2012/11/09 16:29:17.171470, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.171481, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60672 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8233 (0x2029) smb_bcc=225 [2012/11/09 16:29:17.171686, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.171706, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.171729, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.171750, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.171768, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.171786, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.171804, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2029) [2012/11/09 16:29:17.171823, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.171847, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.171868, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.171888, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.171922, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.171988, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.172016, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.172074, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.172095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.172132, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.172181, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.172204, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.172228, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.172249, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.172274, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.172308, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.172346, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.172383, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.172407, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.172426, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.172444, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.172558, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.172610, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.172668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.172712, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.172754, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.172794, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.172834, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.172872, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.172908, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.172954, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.173002, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.173061, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.173092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.173132, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.173169, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.173208, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.173250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.173287, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.173317, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.173347, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.173372, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.173399, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.173419, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.173430, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60672 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.174535, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.174573, 3] smbd/process.c:1662(process_smb) Transaction 199 of length 132 (0 toread) [2012/11/09 16:29:17.174606, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.174634, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60736 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8233 (0x2029) smb_bcc=61 [2012/11/09 16:29:17.174844, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.174864, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.174886, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.174907, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.174925, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.174942, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.174960, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2029) [2012/11/09 16:29:17.174980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.175003, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.175024, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.175044, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.175064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.175102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.175163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.175233, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.175277, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.175329, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.175370, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.175409, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.175466, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:17.175514, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.175555, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.175602, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.175650, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.175665, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60736 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.176673, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.176706, 3] smbd/process.c:1662(process_smb) Transaction 200 of length 106 (0 toread) [2012/11/09 16:29:17.176725, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.176735, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=60801 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.176995, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.177017, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.177038, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:17.183988, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:17.186965, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:17.186999, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.187022, 5] smbd/files.c:140(file_new) allocated file structure 4138, fnum = 8234 (4 used) [2012/11/09 16:29:17.187050, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.187100, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.187128, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.187983, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.188014, 3] smbd/process.c:1662(process_smb) Transaction 201 of length 45 (0 toread) [2012/11/09 16:29:17.188033, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.188045, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60865 smt_wct=3 smb_vwv[ 0]= 8233 (0x2029) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.188159, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.188179, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.188198, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8233 (numopen=4) [2012/11/09 16:29:17.188217, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.188273, 5] smbd/files.c:482(file_free) freed files structure 8233 (3 used) [2012/11/09 16:29:17.188305, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.188318, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60865 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.189316, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.189349, 3] smbd/process.c:1662(process_smb) Transaction 202 of length 228 (0 toread) [2012/11/09 16:29:17.189368, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.189379, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60929 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8234 (0x202A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.189571, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.189591, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.189610, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202a name: spoolss len: 160 [2012/11/09 16:29:17.189630, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.189656, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.189676, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.189695, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.189714, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.189744, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.190928, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.190978, 3] smbd/process.c:1662(process_smb) Transaction 203 of length 63 (0 toread) [2012/11/09 16:29:17.191022, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.191047, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=60993 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8234 (0x202A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.191377, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.191419, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.191459, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.191499, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.191546, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.192650, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.192685, 3] smbd/process.c:1662(process_smb) Transaction 204 of length 296 (0 toread) [2012/11/09 16:29:17.192705, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.192716, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61057 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8234 (0x202A) smb_bcc=225 [2012/11/09 16:29:17.192922, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.192942, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.192964, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.192986, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.193003, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.193021, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.193039, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202a) [2012/11/09 16:29:17.193058, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.193083, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.193104, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.193133, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.193178, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.193221, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.193246, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.193303, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.193323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.193371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.193411, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.193433, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.193458, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.193478, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.193503, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.193533, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.193554, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.193586, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.193610, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.193628, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.193646, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.193736, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.193788, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.193845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.193888, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.193931, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.193971, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.194012, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.194050, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.194086, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.194148, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.194199, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.194250, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.194278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.194318, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.194355, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.194393, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.194434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.194471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.194502, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.194531, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.194556, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.194583, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.194602, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.194613, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61057 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.195876, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.195908, 3] smbd/process.c:1662(process_smb) Transaction 205 of length 132 (0 toread) [2012/11/09 16:29:17.195928, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.195938, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61121 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8234 (0x202A) smb_bcc=61 [2012/11/09 16:29:17.196180, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.196202, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.196223, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.196244, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.196261, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.196279, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.196299, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202a) [2012/11/09 16:29:17.196328, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.196353, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.196374, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.196394, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.196414, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.196485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.196528, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.196565, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.196585, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.196612, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.196636, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.196659, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.196678, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.196689, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61121 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.198428, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.198459, 3] smbd/process.c:1662(process_smb) Transaction 206 of length 45 (0 toread) [2012/11/09 16:29:17.198478, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.198489, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61185 smt_wct=3 smb_vwv[ 0]= 8234 (0x202A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.198603, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.198629, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.198649, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8234 (numopen=3) [2012/11/09 16:29:17.198668, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.198707, 5] smbd/files.c:482(file_free) freed files structure 8234 (2 used) [2012/11/09 16:29:17.198729, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.198740, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61185 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.199879, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.199910, 3] smbd/process.c:1662(process_smb) Transaction 207 of length 106 (0 toread) [2012/11/09 16:29:17.199929, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.199940, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61249 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.200237, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.200259, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.200281, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.200302, 5] smbd/files.c:140(file_new) allocated file structure 4139, fnum = 8235 (3 used) [2012/11/09 16:29:17.200326, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.200369, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.200396, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.201593, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.201626, 3] smbd/process.c:1662(process_smb) Transaction 208 of length 228 (0 toread) [2012/11/09 16:29:17.201645, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.201656, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61313 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8235 (0x202B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.201845, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.201865, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.201885, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202b name: spoolss len: 160 [2012/11/09 16:29:17.201906, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.201945, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.201976, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.201997, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.202016, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.202045, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.203143, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.203174, 3] smbd/process.c:1662(process_smb) Transaction 209 of length 63 (0 toread) [2012/11/09 16:29:17.203193, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.203203, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61377 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8235 (0x202B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.203380, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.203400, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.203420, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.203450, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.203476, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.204518, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.204549, 3] smbd/process.c:1662(process_smb) Transaction 210 of length 296 (0 toread) [2012/11/09 16:29:17.204568, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.204578, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61441 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8235 (0x202B) smb_bcc=225 [2012/11/09 16:29:17.204781, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.204801, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.204822, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.204853, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.204883, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.204909, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.204928, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202b) [2012/11/09 16:29:17.204948, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.204971, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.204992, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.205012, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.205043, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.205082, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.205107, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.205156, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.205176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.205214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.205251, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.205271, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.205293, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.205313, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.205348, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.205375, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.205396, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.205426, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.205449, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.205468, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.205486, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.205556, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.205603, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.205672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.205716, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.205758, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.205798, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.205857, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.205906, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.205943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.205988, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.206035, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.206085, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.206113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.206152, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.206189, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.206215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.206255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.206292, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.206332, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.206363, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.206388, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.206428, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.206456, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.206468, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61441 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.207969, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.208021, 3] smbd/process.c:1662(process_smb) Transaction 211 of length 132 (0 toread) [2012/11/09 16:29:17.208052, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.208071, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61505 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8235 (0x202B) smb_bcc=61 [2012/11/09 16:29:17.208434, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.208486, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.208527, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.208565, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.208593, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.208619, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.208647, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202b) [2012/11/09 16:29:17.208675, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.208709, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.208738, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.208766, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.208794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.208857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.208926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.208997, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.209037, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.209107, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.209147, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.209180, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.209208, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.209223, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61505 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.210385, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.210425, 3] smbd/process.c:1662(process_smb) Transaction 212 of length 106 (0 toread) [2012/11/09 16:29:17.210453, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.210467, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61568 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.210828, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.210852, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.210875, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.210898, 5] smbd/files.c:140(file_new) allocated file structure 4140, fnum = 8236 (4 used) [2012/11/09 16:29:17.210925, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.210985, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.211028, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.212120, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.212153, 3] smbd/process.c:1662(process_smb) Transaction 213 of length 45 (0 toread) [2012/11/09 16:29:17.212173, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.212185, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61632 smt_wct=3 smb_vwv[ 0]= 8235 (0x202B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.212304, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.212325, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.212345, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8235 (numopen=4) [2012/11/09 16:29:17.212365, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.212427, 5] smbd/files.c:482(file_free) freed files structure 8235 (3 used) [2012/11/09 16:29:17.212500, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.212522, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61632 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.213732, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.213770, 3] smbd/process.c:1662(process_smb) Transaction 214 of length 228 (0 toread) [2012/11/09 16:29:17.213792, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.213804, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61696 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8236 (0x202C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.214050, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.214073, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.214094, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202c name: spoolss len: 160 [2012/11/09 16:29:17.214115, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.214147, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.214169, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.214189, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.214210, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.214241, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.215324, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.215361, 3] smbd/process.c:1662(process_smb) Transaction 215 of length 63 (0 toread) [2012/11/09 16:29:17.215383, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.215394, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61760 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8236 (0x202C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.215597, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.215621, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.215647, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.215669, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.215707, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.216706, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.216742, 3] smbd/process.c:1662(process_smb) Transaction 216 of length 296 (0 toread) [2012/11/09 16:29:17.216771, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.216792, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61824 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8236 (0x202C) smb_bcc=225 [2012/11/09 16:29:17.217025, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.217047, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.217071, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.217094, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.217112, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.217134, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.217160, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202c) [2012/11/09 16:29:17.217181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.217217, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.217241, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.217262, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.217296, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.217337, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.217364, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.217422, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.217443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.217482, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.217520, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.217542, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.217581, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.217604, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.217634, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.217672, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.217695, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.217737, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.217766, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.217797, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.217819, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.217911, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.217964, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218066, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.218110, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.218159, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.218205, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.218245, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.218282, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.218329, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.218377, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218428, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.218458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218499, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218537, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.218575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218624, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.218664, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.218697, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.218727, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.218753, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.218780, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.218801, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.218812, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61824 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.220208, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.220239, 3] smbd/process.c:1662(process_smb) Transaction 217 of length 132 (0 toread) [2012/11/09 16:29:17.220259, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.220271, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61888 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8236 (0x202C) smb_bcc=61 [2012/11/09 16:29:17.220546, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.220569, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.220592, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.220613, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.220631, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.220650, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.220668, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202c) [2012/11/09 16:29:17.220688, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.220711, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.220733, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.220753, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.220774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.220813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.220851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.220889, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.220910, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.220936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.220961, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.220985, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.221005, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.221016, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=61888 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.222521, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.222561, 3] smbd/process.c:1662(process_smb) Transaction 218 of length 45 (0 toread) [2012/11/09 16:29:17.222583, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.222595, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61952 smt_wct=3 smb_vwv[ 0]= 8236 (0x202C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.222715, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.222736, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.222756, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8236 (numopen=3) [2012/11/09 16:29:17.222776, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.222819, 5] smbd/files.c:482(file_free) freed files structure 8236 (2 used) [2012/11/09 16:29:17.222843, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.222855, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=61952 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.224086, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.224119, 3] smbd/process.c:1662(process_smb) Transaction 219 of length 106 (0 toread) [2012/11/09 16:29:17.224140, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.224152, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62016 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.224496, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.224520, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.224543, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.224565, 5] smbd/files.c:140(file_new) allocated file structure 4141, fnum = 8237 (3 used) [2012/11/09 16:29:17.224592, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.224642, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.224670, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.225930, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.225962, 3] smbd/process.c:1662(process_smb) Transaction 220 of length 228 (0 toread) [2012/11/09 16:29:17.225982, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.225994, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62080 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8237 (0x202D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.226211, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.226233, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.226253, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202d name: spoolss len: 160 [2012/11/09 16:29:17.226274, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.226300, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.226325, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.226360, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.226391, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.226424, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.227554, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.227587, 3] smbd/process.c:1662(process_smb) Transaction 221 of length 63 (0 toread) [2012/11/09 16:29:17.227607, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.227619, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62144 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8237 (0x202D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.227803, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.227824, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.227846, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.227867, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.227892, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.229049, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.229082, 3] smbd/process.c:1662(process_smb) Transaction 222 of length 296 (0 toread) [2012/11/09 16:29:17.229102, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.229114, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62208 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8237 (0x202D) smb_bcc=225 [2012/11/09 16:29:17.229358, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.229382, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.229417, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.229441, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.229459, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.229479, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.229497, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202d) [2012/11/09 16:29:17.229518, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.229542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.229564, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.229585, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.229619, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.229661, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.229688, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.229743, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.229764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.229803, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.229841, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.229864, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.229888, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.229909, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.229935, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.229965, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.229987, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.230020, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.230045, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.230064, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.230083, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.230169, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.230220, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230299, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230362, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.230409, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.230451, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.230493, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.230533, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.230570, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.230617, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.230665, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230716, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.230746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230787, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230825, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.230853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.230955, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.230995, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.231026, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.231052, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.231079, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.231100, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.231112, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62208 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.232202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.232242, 3] smbd/process.c:1662(process_smb) Transaction 223 of length 132 (0 toread) [2012/11/09 16:29:17.232264, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.232276, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62272 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8237 (0x202D) smb_bcc=61 [2012/11/09 16:29:17.232567, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.232591, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.232614, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.232635, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.232654, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.232673, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.232692, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202d) [2012/11/09 16:29:17.232713, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.232736, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.232759, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.232779, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.232800, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.232840, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.232879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.232918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.232939, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.232966, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.232991, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.233016, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.233037, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.233049, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62272 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.234357, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.234392, 3] smbd/process.c:1662(process_smb) Transaction 224 of length 45 (0 toread) [2012/11/09 16:29:17.234412, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.234424, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62336 smt_wct=3 smb_vwv[ 0]= 8237 (0x202D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.234556, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.234578, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.234598, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8237 (numopen=3) [2012/11/09 16:29:17.234623, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.234665, 5] smbd/files.c:482(file_free) freed files structure 8237 (2 used) [2012/11/09 16:29:17.234688, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.234700, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62336 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.237233, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.237269, 3] smbd/process.c:1662(process_smb) Transaction 225 of length 106 (0 toread) [2012/11/09 16:29:17.237290, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.237301, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62400 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.237575, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.237596, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.237618, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.237642, 5] smbd/files.c:140(file_new) allocated file structure 4142, fnum = 8238 (3 used) [2012/11/09 16:29:17.237689, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.237780, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.237826, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.239224, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.239264, 3] smbd/process.c:1662(process_smb) Transaction 226 of length 228 (0 toread) [2012/11/09 16:29:17.239284, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.239302, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62464 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8238 (0x202E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.239522, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.239545, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.239584, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202e name: spoolss len: 160 [2012/11/09 16:29:17.239613, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.239648, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.239671, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.239691, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.239711, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.239742, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.240527, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x890 [2012/11/09 16:29:17.240568, 3] smbd/process.c:1662(process_smb) Transaction 227 of length 2196 (0 toread) [2012/11/09 16:29:17.240590, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.240601, 5] lib/util.c:342(show_msg) size=2192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62529 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2108 (0x83C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2108 (0x83C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2125 [2012/11/09 16:29:17.240823, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.240846, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.240879, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2108 params=0 setup=2 [2012/11/09 16:29:17.240908, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.240927, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.240946, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.240965, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:17.240986, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2108 [2012/11/09 16:29:17.241032, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.241061, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:17.241083, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:17.241105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.241147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.241200, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.241229, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.241256, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.241287, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.241310, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.241362, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.241390, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.241409, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.241428, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.241530, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.241585, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.241657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.241706, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.241751, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.241807, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.241852, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.241892, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.241935, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.241991, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.242057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242227, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242281, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242380, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242463, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242496, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242670, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242767, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242844, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.242920, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.242955, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243010, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243167, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243381, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243461, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243547, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243639, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243721, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.243896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.243950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244036, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.244074, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.244120, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.244202, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.244243, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.244299, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.244506, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.244549, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.244589, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.244627, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.244664, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.244709, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.244760, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244827, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.244872, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.244891, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.244951, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245003, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.245024, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.245059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245103, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245142, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.245171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245224, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245265, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.245294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245375, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.245404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245485, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.245530, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.245560, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.245590, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.245612, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.245671, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.245699, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.245719, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.245739, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.245810, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.245857, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.245977, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.246020, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.246062, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.246103, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.246143, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.246184, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.246263, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.246341, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.246451, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.246526, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.246561, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.246641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.246716, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.246749, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.246794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.246876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.246955, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.247004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.247079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.247147, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.247211, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.247263, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:17.247304, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 7481 [2012/11/09 16:29:17.247356, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) [2012/11/09 16:29:17.247392, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.247411, 5] lib/util.c:342(show_msg) size=2144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62529 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2088 (0x828) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2088 (0x828) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2089 [2012/11/09 16:29:17.247703, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.247741, 3] smbd/process.c:1662(process_smb) Transaction 228 of length 63 (0 toread) [2012/11/09 16:29:17.247772, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.247791, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62592 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8238 (0x202E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.248086, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.248120, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.248154, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.248187, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.248226, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.248958, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.249008, 3] smbd/process.c:1662(process_smb) Transaction 229 of length 106 (0 toread) [2012/11/09 16:29:17.249046, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.249097, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62658 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.249570, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.249611, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.249653, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.249695, 5] smbd/files.c:140(file_new) allocated file structure 4143, fnum = 8239 (4 used) [2012/11/09 16:29:17.249744, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.249819, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.249865, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.249944, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x13c [2012/11/09 16:29:17.249987, 3] smbd/process.c:1662(process_smb) Transaction 230 of length 320 (0 toread) [2012/11/09 16:29:17.250024, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.250046, 5] lib/util.c:342(show_msg) size=316 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62720 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 232 (0xE8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 232 (0xE8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8238 (0x202E) smb_bcc=249 [2012/11/09 16:29:17.250400, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.250439, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.250498, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=232 params=0 setup=2 [2012/11/09 16:29:17.250540, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.250575, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.250611, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.250648, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202e) [2012/11/09 16:29:17.250690, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 232 [2012/11/09 16:29:17.250729, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.250765, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.250797, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708, LocalOnly [2012/11/09 16:29:17.250846, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.250914, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708, LocalOnly Printer is a printer [2012/11/09 16:29:17.250952, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708, LocalOnly (len=30) searching for [yyyp0708, LocalOnly] stripped handlename: [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.251054, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.251091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.251163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.251238, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.251277, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.251315, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.251346, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.251384, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.251433, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.251472, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.251525, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.251565, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.251600, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.251668, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.251792, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.251870, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.251986, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252071, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.252147, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.252215, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.252290, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.252370, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.252434, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.252545, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.252620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252678, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.252708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252788, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.252815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.252895, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.252927, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.252958, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.252984, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.253012, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.253034, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.253046, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62720 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.254052, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.254090, 3] smbd/process.c:1662(process_smb) Transaction 231 of length 106 (0 toread) [2012/11/09 16:29:17.254123, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.254136, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62786 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.254407, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.254427, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.254450, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.254486, 5] smbd/files.c:140(file_new) allocated file structure 4144, fnum = 8240 (5 used) [2012/11/09 16:29:17.254517, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.254568, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.254597, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.254639, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.254666, 3] smbd/process.c:1662(process_smb) Transaction 232 of length 132 (0 toread) [2012/11/09 16:29:17.254685, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.254696, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62848 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8238 (0x202E) smb_bcc=61 [2012/11/09 16:29:17.254908, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.254928, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.254950, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.254971, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.254989, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.255008, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.255027, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202e) [2012/11/09 16:29:17.255047, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.255072, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.255094, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.255114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.255135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.255186, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.255226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.255264, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.255285, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.255313, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.255339, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.255365, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.255386, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.255397, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=62848 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.256645, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.256677, 3] smbd/process.c:1662(process_smb) Transaction 233 of length 228 (0 toread) [2012/11/09 16:29:17.256697, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.256708, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62914 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8239 (0x202F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.256938, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.256960, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.256981, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 202f name: spoolss len: 160 [2012/11/09 16:29:17.257002, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.257026, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.257047, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.257067, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.257087, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.257116, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.257155, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.257180, 3] smbd/process.c:1662(process_smb) Transaction 234 of length 228 (0 toread) [2012/11/09 16:29:17.257199, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.257211, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=62977 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8240 (0x2030) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.257419, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.257440, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.257460, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2030 name: spoolss len: 160 [2012/11/09 16:29:17.257480, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.257504, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.257524, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.257543, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.257563, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.257591, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.257628, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.257654, 3] smbd/process.c:1662(process_smb) Transaction 235 of length 45 (0 toread) [2012/11/09 16:29:17.257674, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.257685, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63040 smt_wct=3 smb_vwv[ 0]= 8238 (0x202E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.257812, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.257833, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.257854, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8238 (numopen=5) [2012/11/09 16:29:17.257874, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.257916, 5] smbd/files.c:482(file_free) freed files structure 8238 (4 used) [2012/11/09 16:29:17.257939, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.257950, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63040 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.259306, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.259351, 3] smbd/process.c:1662(process_smb) Transaction 236 of length 63 (0 toread) [2012/11/09 16:29:17.259376, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.259388, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63104 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8240 (0x2030) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.259569, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.259590, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.259611, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.259641, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.259668, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.259705, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.259730, 3] smbd/process.c:1662(process_smb) Transaction 237 of length 63 (0 toread) [2012/11/09 16:29:17.259750, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.259761, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63169 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8239 (0x202F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.259943, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.259963, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.259984, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.260005, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.260028, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.260958, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.260994, 3] smbd/process.c:1662(process_smb) Transaction 238 of length 296 (0 toread) [2012/11/09 16:29:17.261016, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.261028, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63233 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8240 (0x2030) smb_bcc=225 [2012/11/09 16:29:17.261242, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.261263, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.261286, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.261308, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.261327, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.261346, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.261365, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2030) [2012/11/09 16:29:17.261385, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.261409, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.261431, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.261452, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.261496, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.261561, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.261604, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.261690, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.261718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.261758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.261797, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.261819, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.261843, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.261865, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.261890, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.261919, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.261942, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.261973, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.261998, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.262017, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.262035, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.262114, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.262164, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262267, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.262309, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.262350, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.262391, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.262431, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.262477, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.262557, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.262623, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262687, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.262719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262761, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262799, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.262827, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262869, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.262907, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.262938, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.262969, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.262995, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.263022, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.263042, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.263054, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63233 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.264029, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x114 [2012/11/09 16:29:17.264062, 3] smbd/process.c:1662(process_smb) Transaction 239 of length 280 (0 toread) [2012/11/09 16:29:17.264083, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.264094, 5] lib/util.c:342(show_msg) size=276 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63296 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 192 (0xC0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8239 (0x202F) smb_bcc=209 [2012/11/09 16:29:17.264317, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.264354, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.264382, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=192 params=0 setup=2 [2012/11/09 16:29:17.264405, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.264433, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.264489, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.264522, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202f) [2012/11/09 16:29:17.264557, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2012/11/09 16:29:17.264584, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.264606, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.264627, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031 [2012/11/09 16:29:17.264659, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.264700, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031 Printer is a print server [2012/11/09 16:29:17.264726, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031 (len=10) [2012/11/09 16:29:17.264747, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 4 printer handles active [2012/11/09 16:29:17.264766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.264805, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) Setting print server access = SERVER_ACCESS_ENUMERATE [2012/11/09 16:29:17.264826, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.264853, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.264877, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.264902, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.264923, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.264934, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63296 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.265940, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.265974, 3] smbd/process.c:1662(process_smb) Transaction 240 of length 132 (0 toread) [2012/11/09 16:29:17.265995, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.266006, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63361 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8240 (0x2030) smb_bcc=61 [2012/11/09 16:29:17.266218, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.266239, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.266261, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.266283, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.266301, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.266333, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.266356, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2030) [2012/11/09 16:29:17.266376, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.266400, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.266422, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.266443, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.266478, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.266537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.266578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.266616, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.266637, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.266664, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.266690, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.266714, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.266735, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.266746, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63361 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.267686, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.267718, 3] smbd/process.c:1662(process_smb) Transaction 241 of length 132 (0 toread) [2012/11/09 16:29:17.267738, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.267750, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63424 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8239 (0x202F) smb_bcc=61 [2012/11/09 16:29:17.267962, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.267983, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.268005, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.268027, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.268046, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.268065, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.268098, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 202f) [2012/11/09 16:29:17.268120, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.268144, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.268166, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.268187, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.268207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.268247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.268286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.268344, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.268368, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.268396, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.268421, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.268445, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.268488, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.268502, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63424 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.269631, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x890 [2012/11/09 16:29:17.269674, 3] smbd/process.c:1662(process_smb) Transaction 242 of length 2196 (0 toread) [2012/11/09 16:29:17.269696, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.269707, 5] lib/util.c:342(show_msg) size=2192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63490 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2108 (0x83C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 2108 (0x83C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=2125 [2012/11/09 16:29:17.269925, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.269946, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.269969, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=2108 params=0 setup=2 [2012/11/09 16:29:17.269992, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.270011, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.270030, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.270049, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:17.270084, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 2108 [2012/11/09 16:29:17.270112, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.270135, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:17.270156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:17.270179, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.270221, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.270259, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.270283, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.270313, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.270367, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.270398, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.270429, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.270453, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.270473, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.270492, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.270574, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.270660, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.270726, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.270771, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.270816, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.270858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.270899, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.270938, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.270975, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.271023, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.271073, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271256, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271317, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271409, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271486, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271520, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271563, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271596, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271644, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271721, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271797, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.271949, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.271994, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272039, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272115, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272190, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272334, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272499, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272582, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272660, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272754, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272791, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272843, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.272941, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.272961, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.272994, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273038, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.273057, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.273096, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.273140, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273258, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.273301, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.273357, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.273404, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.273444, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.273481, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.273527, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.273577, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273680, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.273710, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.273766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273812, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.273833, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.273868, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273911, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.273950, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.273979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274061, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.274089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274169, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.274199, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274299, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.274347, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.274376, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.274406, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.274429, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.274477, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.274504, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.274524, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.274542, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.274632, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.274681, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.274782, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.274824, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.274865, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.274906, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.274945, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.274982, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.275029, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.275078, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275191, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.275217, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.275271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275318, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:17.275338, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:17.275368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275411, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275449, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.275479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.275574, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.275640, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.275682, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:17.275710, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 7481 [2012/11/09 16:29:17.275745, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) [2012/11/09 16:29:17.275768, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.275780, 5] lib/util.c:342(show_msg) size=2144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63490 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2088 (0x828) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 2088 (0x828) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=2089 [2012/11/09 16:29:17.275980, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.276006, 3] smbd/process.c:1662(process_smb) Transaction 243 of length 106 (0 toread) [2012/11/09 16:29:17.276026, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.276037, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63555 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.276353, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.276377, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.276399, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.276422, 5] smbd/files.c:140(file_new) allocated file structure 4145, fnum = 8241 (5 used) [2012/11/09 16:29:17.276448, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.276517, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.276546, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.276585, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x64 [2012/11/09 16:29:17.276611, 3] smbd/process.c:1662(process_smb) Transaction 244 of length 104 (0 toread) [2012/11/09 16:29:17.276631, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.276642, 5] lib/util.c:342(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=1240 smb_uid=101 smb_mid=63616 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2012/11/09 16:29:17.276922, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.276973, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.276996, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2012/11/09 16:29:17.277017, 5] smbd/files.c:140(file_new) allocated file structure 4146, fnum = 8242 (6 used) [2012/11/09 16:29:17.277041, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2012/11/09 16:29:17.277081, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2012/11/09 16:29:17.277110, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2012/11/09 16:29:17.277684, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.277716, 3] smbd/process.c:1662(process_smb) Transaction 245 of length 45 (0 toread) [2012/11/09 16:29:17.277736, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.277747, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63683 smt_wct=3 smb_vwv[ 0]= 8240 (0x2030) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.277865, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.277885, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.277905, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8240 (numopen=6) [2012/11/09 16:29:17.277925, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.277966, 5] smbd/files.c:482(file_free) freed files structure 8240 (5 used) [2012/11/09 16:29:17.277988, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.278000, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63683 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.278149, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/11/09 16:29:17.278176, 3] smbd/process.c:1662(process_smb) Transaction 246 of length 76 (0 toread) [2012/11/09 16:29:17.278196, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.278207, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=1240 smb_uid=101 smb_mid=63744 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/11/09 16:29:17.278410, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.278430, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.278453, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/11/09 16:29:17.278474, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/11/09 16:29:17.278493, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.278504, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1240 smb_uid=101 smb_mid=63744 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:17.279418, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.279450, 3] smbd/process.c:1662(process_smb) Transaction 247 of length 45 (0 toread) [2012/11/09 16:29:17.279469, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.279481, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63808 smt_wct=3 smb_vwv[ 0]= 8239 (0x202F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.279598, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.279632, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.279657, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8239 (numopen=5) [2012/11/09 16:29:17.279677, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.279713, 5] smbd/files.c:482(file_free) freed files structure 8239 (4 used) [2012/11/09 16:29:17.279736, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.279748, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63808 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.279861, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.279887, 3] smbd/process.c:1662(process_smb) Transaction 248 of length 228 (0 toread) [2012/11/09 16:29:17.279907, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.279918, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=63875 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8242 (0x2032) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.280129, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.280151, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.280172, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2032 name: lsarpc len: 160 [2012/11/09 16:29:17.280192, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.280218, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\dssetup -> \PIPE\dssetup [2012/11/09 16:29:17.280239, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.280259, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2012/11/09 16:29:17.280279, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\dssetup -> \PIPE\dssetup [2012/11/09 16:29:17.280309, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.281171, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.281204, 3] smbd/process.c:1662(process_smb) Transaction 249 of length 106 (0 toread) [2012/11/09 16:29:17.281224, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.281236, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=63939 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.281537, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.281560, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.281582, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.281603, 5] smbd/files.c:140(file_new) allocated file structure 4147, fnum = 8243 (5 used) [2012/11/09 16:29:17.281632, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.281676, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.281704, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.281736, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.281760, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.281779, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.281810, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:17.281841, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.281863, 3] smbd/process.c:1662(process_smb) Transaction 250 of length 63 (0 toread) [2012/11/09 16:29:17.281881, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.281892, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64000 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8242 (0x2032) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.282089, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.282113, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.282134, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:17.289720, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:17.293057, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:17.293095, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 1024 [2012/11/09 16:29:17.293119, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 28 [2012/11/09 16:29:17.293146, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.293204, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.293231, 3] smbd/process.c:1662(process_smb) Transaction 251 of length 228 (0 toread) [2012/11/09 16:29:17.293250, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.293262, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64067 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8241 (0x2031) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.293498, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.293521, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.293542, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2031 name: spoolss len: 160 [2012/11/09 16:29:17.293564, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.293591, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.293613, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.293633, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.293653, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.293685, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.293736, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.293768, 3] smbd/process.c:1662(process_smb) Transaction 252 of length 228 (0 toread) [2012/11/09 16:29:17.293788, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.293799, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64130 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8243 (0x2033) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.293997, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.294017, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.294038, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2033 name: spoolss len: 160 [2012/11/09 16:29:17.294058, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.294082, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.294103, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.294123, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.294142, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.294171, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.295222, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x6e [2012/11/09 16:29:17.295257, 3] smbd/process.c:1662(process_smb) Transaction 253 of length 114 (0 toread) [2012/11/09 16:29:17.295283, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.295307, 5] lib/util.c:342(show_msg) size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=1240 smb_uid=101 smb_mid=64194 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8242 (0x2032) smb_bcc=43 [2012/11/09 16:29:17.295541, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.295563, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.295588, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=26 params=0 setup=2 [2012/11/09 16:29:17.295610, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.295661, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.295696, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.295727, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2032) [2012/11/09 16:29:17.295763, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 26 [2012/11/09 16:29:17.295807, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\lsarpc [2012/11/09 16:29:17.295833, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2012/11/09 16:29:17.295862, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[0].fn == 0x7fa2ea38bf30 [2012/11/09 16:29:17.295917, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2012/11/09 16:29:17.295949, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \lsarpc len: 1024 [2012/11/09 16:29:17.295975, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 86 [2012/11/09 16:29:17.296002, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..160] (align 0) [2012/11/09 16:29:17.296023, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.296035, 5] lib/util.c:342(show_msg) size=216 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1240 smb_uid=101 smb_mid=64194 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 160 (0xA0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.296960, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.296993, 3] smbd/process.c:1662(process_smb) Transaction 254 of length 63 (0 toread) [2012/11/09 16:29:17.297014, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.297026, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64259 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8241 (0x2031) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.297246, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.297268, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.297290, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.297312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.297336, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.297375, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.297416, 3] smbd/process.c:1662(process_smb) Transaction 255 of length 63 (0 toread) [2012/11/09 16:29:17.297437, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.297449, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64320 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8243 (0x2033) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.297649, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.297676, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.297698, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.297720, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.297745, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.297783, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.297809, 3] smbd/process.c:1662(process_smb) Transaction 256 of length 45 (0 toread) [2012/11/09 16:29:17.297829, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.297840, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64386 smt_wct=3 smb_vwv[ 0]= 8242 (0x2032) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.297959, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.297979, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.297999, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8242 (numopen=5) [2012/11/09 16:29:17.298019, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.298060, 5] smbd/files.c:482(file_free) freed files structure 8242 (4 used) [2012/11/09 16:29:17.298082, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.298094, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64386 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.299107, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.299140, 3] smbd/process.c:1662(process_smb) Transaction 257 of length 296 (0 toread) [2012/11/09 16:29:17.299161, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.299172, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64450 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8243 (0x2033) smb_bcc=225 [2012/11/09 16:29:17.299387, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.299408, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.299430, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.299452, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.299483, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.299503, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.299522, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2033) [2012/11/09 16:29:17.299543, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.299571, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.299606, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.299647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.299687, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.299730, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.299756, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.299812, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.299833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.299873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.299912, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.299934, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.299959, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.299981, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.300008, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.300039, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.300061, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.300090, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.300114, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.300134, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.300162, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.300294, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.300378, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.300530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.300639, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.300725, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.300800, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.300850, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.300892, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.300930, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.300981, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.301034, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.301089, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.301121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.301163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.301202, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.301231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.301273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.301312, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.301347, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.301440, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.301470, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.301499, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.301521, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.301533, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64450 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.302545, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x114 [2012/11/09 16:29:17.302580, 3] smbd/process.c:1662(process_smb) Transaction 258 of length 280 (0 toread) [2012/11/09 16:29:17.302601, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.302612, 5] lib/util.c:342(show_msg) size=276 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 192 (0xC0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8241 (0x2031) smb_bcc=209 [2012/11/09 16:29:17.302844, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.302867, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.302891, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=192 params=0 setup=2 [2012/11/09 16:29:17.302914, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.302933, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.302952, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.302971, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2031) [2012/11/09 16:29:17.302992, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2012/11/09 16:29:17.303018, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.303040, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.303062, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031 [2012/11/09 16:29:17.303096, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.303137, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031 Printer is a print server [2012/11/09 16:29:17.303164, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031 (len=10) [2012/11/09 16:29:17.303186, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 4 printer handles active [2012/11/09 16:29:17.303205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.303245, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) Setting print server access = SERVER_ACCESS_ADMINISTER [2012/11/09 16:29:17.303266, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.303294, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.303319, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.303345, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.303365, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.303377, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.304386, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.304419, 3] smbd/process.c:1662(process_smb) Transaction 259 of length 132 (0 toread) [2012/11/09 16:29:17.304440, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.304451, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64578 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8243 (0x2033) smb_bcc=61 [2012/11/09 16:29:17.304698, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.304722, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.304744, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.304766, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.304785, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.304804, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.304823, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2033) [2012/11/09 16:29:17.304843, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.304868, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.304890, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.304911, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.304933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.304973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.305011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.305050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.305071, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.305098, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.305123, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.305148, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.305169, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.305181, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64578 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.306200, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.306248, 3] smbd/process.c:1662(process_smb) Transaction 260 of length 106 (0 toread) [2012/11/09 16:29:17.306270, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.306281, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64643 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.306566, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.306588, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.306612, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.306635, 5] smbd/files.c:140(file_new) allocated file structure 4148, fnum = 8244 (5 used) [2012/11/09 16:29:17.306662, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.306716, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.306745, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.306784, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.306810, 3] smbd/process.c:1662(process_smb) Transaction 261 of length 132 (0 toread) [2012/11/09 16:29:17.306830, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.306842, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64704 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8241 (0x2031) smb_bcc=61 [2012/11/09 16:29:17.307056, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.307077, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.307099, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.307120, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.307139, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.307158, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.307177, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2031) [2012/11/09 16:29:17.307197, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.307220, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.307242, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.307263, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.307284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.307323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.307377, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.307417, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.307438, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.307465, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.307491, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.307516, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.307536, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.307548, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=64704 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.310834, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.310870, 3] smbd/process.c:1662(process_smb) Transaction 262 of length 45 (0 toread) [2012/11/09 16:29:17.310891, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.310902, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64768 smt_wct=3 smb_vwv[ 0]= 8243 (0x2033) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.311023, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.311044, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.311064, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8243 (numopen=5) [2012/11/09 16:29:17.311085, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.311127, 5] smbd/files.c:482(file_free) freed files structure 8243 (4 used) [2012/11/09 16:29:17.311150, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.311162, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64768 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.312059, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.312091, 3] smbd/process.c:1662(process_smb) Transaction 263 of length 45 (0 toread) [2012/11/09 16:29:17.312112, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.312123, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64832 smt_wct=3 smb_vwv[ 0]= 8241 (0x2031) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.312243, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.312263, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.312284, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8241 (numopen=4) [2012/11/09 16:29:17.312312, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.312372, 5] smbd/files.c:482(file_free) freed files structure 8241 (3 used) [2012/11/09 16:29:17.312415, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.312431, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64832 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.313417, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.313461, 3] smbd/process.c:1662(process_smb) Transaction 264 of length 228 (0 toread) [2012/11/09 16:29:17.313492, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.313506, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64896 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8244 (0x2034) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.313705, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.313727, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.313748, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2034 name: spoolss len: 160 [2012/11/09 16:29:17.313769, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.313796, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.313819, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.313839, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.313860, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.313892, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.315382, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.315415, 3] smbd/process.c:1662(process_smb) Transaction 265 of length 63 (0 toread) [2012/11/09 16:29:17.315435, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.315447, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8244 (0x2034) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.315663, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.315686, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.315709, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.315731, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.315755, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.316948, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.317016, 3] smbd/process.c:1662(process_smb) Transaction 266 of length 296 (0 toread) [2012/11/09 16:29:17.317051, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.317071, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8244 (0x2034) smb_bcc=225 [2012/11/09 16:29:17.317460, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.317497, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.317543, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.317585, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.317615, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.317651, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.317687, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2034) [2012/11/09 16:29:17.317721, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.317767, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.317804, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.317842, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.317903, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.317969, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.317998, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.318057, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.318077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.318115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.318153, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.318176, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.318200, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.318222, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.318249, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.318280, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.318302, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.318338, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.318363, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.318382, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.318412, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.318513, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.318594, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.318698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.318781, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.318852, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.318921, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.318990, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.319050, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.319104, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.319177, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.319253, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.319334, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.319373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.319441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.319507, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.319552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.319625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.319689, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.319734, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.319776, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.319813, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.319852, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.319882, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.319899, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.321380, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.321423, 3] smbd/process.c:1662(process_smb) Transaction 267 of length 132 (0 toread) [2012/11/09 16:29:17.321452, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.321469, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8244 (0x2034) smb_bcc=61 [2012/11/09 16:29:17.321776, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.321807, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.321840, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.321871, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.321898, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.321925, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.321953, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2034) [2012/11/09 16:29:17.321982, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.322015, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.322046, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.322075, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.322106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.322174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.322240, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.322305, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.322335, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.322373, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.322408, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.322443, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.322472, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.322489, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.323465, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.323512, 3] smbd/process.c:1662(process_smb) Transaction 268 of length 106 (0 toread) [2012/11/09 16:29:17.323548, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.323570, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65155 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.324031, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.324067, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.324107, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.324145, 5] smbd/files.c:140(file_new) allocated file structure 4149, fnum = 8245 (4 used) [2012/11/09 16:29:17.324189, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.324266, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.324307, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.325236, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.325277, 3] smbd/process.c:1662(process_smb) Transaction 269 of length 45 (0 toread) [2012/11/09 16:29:17.325306, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.325322, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=65219 smt_wct=3 smb_vwv[ 0]= 8244 (0x2034) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.325493, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.325524, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.325552, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8244 (numopen=4) [2012/11/09 16:29:17.325580, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.325660, 5] smbd/files.c:482(file_free) freed files structure 8244 (3 used) [2012/11/09 16:29:17.325696, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.325713, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=65219 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.326935, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.326975, 3] smbd/process.c:1662(process_smb) Transaction 270 of length 228 (0 toread) [2012/11/09 16:29:17.327002, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.327018, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=65283 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8245 (0x2035) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.327359, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.327392, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.327424, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2035 name: spoolss len: 160 [2012/11/09 16:29:17.327452, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.327491, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.327529, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.327561, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.327599, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.327647, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.328520, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.328569, 3] smbd/process.c:1662(process_smb) Transaction 271 of length 63 (0 toread) [2012/11/09 16:29:17.328605, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.328628, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=65347 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8245 (0x2035) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.328893, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.328923, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.328954, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.328984, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.329018, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.329887, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.329927, 3] smbd/process.c:1662(process_smb) Transaction 272 of length 296 (0 toread) [2012/11/09 16:29:17.329956, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.329972, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65411 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8245 (0x2035) smb_bcc=225 [2012/11/09 16:29:17.330273, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.330302, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.330351, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.330385, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.330412, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.330439, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.330467, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2035) [2012/11/09 16:29:17.330495, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.330529, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.330560, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.330593, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.330648, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.330717, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.330754, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.330833, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.330862, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.330927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.330990, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.331021, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.331055, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.331085, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.331122, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.331164, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.331195, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.331239, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.331273, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.331300, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.331326, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.331493, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.331571, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.331666, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.331765, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.331839, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.331904, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.331965, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.332023, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.332076, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.332147, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.332221, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.332301, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.332341, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.332408, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.332505, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.332549, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.332617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.332682, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.332728, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.332770, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.332806, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.332844, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.332874, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.332890, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65411 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.334250, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.334294, 3] smbd/process.c:1662(process_smb) Transaction 273 of length 132 (0 toread) [2012/11/09 16:29:17.334327, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.334369, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65475 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8245 (0x2035) smb_bcc=61 [2012/11/09 16:29:17.334806, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.334865, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.334909, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.334975, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.335009, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.335054, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.335090, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2035) [2012/11/09 16:29:17.335121, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.335176, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.335212, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.335243, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.335272, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.335337, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.335401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.335464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.335493, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.335529, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.335563, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.335598, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.335664, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.335682, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=65475 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.336628, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.336669, 3] smbd/process.c:1662(process_smb) Transaction 274 of length 106 (0 toread) [2012/11/09 16:29:17.336697, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.336713, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=0 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.337112, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.337143, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.337174, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.337205, 5] smbd/files.c:140(file_new) allocated file structure 4150, fnum = 8246 (4 used) [2012/11/09 16:29:17.337242, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.337308, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.337345, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.338224, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.338270, 3] smbd/process.c:1662(process_smb) Transaction 275 of length 45 (0 toread) [2012/11/09 16:29:17.338306, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.338327, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64 smt_wct=3 smb_vwv[ 0]= 8245 (0x2035) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.338527, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.338564, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.338600, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8245 (numopen=4) [2012/11/09 16:29:17.338648, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.338725, 5] smbd/files.c:482(file_free) freed files structure 8245 (3 used) [2012/11/09 16:29:17.338766, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.338788, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=64 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.339806, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.339848, 3] smbd/process.c:1662(process_smb) Transaction 276 of length 228 (0 toread) [2012/11/09 16:29:17.339876, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.339893, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8246 (0x2036) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.340173, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.340202, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.340245, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2036 name: spoolss len: 160 [2012/11/09 16:29:17.340275, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.340309, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.340339, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.340366, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.340395, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.340436, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.341297, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.341337, 3] smbd/process.c:1662(process_smb) Transaction 277 of length 63 (0 toread) [2012/11/09 16:29:17.341363, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.341381, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8246 (0x2036) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.341644, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.341675, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.341706, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.341741, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.341775, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.342667, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.342706, 3] smbd/process.c:1662(process_smb) Transaction 278 of length 296 (0 toread) [2012/11/09 16:29:17.342734, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.342750, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=256 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8246 (0x2036) smb_bcc=225 [2012/11/09 16:29:17.343049, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.343078, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.343108, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.343138, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.343164, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.343190, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.343216, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2036) [2012/11/09 16:29:17.343244, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.343277, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.343319, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.343352, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.343402, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.343475, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.343524, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.343613, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.343650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.343725, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.343800, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.343839, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.343878, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.343915, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.343958, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.344005, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.344043, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.344094, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.344133, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.344167, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.344200, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.344321, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.344396, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.344515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.344590, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.344653, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.344714, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.344773, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.344844, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.344898, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.344968, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.345041, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.345121, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.345160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.345228, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.345291, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.345330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.345398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.345462, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.345506, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.345547, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.345583, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.345633, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.345670, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.345687, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=256 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.346796, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.346835, 3] smbd/process.c:1662(process_smb) Transaction 279 of length 132 (0 toread) [2012/11/09 16:29:17.346863, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.346879, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=320 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8246 (0x2036) smb_bcc=61 [2012/11/09 16:29:17.347183, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.347235, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.347269, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.347300, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.347327, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.347354, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.347380, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2036) [2012/11/09 16:29:17.347409, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.347442, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.347473, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.347502, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.347530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.347595, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.347666, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.347738, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.347774, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.347819, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.347861, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.347904, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.347941, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.347962, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.349014, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.349051, 3] smbd/process.c:1662(process_smb) Transaction 280 of length 106 (0 toread) [2012/11/09 16:29:17.349072, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.349084, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=387 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.349376, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.349417, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.349442, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.349464, 5] smbd/files.c:140(file_new) allocated file structure 4151, fnum = 8247 (4 used) [2012/11/09 16:29:17.349489, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.349535, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.349563, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.350492, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.350525, 3] smbd/process.c:1662(process_smb) Transaction 281 of length 45 (0 toread) [2012/11/09 16:29:17.350545, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.350557, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=451 smt_wct=3 smb_vwv[ 0]= 8246 (0x2036) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.350676, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.350697, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.350717, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8246 (numopen=4) [2012/11/09 16:29:17.350737, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.350775, 5] smbd/files.c:482(file_free) freed files structure 8246 (3 used) [2012/11/09 16:29:17.350798, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.350810, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=451 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.351814, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.351846, 3] smbd/process.c:1662(process_smb) Transaction 282 of length 228 (0 toread) [2012/11/09 16:29:17.351866, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.351878, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=515 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8247 (0x2037) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.352076, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.352096, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.352118, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2037 name: spoolss len: 160 [2012/11/09 16:29:17.352138, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.352163, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.352184, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.352203, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.352223, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.352266, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.353159, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.353193, 3] smbd/process.c:1662(process_smb) Transaction 283 of length 63 (0 toread) [2012/11/09 16:29:17.353213, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.353225, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=579 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8247 (0x2037) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.353430, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.353453, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.353475, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.353497, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.353522, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.354347, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.354380, 3] smbd/process.c:1662(process_smb) Transaction 284 of length 296 (0 toread) [2012/11/09 16:29:17.354400, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.354412, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=643 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8247 (0x2037) smb_bcc=225 [2012/11/09 16:29:17.354626, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.354647, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.354669, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.354691, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.354710, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.354728, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.354747, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2037) [2012/11/09 16:29:17.354767, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.354791, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.354813, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.354834, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.354867, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.354908, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.354949, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.355005, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.355026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.355065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.355103, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.355125, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.355149, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/11/09 16:29:17.355170, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.355196, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.355225, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.355266, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.355318, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.355348, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.355368, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.355387, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.355468, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.355517, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.355574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.355640, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.355692, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.355735, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.355777, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.355817, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.355853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.355901, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.355951, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.356002, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.356049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.356092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.356130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.356159, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.356201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.356269, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.356306, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.356337, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.356363, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.356390, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.356410, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.356422, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=643 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.357562, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.357594, 3] smbd/process.c:1662(process_smb) Transaction 285 of length 132 (0 toread) [2012/11/09 16:29:17.357614, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.357625, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=707 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8247 (0x2037) smb_bcc=61 [2012/11/09 16:29:17.357837, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.357857, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.357879, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.357901, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.357919, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.357937, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.357956, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2037) [2012/11/09 16:29:17.357976, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.358015, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.358039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.358059, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.358080, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.358119, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.358162, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.358223, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.358246, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.358274, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.358299, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.358323, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.358343, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.358355, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=707 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.359166, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:17.359215, 3] smbd/process.c:1662(process_smb) Transaction 286 of length 106 (0 toread) [2012/11/09 16:29:17.359253, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.359277, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=768 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:17.359678, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.359710, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.359741, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:17.359772, 5] smbd/files.c:140(file_new) allocated file structure 4152, fnum = 8248 (4 used) [2012/11/09 16:29:17.359808, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:17.359866, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:17.359921, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:17.360951, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.360993, 3] smbd/process.c:1662(process_smb) Transaction 287 of length 45 (0 toread) [2012/11/09 16:29:17.361022, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.361038, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=3 smb_vwv[ 0]= 8247 (0x2037) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.361229, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.361260, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.361289, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8247 (numopen=4) [2012/11/09 16:29:17.361317, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.361371, 5] smbd/files.c:482(file_free) freed files structure 8247 (3 used) [2012/11/09 16:29:17.361403, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.361421, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:17.362569, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:17.362612, 3] smbd/process.c:1662(process_smb) Transaction 288 of length 228 (0 toread) [2012/11/09 16:29:17.362653, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.362675, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=896 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8248 (0x2038) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:17.363100, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.363147, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.363192, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2038 name: spoolss len: 160 [2012/11/09 16:29:17.363233, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:17.363292, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.363342, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:17.363379, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:17.363423, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:17.363483, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:17.364344, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:17.364378, 3] smbd/process.c:1662(process_smb) Transaction 289 of length 63 (0 toread) [2012/11/09 16:29:17.364399, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.364410, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8248 (0x2038) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:17.364641, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.364664, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.364686, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.364707, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.364732, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:17.365572, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/11/09 16:29:17.365604, 3] smbd/process.c:1662(process_smb) Transaction 290 of length 296 (0 toread) [2012/11/09 16:29:17.365641, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.365662, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8248 (0x2038) smb_bcc=225 [2012/11/09 16:29:17.365991, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.366025, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.366060, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/11/09 16:29:17.366092, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.366120, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.366149, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.366177, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2038) [2012/11/09 16:29:17.366208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/11/09 16:29:17.366243, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.366276, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:17.366307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031\yyyp0708 [2012/11/09 16:29:17.366356, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.366425, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031\yyyp0708 Printer is a printer [2012/11/09 16:29:17.366465, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031\yyyp0708 (len=19) searching for [yyyp0708] set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 [2012/11/09 16:29:17.366547, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:17.366577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.366644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.366725, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:17.366759, 3] lib/access.c:338(allow_access) Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) [2012/11/09 16:29:17.366794, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_ADMINISTER [2012/11/09 16:29:17.366826, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:17.366865, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:17.366907, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:17.366939, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.366984, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:17.367019, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:17.367049, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:17.367077, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:17.367199, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:17.367275, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.367367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.367440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:17.367506, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:17.367568, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:17.367631, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:17.367693, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:17.367748, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:17.367821, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:17.367897, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.367980, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists [2012/11/09 16:29:17.368022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.368091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.368157, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.368213, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.368285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.368351, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.368398, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.368442, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.368530, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:17.368573, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.368606, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.368624, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.370213, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:17.370256, 3] smbd/process.c:1662(process_smb) Transaction 291 of length 132 (0 toread) [2012/11/09 16:29:17.370287, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.370304, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8248 (0x2038) smb_bcc=61 [2012/11/09 16:29:17.370631, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.370665, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.370697, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:17.370730, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:17.370757, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:17.370786, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:17.370814, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2038) [2012/11/09 16:29:17.370845, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:17.370880, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:17.370911, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:17.370942, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:17.370972, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.371038, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.371120, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:17.371186, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:17.371217, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:17.371256, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:17.371293, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:17.371330, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:17.371361, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.371379, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:17.372482, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:17.372521, 3] smbd/process.c:1662(process_smb) Transaction 292 of length 45 (0 toread) [2012/11/09 16:29:17.372548, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.372563, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=3 smb_vwv[ 0]= 8248 (0x2038) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:17.372715, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:17.372742, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:17.372768, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8248 (numopen=3) [2012/11/09 16:29:17.372797, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:17.372865, 5] smbd/files.c:482(file_free) freed files structure 8248 (2 used) [2012/11/09 16:29:17.372911, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:17.372930, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:18.778744, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/11/09 16:29:18.778831, 3] smbd/process.c:1662(process_smb) Transaction 293 of length 106 (0 toread) [2012/11/09 16:29:18.778853, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.778865, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/11/09 16:29:18.779186, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.779211, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.779237, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/11/09 16:29:18.779261, 5] smbd/files.c:140(file_new) allocated file structure 4153, fnum = 8249 (3 used) [2012/11/09 16:29:18.779291, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/11/09 16:29:18.779351, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/11/09 16:29:18.779379, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/11/09 16:29:18.780622, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/11/09 16:29:18.780656, 3] smbd/process.c:1662(process_smb) Transaction 294 of length 228 (0 toread) [2012/11/09 16:29:18.780677, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.780689, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8249 (0x2039) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/11/09 16:29:18.780931, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.780954, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.780976, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2039 name: spoolss len: 160 [2012/11/09 16:29:18.780997, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/11/09 16:29:18.781033, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:18.781075, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/11/09 16:29:18.781100, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/11/09 16:29:18.781121, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/11/09 16:29:18.781155, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/11/09 16:29:18.782159, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:18.782195, 3] smbd/process.c:1662(process_smb) Transaction 295 of length 63 (0 toread) [2012/11/09 16:29:18.782215, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.782227, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8249 (0x2039) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:18.782413, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.782434, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.782456, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:18.782479, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:18.782520, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/11/09 16:29:18.783427, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x114 [2012/11/09 16:29:18.783462, 3] smbd/process.c:1662(process_smb) Transaction 296 of length 280 (0 toread) [2012/11/09 16:29:18.783483, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.783494, 5] lib/util.c:342(show_msg) size=276 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 192 (0xC0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8249 (0x2039) smb_bcc=209 [2012/11/09 16:29:18.783715, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.783737, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.783761, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=192 params=0 setup=2 [2012/11/09 16:29:18.783784, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:18.783803, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:18.783822, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:18.783841, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2039) [2012/11/09 16:29:18.783862, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2012/11/09 16:29:18.783887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:18.783909, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/11/09 16:29:18.783930, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fa2ea3def70 checking name: \\yyyu0031 [2012/11/09 16:29:18.783965, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:18.784029, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\yyyu0031 Printer is a print server [2012/11/09 16:29:18.784063, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\yyyu0031 (len=10) [2012/11/09 16:29:18.784085, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 3 printer handles active [2012/11/09 16:29:18.784105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:18.784144, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) Setting print server access = SERVER_ACCESS_ENUMERATE [2012/11/09 16:29:18.784167, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:18.784195, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:18.784221, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:18.784246, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:18.784267, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.784279, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:18.785725, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:18.785777, 3] smbd/process.c:1662(process_smb) Transaction 297 of length 132 (0 toread) [2012/11/09 16:29:18.785804, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.785822, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8249 (0x2039) smb_bcc=61 [2012/11/09 16:29:18.786041, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.786063, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.786086, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:18.786107, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:18.786125, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:18.786144, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:18.786162, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2039) [2012/11/09 16:29:18.786182, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:18.786207, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:18.786229, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:18.786250, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:18.786270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:18.786310, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:18.786348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:18.786385, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:18.786405, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:18.786432, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/11/09 16:29:18.786458, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:18.786482, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:18.786502, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.786513, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:18.787644, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:18.787680, 3] smbd/process.c:1662(process_smb) Transaction 298 of length 45 (0 toread) [2012/11/09 16:29:18.787700, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.787711, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=3 smb_vwv[ 0]= 8249 (0x2039) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:18.787827, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:18.787847, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:18.787867, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8249 (numopen=3) [2012/11/09 16:29:18.787888, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:18.787936, 5] smbd/files.c:482(file_free) freed files structure 8249 (2 used) [2012/11/09 16:29:18.787961, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:18.787973, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1536 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:20.971202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xb8 [2012/11/09 16:29:20.971301, 3] smbd/process.c:1662(process_smb) Transaction 299 of length 188 (0 toread) [2012/11/09 16:29:20.971325, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:20.971337, 5] lib/util.c:342(show_msg) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=117 [2012/11/09 16:29:20.971648, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:20.971690, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:20.971740, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=100 params=0 setup=2 [2012/11/09 16:29:20.971782, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:20.971819, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:20.971858, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:20.971898, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:20.971934, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 100 [2012/11/09 16:29:20.971966, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:20.972006, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x7 - api_rpcTNP: rpc command: SPOOLSS_SETPRINTER [2012/11/09 16:29:20.972101, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[7].fn == 0x7fa2ea3e9160 [2012/11/09 16:29:20.972162, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.972243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.972370, 5] rpc_server/spoolss/srv_spoolss_nt.c:6601(publish_or_unpublish_printer) publish_or_unpublish_printer, action = 1 [2012/11/09 16:29:20.972410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.972548, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:20.972597, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:20.972660, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:20.972720, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:20.972766, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:20.972831, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:20.972872, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:20.972909, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:20.972946, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:20.973091, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:20.973175, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.973279, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.973362, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:20.973438, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:20.973550, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:20.973624, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:20.973693, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:20.973760, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:20.973849, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:20.973936, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974035, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974433, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974567, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974712, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974909, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.974961, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.974996, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975075, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975215, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975342, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975403, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975700, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975880, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.975938, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.975978, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976034, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976142, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976238, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976338, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976400, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976531, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976686, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.976842, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.976922, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977001, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.977031, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:20.977079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977156, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.977192, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:20.977257, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:20.977324, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977430, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:20.977471, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:20.977512, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:20.977552, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:20.977591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:20.977628, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:20.977674, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:20.977724, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977825, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.977846, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:20.977898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.977955, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:20.977977, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:20.978013, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978057, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978097, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.978126, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978208, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.978237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978317, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.978346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.978427, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.978465, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:20.978496, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:20.978528, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:20.978551, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:20.978582, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:20.978607, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:20.978627, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:20.978711, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:20.978791, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:20.978895, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.979031, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.979135, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979179, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:20.979231, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979257, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:20.979292, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979382, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:20.979449, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979485, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:20.979582, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979655, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:20.979699, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.979741, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:20.979798, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:20.979892, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.979988, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 [2012/11/09 16:29:20.980048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.980109, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708:Attributes] [2012/11/09 16:29:20.980182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.980231, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708:ChangeID] [2012/11/09 16:29:20.980282, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2012/11/09 16:29:20.981689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.981746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.981798, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.981833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.981876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:20.981915, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:20.981963, 6] libads/ldap.c:365(ads_find_dc) ads_find_dc: (ldap) looking for realm 'XXXXX.XXX' [2012/11/09 16:29:20.982011, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.982040, 4] libsmb/namequery_dc.c:76(ads_dc_name) ads_dc_name: domain=BROSE [2012/11/09 16:29:20.982067, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.982088, 6] libads/ldap.c:385(ads_find_dc) ads_find_dc: (cldap) looking for realm 'XXXXX.XXX' [2012/11/09 16:29:20.982110, 8] libsmb/namequery.c:2721(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name XXXXX.XXX (sitename YYY) using [ads] [2012/11/09 16:29:20.982159, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain [2012/11/09 16:29:20.982186, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" [2012/11/09 16:29:20.982226, 5] libsmb/namecache.c:165(namecache_fetch) name XXXXX.XXX#1C found. [2012/11/09 16:29:20.982345, 8] libsmb/namequery.c:2554(get_dc_list) Adding 4 DC's from auto lookup [2012/11/09 16:29:20.982389, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.982440, 5] libsmb/namecache.c:165(namecache_fetch) name YYYS8002.xxxxx.xxx#20 found. [2012/11/09 16:29:20.982503, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.982541, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.982569, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 [2012/11/09 16:29:20.982601, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 [2012/11/09 16:29:20.982630, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 [2012/11/09 16:29:20.982653, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2012/11/09 16:29:20.982673, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 [2012/11/09 16:29:20.982702, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.982726, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 172.31.58.11 (realm: XXXXX.XXX) [2012/11/09 16:29:20.983427, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 172.31.58.11 [2012/11/09 16:29:20.983480, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.983552, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain [2012/11/09 16:29:20.983591, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" [2012/11/09 16:29:20.983649, 5] libsmb/namecache.c:165(namecache_fetch) name XXXXX.XXX#1C found. [2012/11/09 16:29:20.983749, 8] libsmb/namequery.c:2554(get_dc_list) Adding 4 DC's from auto lookup [2012/11/09 16:29:20.983798, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.983844, 5] libsmb/namecache.c:165(namecache_fetch) name YYYS8002.xxxxx.xxx#20 found. [2012/11/09 16:29:20.983910, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.983957, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.984000, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 [2012/11/09 16:29:20.984042, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 [2012/11/09 16:29:20.984085, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 [2012/11/09 16:29:20.984114, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2012/11/09 16:29:20.984134, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 [2012/11/09 16:29:20.984177, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain [2012/11/09 16:29:20.984216, 3] libsmb/namequery.c:2533(get_dc_list) get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" [2012/11/09 16:29:20.984250, 5] libsmb/namecache.c:165(namecache_fetch) name XXXXX.XXX#1C found. [2012/11/09 16:29:20.984316, 8] libsmb/namequery.c:2554(get_dc_list) Adding 4 DC's from auto lookup [2012/11/09 16:29:20.984354, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.984403, 5] libsmb/namecache.c:165(namecache_fetch) name YYYS8002.xxxxx.xxx#20 found. [2012/11/09 16:29:20.984456, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.984519, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 [2012/11/09 16:29:20.984547, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 [2012/11/09 16:29:20.984573, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 [2012/11/09 16:29:20.984599, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 [2012/11/09 16:29:20.984623, 4] libsmb/namequery.c:2670(get_dc_list) get_dc_list: returning 4 ip addresses in an ordered list [2012/11/09 16:29:20.984648, 4] libsmb/namequery.c:2671(get_dc_list) get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 [2012/11/09 16:29:20.984697, 0] libads/kerberos.c:909(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.PYuGbi. Errno Keine Berechtigung [2012/11/09 16:29:20.984729, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='YYYS8002.XXXXX.XXX' IP=172.31.58.11 [2012/11/09 16:29:20.984757, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" [2012/11/09 16:29:20.984785, 5] libsmb/namecache.c:165(namecache_fetch) name YYYS8002.XXXXX.XXX#20 found. [2012/11/09 16:29:20.984838, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 172.31.58.11 (realm: XXXXX.XXX) [2012/11/09 16:29:20.985337, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 172.31.58.11 [2012/11/09 16:29:20.985700, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server YYYS8002.xxxxx.xxx [2012/11/09 16:29:20.986304, 4] libads/ldap.c:2857(ads_current_time) time offset is 0 seconds [2012/11/09 16:29:20.986671, 4] libads/sasl.c:1211(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2012/11/09 16:29:20.987051, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 [2012/11/09 16:29:20.987081, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2012/11/09 16:29:20.987103, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2012/11/09 16:29:20.987136, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2012/11/09 16:29:20.987157, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2012/11/09 16:29:20.987176, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2012/11/09 16:29:20.987290, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2012/11/09 16:29:20.992381, 3] libsmb/clikrb5.c:543(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Sat, 10 Nov 2012 02:29:20 CET [2012/11/09 16:29:20.992450, 3] libsmb/clikrb5.c:751(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2012/11/09 16:29:20.994869, 5] printing/nt_printing_ads.c:112(nt_printer_publish_ads) publishing printer yyyp0708 [2012/11/09 16:29:20.998229, 3] printing/nt_printing_ads.c:189(nt_printer_publish_ads) error publishing yyyp0708: Object class violation [2012/11/09 16:29:20.999288, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:20.999331, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:20.999353, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:20.999373, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:20.999407, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:20.999437, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:20.999464, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1741 [2012/11/09 16:29:20.999492, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2012/11/09 16:29:20.999513, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:20.999525, 5] lib/util.c:342(show_msg) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/11/09 16:29:21.001340, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.001372, 3] smbd/process.c:1662(process_smb) Transaction 300 of length 4348 (0 toread) [2012/11/09 16:29:21.001392, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.001403, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1664 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.001655, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.001681, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:21.001703, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:21.009415, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:21.012540, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:21.012587, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.012626, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.012677, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.021481, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.021560, 3] smbd/process.c:1662(process_smb) Transaction 301 of length 4348 (0 toread) [2012/11/09 16:29:21.021581, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.021593, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.021809, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.021832, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.021855, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.021876, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.021917, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.023469, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.023524, 3] smbd/process.c:1662(process_smb) Transaction 302 of length 4348 (0 toread) [2012/11/09 16:29:21.023564, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.023588, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.023911, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.023945, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.023980, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.024012, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.024061, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.025684, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.025737, 3] smbd/process.c:1662(process_smb) Transaction 303 of length 4348 (0 toread) [2012/11/09 16:29:21.025778, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.025802, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1856 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.026030, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.026054, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.026075, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.026096, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.026129, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.027654, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.027689, 3] smbd/process.c:1662(process_smb) Transaction 304 of length 4348 (0 toread) [2012/11/09 16:29:21.027709, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.027721, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.027922, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.027943, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.027963, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.027984, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.028013, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.029708, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.029741, 3] smbd/process.c:1662(process_smb) Transaction 305 of length 4348 (0 toread) [2012/11/09 16:29:21.029762, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.029773, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1984 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.029973, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.029994, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.030014, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.030049, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.030080, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.031619, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x10f8 [2012/11/09 16:29:21.031659, 3] smbd/process.c:1662(process_smb) Transaction 306 of length 4348 (0 toread) [2012/11/09 16:29:21.031680, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.031691, 5] lib/util.c:342(show_msg) size=4344 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 4280 (0x10B8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 4280 (0x10B8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.031893, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.031914, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.031935, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 2012 name: spoolss len: 4280 [2012/11/09 16:29:21.031955, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4280 [2012/11/09 16:29:21.031984, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=4280 [2012/11/09 16:29:21.033348, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc30 [2012/11/09 16:29:21.033381, 3] smbd/process.c:1662(process_smb) Transaction 307 of length 3124 (0 toread) [2012/11/09 16:29:21.033401, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.033412, 5] lib/util.c:342(show_msg) size=3120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2112 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 3036 (0xBDC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 3036 (0xBDC) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=3053 [2012/11/09 16:29:21.033628, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.033648, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.033674, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=3036 params=0 setup=2 [2012/11/09 16:29:21.033697, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:21.033716, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:21.033736, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:21.033755, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:21.033776, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 3036 [2012/11/09 16:29:21.033802, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:21.033826, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/11/09 16:29:21.033847, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 [2012/11/09 16:29:21.033875, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.033930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.033972, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:yyyp0708 [2012/11/09 16:29:21.033997, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:21.034026, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:21.034060, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:21.034084, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.034126, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:21.034155, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.034175, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:21.034194, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:21.034300, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:21.034354, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.034413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.034457, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:21.034501, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:21.034551, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:21.034640, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:21.034741, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:21.034816, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:21.034911, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:21.035004, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035303, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035397, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035478, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035511, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035554, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035630, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035715, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035760, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035914, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.035947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.035990, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036024, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036066, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036153, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036265, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036309, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036349, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036398, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036515, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036596, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036672, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036750, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036782, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036825, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.036938, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.036958, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.036991, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037035, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.037054, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.037093, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:21.037137, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037191, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037235, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:21.037275, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:21.037315, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:21.037354, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:21.037393, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:21.037429, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:21.037474, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:21.037523, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037623, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.037643, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.037694, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037740, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.037760, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.037814, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037859, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037898, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.037927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.037970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038008, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.038035, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038115, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.038144, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038185, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038223, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.038262, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/11/09 16:29:21.038292, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/11/09 16:29:21.038322, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:21.038345, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.038387, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:21.038413, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.038433, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:21.038452, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:21.038528, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:21.038573, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.038692, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:21.038738, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:21.038779, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:21.038819, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:21.038858, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:21.038895, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:21.038941, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:21.038991, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039179, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039213, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039256, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039289, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039365, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039408, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039558, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039645, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039797, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039829, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039872, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.039947, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.039980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040023, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040098, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040173, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040248, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040291, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040336, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040412, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040548, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040592, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040639, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040685, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040705, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.040737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040781, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.040800, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.040837, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:21.040880, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.040977, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:21.041016, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:21.041068, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:21.041108, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:21.041147, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:21.041194, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:21.041241, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:21.041291, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041391, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.041411, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.041462, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041508, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] [2012/11/09 16:29:21.041528, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.041561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041604, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041642, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.041671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041752, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.041779, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041859, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.041887, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041939, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.041979, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.042018, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/11/09 16:29:21.042043, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.042073, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2012/11/09 16:29:21.042097, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/11/09 16:29:21.042115, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:21.042134, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:21.042201, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:21.042247, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042303, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042347, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/11/09 16:29:21.042389, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/11/09 16:29:21.042429, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/11/09 16:29:21.042469, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/11/09 16:29:21.042508, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/11/09 16:29:21.042544, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/11/09 16:29:21.042591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [yyyp0708] [2012/11/09 16:29:21.042639, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [DsSpooler] [2012/11/09 16:29:21.042687, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042789, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] [2012/11/09 16:29:21.042809, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/11/09 16:29:21.042853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.042947, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.042976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.043018, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:21.043056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:21.043101, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:21.043140, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.043171, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..4280] (align 0) [2012/11/09 16:29:21.043194, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.043206, 5] lib/util.c:342(show_msg) size=4336 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2112 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4280 (0x10B8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=4281 [2012/11/09 16:29:21.044770, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.044807, 3] smbd/process.c:1662(process_smb) Transaction 308 of length 63 (0 toread) [2012/11/09 16:29:21.044827, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.044838, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2176 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.045022, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.045043, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.045065, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.045095, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.046672, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.046706, 3] smbd/process.c:1662(process_smb) Transaction 309 of length 63 (0 toread) [2012/11/09 16:29:21.046726, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.046738, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.046923, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.046944, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.046965, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.047008, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.048443, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.048493, 3] smbd/process.c:1662(process_smb) Transaction 310 of length 63 (0 toread) [2012/11/09 16:29:21.048514, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.048526, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.048709, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.048729, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.048750, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.048779, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.050407, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.050477, 3] smbd/process.c:1662(process_smb) Transaction 311 of length 63 (0 toread) [2012/11/09 16:29:21.050516, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.050538, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.050751, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.050775, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.050797, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.050828, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.052316, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.052351, 3] smbd/process.c:1662(process_smb) Transaction 312 of length 63 (0 toread) [2012/11/09 16:29:21.052371, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.052383, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.052611, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.052634, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.052656, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.052688, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.054157, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.054214, 3] smbd/process.c:1662(process_smb) Transaction 313 of length 63 (0 toread) [2012/11/09 16:29:21.054236, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.054247, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2496 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.054429, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.054450, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.054482, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.054521, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=4280 [2012/11/09 16:29:21.055957, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/11/09 16:29:21.055989, 3] smbd/process.c:1662(process_smb) Transaction 314 of length 63 (0 toread) [2012/11/09 16:29:21.056009, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:21.056021, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2560 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 8210 (0x2012) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 4280 (0x10B8) smb_vwv[ 6]= 4280 (0x10B8) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 4280 (0x10B8) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/11/09 16:29:21.056205, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:21.056226, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:21.056246, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:21.056273, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 7451 [2012/11/09 16:29:21.056317, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=4280 max=4280 nread=3016 [2012/11/09 16:29:30.512593, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2012/11/09 16:29:30.512684, 3] smbd/process.c:1662(process_smb) Transaction 315 of length 39 (0 toread) [2012/11/09 16:29:30.512706, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.512718, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2624 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:30.512818, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 12629) conn 0x7fa2eacb8b60 [2012/11/09 16:29:30.512840, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:30.512860, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:30.512879, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:30.512916, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:30.512940, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/lib/samba/drivers [2012/11/09 16:29:30.512966, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:30.512985, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:30.513031, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:30.513061, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:30.513082, 1] smbd/service.c:1378(close_cnum) 10.129.108.68 (10.129.108.68) closed connection to service print$ [2012/11/09 16:29:30.513106, 3] smbd/connection.c:35(yield_connection) Yielding connection to print$ [2012/11/09 16:29:30.513144, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2012/11/09 16:29:30.513168, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:30.513188, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:29:30.513227, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:29:30.513258, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:29:30.513290, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 784 - private_data=0x7fa2eaca8f40 [2012/11/09 16:29:30.513316, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.513328, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2624 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:30.671795, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:30.671878, 3] smbd/process.c:1662(process_smb) Transaction 316 of length 132 (0 toread) [2012/11/09 16:29:30.671899, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.671910, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2688 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8212 (0x2014) smb_bcc=61 [2012/11/09 16:29:30.672123, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:30.672149, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 [2012/11/09 16:29:30.672171, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (811): SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 SID[402]: S-1-1-0 SID[403]: S-1-5-2 SID[404]: S-1-5-11 SID[405]: S-1-5-32-545 SID[406]: S-1-22-1-10000 SID[407]: S-1-22-2-10006 SID[408]: S-1-22-2-10007 SID[409]: S-1-22-2-10008 SID[410]: S-1-22-2-10009 SID[411]: S-1-22-2-10010 SID[412]: S-1-22-2-10011 SID[413]: S-1-22-2-10012 SID[414]: S-1-22-2-10013 SID[415]: S-1-22-2-10014 SID[416]: S-1-22-2-10015 SID[417]: S-1-22-2-10016 SID[418]: S-1-22-2-10017 SID[419]: S-1-22-2-10018 SID[420]: S-1-22-2-10019 SID[421]: S-1-22-2-10020 SID[422]: S-1-22-2-10021 SID[423]: S-1-22-2-10022 SID[424]: S-1-22-2-10023 SID[425]: S-1-22-2-10024 SID[426]: S-1-22-2-10025 SID[427]: S-1-22-2-10026 SID[428]: S-1-22-2-10027 SID[429]: S-1-22-2-10028 SID[430]: S-1-22-2-10029 SID[431]: S-1-22-2-10030 SID[432]: S-1-22-2-10031 SID[433]: S-1-22-2-10032 SID[434]: S-1-22-2-10033 SID[435]: S-1-22-2-10034 SID[436]: S-1-22-2-10035 SID[437]: S-1-22-2-10036 SID[438]: S-1-22-2-10037 SID[439]: S-1-22-2-10038 SID[440]: S-1-22-2-10039 SID[441]: S-1-22-2-10040 SID[442]: S-1-22-2-10041 SID[443]: S-1-22-2-10042 SID[444]: S-1-22-2-10043 SID[445]: S-1-22-2-10044 SID[446]: S-1-22-2-10045 SID[447]: S-1-22-2-10046 SID[448]: S-1-22-2-10047 SID[449]: S-1-22-2-10048 SID[450]: S-1-22-2-10049 SID[451]: S-1-22-2-10050 SID[452]: S-1-22-2-10051 SID[453]: S-1-22-2-10052 SID[454]: S-1-22-2-10053 SID[455]: S-1-22-2-10054 SID[456]: S-1-22-2-10055 SID[457]: S-1-22-2-10056 SID[458]: S-1-22-2-10057 SID[459]: S-1-22-2-10058 SID[460]: S-1-22-2-10059 SID[461]: S-1-22-2-10060 SID[462]: S-1-22-2-10061 SID[463]: S-1-22-2-10062 SID[464]: S-1-22-2-10063 SID[465]: S-1-22-2-10064 SID[466]: S-1-22-2-10065 SID[467]: S-1-22-2-10066 SID[468]: S-1-22-2-10067 SID[469]: S-1-22-2-10068 SID[470]: S-1-22-2-10069 SID[471]: S-1-22-2-10070 SID[472]: S-1-22-2-10071 SID[473]: S-1-22-2-10072 SID[474]: S-1-22-2-10073 SID[475]: S-1-22-2-10074 SID[476]: S-1-22-2-10075 SID[477]: S-1-22-2-10076 SID[478]: S-1-22-2-10077 SID[479]: S-1-22-2-10078 SID[480]: S-1-22-2-10079 SID[481]: S-1-22-2-10080 SID[482]: S-1-22-2-10081 SID[483]: S-1-22-2-10082 SID[484]: S-1-22-2-10083 SID[485]: S-1-22-2-10084 SID[486]: S-1-22-2-10085 SID[487]: S-1-22-2-10086 SID[488]: S-1-22-2-10087 SID[489]: S-1-22-2-10088 SID[490]: S-1-22-2-10089 SID[491]: S-1-22-2-10090 SID[492]: S-1-22-2-10091 SID[493]: S-1-22-2-10092 SID[494]: S-1-22-2-10093 SID[495]: S-1-22-2-10094 SID[496]: S-1-22-2-10095 SID[497]: S-1-22-2-10096 SID[498]: S-1-22-2-10097 SID[499]: S-1-22-2-10098 SID[500]: S-1-22-2-10099 SID[501]: S-1-22-2-10100 SID[502]: S-1-22-2-10101 SID[503]: S-1-22-2-10102 SID[504]: S-1-22-2-10103 SID[505]: S-1-22-2-10104 SID[506]: S-1-22-2-10105 SID[507]: S-1-22-2-10106 SID[508]: S-1-22-2-10107 SID[509]: S-1-22-2-10108 SID[510]: S-1-22-2-10109 SID[511]: S-1-22-2-10110 SID[512]: S-1-22-2-10111 SID[513]: S-1-22-2-10112 SID[514]: S-1-22-2-10113 SID[515]: S-1-22-2-10114 SID[516]: S-1-22-2-10115 SID[517]: S-1-22-2-10116 SID[518]: S-1-22-2-10117 SID[519]: S-1-22-2-10118 SID[520]: S-1-22-2-10119 SID[521]: S-1-22-2-10120 SID[522]: S-1-22-2-10121 SID[523]: S-1-22-2-10122 SID[524]: S-1-22-2-10123 SID[525]: S-1-22-2-10124 SID[526]: S-1-22-2-10125 SID[527]: S-1-22-2-10126 SID[528]: S-1-22-2-10127 SID[529]: S-1-22-2-10128 SID[530]: S-1-22-2-10129 SID[531]: S-1-22-2-10130 SID[532]: S-1-22-2-10131 SID[533]: S-1-22-2-10132 SID[534]: S-1-22-2-10133 SID[535]: S-1-22-2-10134 SID[536]: S-1-22-2-10135 SID[537]: S-1-22-2-10136 SID[538]: S-1-22-2-10137 SID[539]: S-1-22-2-10138 SID[540]: S-1-22-2-10139 SID[541]: S-1-22-2-10140 SID[542]: S-1-22-2-10141 SID[543]: S-1-22-2-10142 SID[544]: S-1-22-2-10143 SID[545]: S-1-22-2-10144 SID[546]: S-1-22-2-10145 SID[547]: S-1-22-2-10146 SID[548]: S-1-22-2-10147 SID[549]: S-1-22-2-10148 SID[550]: S-1-22-2-10149 SID[551]: S-1-22-2-10150 SID[552]: S-1-22-2-10471 SID[553]: S-1-22-2-10151 SID[554]: S-1-22-2-10152 SID[555]: S-1-22-2-10153 SID[556]: S-1-22-2-10154 SID[557]: S-1-22-2-10155 SID[558]: S-1-22-2-10156 SID[559]: S-1-22-2-10157 SID[560]: S-1-22-2-10158 SID[561]: S-1-22-2-10159 SID[562]: S-1-22-2-10160 SID[563]: S-1-22-2-10161 SID[564]: S-1-22-2-10162 SID[565]: S-1-22-2-10163 SID[566]: S-1-22-2-10164 SID[567]: S-1-22-2-10165 SID[568]: S-1-22-2-10166 SID[569]: S-1-22-2-10167 SID[570]: S-1-22-2-10168 SID[571]: S-1-22-2-10169 SID[572]: S-1-22-2-10170 SID[573]: S-1-22-2-10171 SID[574]: S-1-22-2-10172 SID[575]: S-1-22-2-10173 SID[576]: S-1-22-2-10174 SID[577]: S-1-22-2-10175 SID[578]: S-1-22-2-10176 SID[579]: S-1-22-2-10177 SID[580]: S-1-22-2-10178 SID[581]: S-1-22-2-10179 SID[582]: S-1-22-2-10180 SID[583]: S-1-22-2-10181 SID[584]: S-1-22-2-10182 SID[585]: S-1-22-2-10183 SID[586]: S-1-22-2-10184 SID[587]: S-1-22-2-10185 SID[588]: S-1-22-2-10186 SID[589]: S-1-22-2-10187 SID[590]: S-1-22-2-10188 SID[591]: S-1-22-2-10189 SID[592]: S-1-22-2-10190 SID[593]: S-1-22-2-10191 SID[594]: S-1-22-2-10192 SID[595]: S-1-22-2-10193 SID[596]: S-1-22-2-10194 SID[597]: S-1-22-2-10195 SID[598]: S-1-22-2-10196 SID[599]: S-1-22-2-10197 SID[600]: S-1-22-2-10198 SID[601]: S-1-22-2-10199 SID[602]: S-1-22-2-10200 SID[603]: S-1-22-2-10201 SID[604]: S-1-22-2-10202 SID[605]: S-1-22-2-10203 SID[606]: S-1-22-2-10204 SID[607]: S-1-22-2-10205 SID[608]: S-1-22-2-10206 SID[609]: S-1-22-2-10207 SID[610]: S-1-22-2-10208 SID[611]: S-1-22-2-10209 SID[612]: S-1-22-2-10210 SID[613]: S-1-22-2-10211 SID[614]: S-1-22-2-10212 SID[615]: S-1-22-2-10213 SID[616]: S-1-22-2-10214 SID[617]: S-1-22-2-10215 SID[618]: S-1-22-2-10216 SID[619]: S-1-22-2-10217 SID[620]: S-1-22-2-10218 SID[621]: S-1-22-2-10219 SID[622]: S-1-22-2-10220 SID[623]: S-1-22-2-10221 SID[624]: S-1-22-2-10222 SID[625]: S-1-22-2-10223 SID[626]: S-1-22-2-10224 SID[627]: S-1-22-2-10225 SID[628]: S-1-22-2-10226 SID[629]: S-1-22-2-10227 SID[630]: S-1-22-2-10228 SID[631]: S-1-22-2-10229 SID[632]: S-1-22-2-10230 SID[633]: S-1-22-2-10231 SID[634]: S-1-22-2-10232 SID[635]: S-1-22-2-10233 SID[636]: S-1-22-2-10234 SID[637]: S-1-22-2-10235 SID[638]: S-1-22-2-10236 SID[639]: S-1-22-2-10237 SID[640]: S-1-22-2-10238 SID[641]: S-1-22-2-10239 SID[642]: S-1-22-2-10240 SID[643]: S-1-22-2-10241 SID[644]: S-1-22-2-10242 SID[645]: S-1-22-2-10243 SID[646]: S-1-22-2-10244 SID[647]: S-1-22-2-10245 SID[648]: S-1-22-2-10246 SID[649]: S-1-22-2-10247 SID[650]: S-1-22-2-10248 SID[651]: S-1-22-2-10249 SID[652]: S-1-22-2-10250 SID[653]: S-1-22-2-10251 SID[654]: S-1-22-2-10252 SID[655]: S-1-22-2-10253 SID[656]: S-1-22-2-10254 SID[657]: S-1-22-2-10255 SID[658]: S-1-22-2-10256 SID[659]: S-1-22-2-10257 SID[660]: S-1-22-2-10258 SID[661]: S-1-22-2-10259 SID[662]: S-1-22-2-10260 SID[663]: S-1-22-2-10261 SID[664]: S-1-22-2-10262 SID[665]: S-1-22-2-10263 SID[666]: S-1-22-2-10264 SID[667]: S-1-22-2-10265 SID[668]: S-1-22-2-10266 SID[669]: S-1-22-2-10267 SID[670]: S-1-22-2-10268 SID[671]: S-1-22-2-10269 SID[672]: S-1-22-2-10270 SID[673]: S-1-22-2-10271 SID[674]: S-1-22-2-10272 SID[675]: S-1-22-2-10273 SID[676]: S-1-22-2-10274 SID[677]: S-1-22-2-10275 SID[678]: S-1-22-2-10276 SID[679]: S-1-22-2-10277 SID[680]: S-1-22-2-10278 SID[681]: S-1-22-2-10279 SID[682]: S-1-22-2-10280 SID[683]: S-1-22-2-10281 SID[684]: S-1-22-2-10282 SID[685]: S-1-22-2-10283 SID[686]: S-1-22-2-10284 SID[687]: S-1-22-2-10285 SID[688]: S-1-22-2-10286 SID[689]: S-1-22-2-10287 SID[690]: S-1-22-2-10288 SID[691]: S-1-22-2-10289 SID[692]: S-1-22-2-10290 SID[693]: S-1-22-2-10291 SID[694]: S-1-22-2-10292 SID[695]: S-1-22-2-10293 SID[696]: S-1-22-2-10294 SID[697]: S-1-22-2-10295 SID[698]: S-1-22-2-10296 SID[699]: S-1-22-2-10297 SID[700]: S-1-22-2-10298 SID[701]: S-1-22-2-10299 SID[702]: S-1-22-2-10300 SID[703]: S-1-22-2-10301 SID[704]: S-1-22-2-10302 SID[705]: S-1-22-2-10303 SID[706]: S-1-22-2-10304 SID[707]: S-1-22-2-10305 SID[708]: S-1-22-2-10306 SID[709]: S-1-22-2-10307 SID[710]: S-1-22-2-10308 SID[711]: S-1-22-2-10309 SID[712]: S-1-22-2-10310 SID[713]: S-1-22-2-10311 SID[714]: S-1-22-2-10312 SID[715]: S-1-22-2-10313 SID[716]: S-1-22-2-10314 SID[717]: S-1-22-2-10315 SID[718]: S-1-22-2-10316 SID[719]: S-1-22-2-10317 SID[720]: S-1-22-2-10318 SID[721]: S-1-22-2-10319 SID[722]: S-1-22-2-10320 SID[723]: S-1-22-2-10321 SID[724]: S-1-22-2-10322 SID[725]: S-1-22-2-10323 SID[726]: S-1-22-2-10324 SID[727]: S-1-22-2-10325 SID[728]: S-1-22-2-10326 SID[729]: S-1-22-2-10327 SID[730]: S-1-22-2-10328 SID[731]: S-1-22-2-10329 SID[732]: S-1-22-2-10330 SID[733]: S-1-22-2-10331 SID[734]: S-1-22-2-10332 SID[735]: S-1-22-2-10333 SID[736]: S-1-22-2-10334 SID[737]: S-1-22-2-10335 SID[738]: S-1-22-2-10336 SID[739]: S-1-22-2-10337 SID[740]: S-1-22-2-10338 SID[741]: S-1-22-2-10339 SID[742]: S-1-22-2-10340 SID[743]: S-1-22-2-10341 SID[744]: S-1-22-2-10342 SID[745]: S-1-22-2-10343 SID[746]: S-1-22-2-10344 SID[747]: S-1-22-2-10345 SID[748]: S-1-22-2-10346 SID[749]: S-1-22-2-10347 SID[750]: S-1-22-2-10348 SID[751]: S-1-22-2-10349 SID[752]: S-1-22-2-10350 SID[753]: S-1-22-2-10351 SID[754]: S-1-22-2-10352 SID[755]: S-1-22-2-10353 SID[756]: S-1-22-2-10354 SID[757]: S-1-22-2-10355 SID[758]: S-1-22-2-10356 SID[759]: S-1-22-2-10357 SID[760]: S-1-22-2-10358 SID[761]: S-1-22-2-10359 SID[762]: S-1-22-2-10360 SID[763]: S-1-22-2-10361 SID[764]: S-1-22-2-10362 SID[765]: S-1-22-2-10363 SID[766]: S-1-22-2-10364 SID[767]: S-1-22-2-10365 SID[768]: S-1-22-2-10366 SID[769]: S-1-22-2-10367 SID[770]: S-1-22-2-10368 SID[771]: S-1-22-2-10369 SID[772]: S-1-22-2-10370 SID[773]: S-1-22-2-10371 SID[774]: S-1-22-2-10372 SID[775]: S-1-22-2-10373 SID[776]: S-1-22-2-10374 SID[777]: S-1-22-2-10375 SID[778]: S-1-22-2-10376 SID[779]: S-1-22-2-10377 SID[780]: S-1-22-2-10378 SID[781]: S-1-22-2-10379 SID[782]: S-1-22-2-10380 SID[783]: S-1-22-2-10381 SID[784]: S-1-22-2-10382 SID[785]: S-1-22-2-10383 SID[786]: S-1-22-2-10384 SID[787]: S-1-22-2-10385 SID[788]: S-1-22-2-10386 SID[789]: S-1-22-2-10387 SID[790]: S-1-22-2-10388 SID[791]: S-1-22-2-10389 SID[792]: S-1-22-2-10390 SID[793]: S-1-22-2-10391 SID[794]: S-1-22-2-10392 SID[795]: S-1-22-2-10393 SID[796]: S-1-22-2-10394 SID[797]: S-1-22-2-10395 SID[798]: S-1-22-2-10396 SID[799]: S-1-22-2-10397 SID[800]: S-1-22-2-10398 SID[801]: S-1-22-2-10399 SID[802]: S-1-22-2-10400 SID[803]: S-1-22-2-10401 SID[804]: S-1-22-2-10402 SID[805]: S-1-22-2-10403 SID[806]: S-1-22-2-10404 SID[807]: S-1-22-2-10002 SID[808]: S-1-22-2-10003 SID[809]: S-1-22-2-10004 SID[810]: S-1-22-2-10001 Privileges (0x 20): Privilege[ 0]: SePrintOperatorPrivilege Rights (0x 0): [2012/11/09 16:29:30.681820, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 10006 and contains 404 supplementary groups Group[ 0]: 10006 Group[ 1]: 10007 Group[ 2]: 10008 Group[ 3]: 10009 Group[ 4]: 10010 Group[ 5]: 10011 Group[ 6]: 10012 Group[ 7]: 10013 Group[ 8]: 10014 Group[ 9]: 10015 Group[ 10]: 10016 Group[ 11]: 10017 Group[ 12]: 10018 Group[ 13]: 10019 Group[ 14]: 10020 Group[ 15]: 10021 Group[ 16]: 10022 Group[ 17]: 10023 Group[ 18]: 10024 Group[ 19]: 10025 Group[ 20]: 10026 Group[ 21]: 10027 Group[ 22]: 10028 Group[ 23]: 10029 Group[ 24]: 10030 Group[ 25]: 10031 Group[ 26]: 10032 Group[ 27]: 10033 Group[ 28]: 10034 Group[ 29]: 10035 Group[ 30]: 10036 Group[ 31]: 10037 Group[ 32]: 10038 Group[ 33]: 10039 Group[ 34]: 10040 Group[ 35]: 10041 Group[ 36]: 10042 Group[ 37]: 10043 Group[ 38]: 10044 Group[ 39]: 10045 Group[ 40]: 10046 Group[ 41]: 10047 Group[ 42]: 10048 Group[ 43]: 10049 Group[ 44]: 10050 Group[ 45]: 10051 Group[ 46]: 10052 Group[ 47]: 10053 Group[ 48]: 10054 Group[ 49]: 10055 Group[ 50]: 10056 Group[ 51]: 10057 Group[ 52]: 10058 Group[ 53]: 10059 Group[ 54]: 10060 Group[ 55]: 10061 Group[ 56]: 10062 Group[ 57]: 10063 Group[ 58]: 10064 Group[ 59]: 10065 Group[ 60]: 10066 Group[ 61]: 10067 Group[ 62]: 10068 Group[ 63]: 10069 Group[ 64]: 10070 Group[ 65]: 10071 Group[ 66]: 10072 Group[ 67]: 10073 Group[ 68]: 10074 Group[ 69]: 10075 Group[ 70]: 10076 Group[ 71]: 10077 Group[ 72]: 10078 Group[ 73]: 10079 Group[ 74]: 10080 Group[ 75]: 10081 Group[ 76]: 10082 Group[ 77]: 10083 Group[ 78]: 10084 Group[ 79]: 10085 Group[ 80]: 10086 Group[ 81]: 10087 Group[ 82]: 10088 Group[ 83]: 10089 Group[ 84]: 10090 Group[ 85]: 10091 Group[ 86]: 10092 Group[ 87]: 10093 Group[ 88]: 10094 Group[ 89]: 10095 Group[ 90]: 10096 Group[ 91]: 10097 Group[ 92]: 10098 Group[ 93]: 10099 Group[ 94]: 10100 Group[ 95]: 10101 Group[ 96]: 10102 Group[ 97]: 10103 Group[ 98]: 10104 Group[ 99]: 10105 Group[100]: 10106 Group[101]: 10107 Group[102]: 10108 Group[103]: 10109 Group[104]: 10110 Group[105]: 10111 Group[106]: 10112 Group[107]: 10113 Group[108]: 10114 Group[109]: 10115 Group[110]: 10116 Group[111]: 10117 Group[112]: 10118 Group[113]: 10119 Group[114]: 10120 Group[115]: 10121 Group[116]: 10122 Group[117]: 10123 Group[118]: 10124 Group[119]: 10125 Group[120]: 10126 Group[121]: 10127 Group[122]: 10128 Group[123]: 10129 Group[124]: 10130 Group[125]: 10131 Group[126]: 10132 Group[127]: 10133 Group[128]: 10134 Group[129]: 10135 Group[130]: 10136 Group[131]: 10137 Group[132]: 10138 Group[133]: 10139 Group[134]: 10140 Group[135]: 10141 Group[136]: 10142 Group[137]: 10143 Group[138]: 10144 Group[139]: 10145 Group[140]: 10146 Group[141]: 10147 Group[142]: 10148 Group[143]: 10149 Group[144]: 10150 Group[145]: 10471 Group[146]: 10151 Group[147]: 10152 Group[148]: 10153 Group[149]: 10154 Group[150]: 10155 Group[151]: 10156 Group[152]: 10157 Group[153]: 10158 Group[154]: 10159 Group[155]: 10160 Group[156]: 10161 Group[157]: 10162 Group[158]: 10163 Group[159]: 10164 Group[160]: 10165 Group[161]: 10166 Group[162]: 10167 Group[163]: 10168 Group[164]: 10169 Group[165]: 10170 Group[166]: 10171 Group[167]: 10172 Group[168]: 10173 Group[169]: 10174 Group[170]: 10175 Group[171]: 10176 Group[172]: 10177 Group[173]: 10178 Group[174]: 10179 Group[175]: 10180 Group[176]: 10181 Group[177]: 10182 Group[178]: 10183 Group[179]: 10184 Group[180]: 10185 Group[181]: 10186 Group[182]: 10187 Group[183]: 10188 Group[184]: 10189 Group[185]: 10190 Group[186]: 10191 Group[187]: 10192 Group[188]: 10193 Group[189]: 10194 Group[190]: 10195 Group[191]: 10196 Group[192]: 10197 Group[193]: 10198 Group[194]: 10199 Group[195]: 10200 Group[196]: 10201 Group[197]: 10202 Group[198]: 10203 Group[199]: 10204 Group[200]: 10205 Group[201]: 10206 Group[202]: 10207 Group[203]: 10208 Group[204]: 10209 Group[205]: 10210 Group[206]: 10211 Group[207]: 10212 Group[208]: 10213 Group[209]: 10214 Group[210]: 10215 Group[211]: 10216 Group[212]: 10217 Group[213]: 10218 Group[214]: 10219 Group[215]: 10220 Group[216]: 10221 Group[217]: 10222 Group[218]: 10223 Group[219]: 10224 Group[220]: 10225 Group[221]: 10226 Group[222]: 10227 Group[223]: 10228 Group[224]: 10229 Group[225]: 10230 Group[226]: 10231 Group[227]: 10232 Group[228]: 10233 Group[229]: 10234 Group[230]: 10235 Group[231]: 10236 Group[232]: 10237 Group[233]: 10238 Group[234]: 10239 Group[235]: 10240 Group[236]: 10241 Group[237]: 10242 Group[238]: 10243 Group[239]: 10244 Group[240]: 10245 Group[241]: 10246 Group[242]: 10247 Group[243]: 10248 Group[244]: 10249 Group[245]: 10250 Group[246]: 10251 Group[247]: 10252 Group[248]: 10253 Group[249]: 10254 Group[250]: 10255 Group[251]: 10256 Group[252]: 10257 Group[253]: 10258 Group[254]: 10259 Group[255]: 10260 Group[256]: 10261 Group[257]: 10262 Group[258]: 10263 Group[259]: 10264 Group[260]: 10265 Group[261]: 10266 Group[262]: 10267 Group[263]: 10268 Group[264]: 10269 Group[265]: 10270 Group[266]: 10271 Group[267]: 10272 Group[268]: 10273 Group[269]: 10274 Group[270]: 10275 Group[271]: 10276 Group[272]: 10277 Group[273]: 10278 Group[274]: 10279 Group[275]: 10280 Group[276]: 10281 Group[277]: 10282 Group[278]: 10283 Group[279]: 10284 Group[280]: 10285 Group[281]: 10286 Group[282]: 10287 Group[283]: 10288 Group[284]: 10289 Group[285]: 10290 Group[286]: 10291 Group[287]: 10292 Group[288]: 10293 Group[289]: 10294 Group[290]: 10295 Group[291]: 10296 Group[292]: 10297 Group[293]: 10298 Group[294]: 10299 Group[295]: 10300 Group[296]: 10301 Group[297]: 10302 Group[298]: 10303 Group[299]: 10304 Group[300]: 10305 Group[301]: 10306 Group[302]: 10307 Group[303]: 10308 Group[304]: 10309 Group[305]: 10310 Group[306]: 10311 Group[307]: 10312 Group[308]: 10313 Group[309]: 10314 Group[310]: 10315 Group[311]: 10316 Group[312]: 10317 Group[313]: 10318 Group[314]: 10319 Group[315]: 10320 Group[316]: 10321 Group[317]: 10322 Group[318]: 10323 Group[319]: 10324 Group[320]: 10325 Group[321]: 10326 Group[322]: 10327 Group[323]: 10328 Group[324]: 10329 Group[325]: 10330 Group[326]: 10331 Group[327]: 10332 Group[328]: 10333 Group[329]: 10334 Group[330]: 10335 Group[331]: 10336 Group[332]: 10337 Group[333]: 10338 Group[334]: 10339 Group[335]: 10340 Group[336]: 10341 Group[337]: 10342 Group[338]: 10343 Group[339]: 10344 Group[340]: 10345 Group[341]: 10346 Group[342]: 10347 Group[343]: 10348 Group[344]: 10349 Group[345]: 10350 Group[346]: 10351 Group[347]: 10352 Group[348]: 10353 Group[349]: 10354 Group[350]: 10355 Group[351]: 10356 Group[352]: 10357 Group[353]: 10358 Group[354]: 10359 Group[355]: 10360 Group[356]: 10361 Group[357]: 10362 Group[358]: 10363 Group[359]: 10364 Group[360]: 10365 Group[361]: 10366 Group[362]: 10367 Group[363]: 10368 Group[364]: 10369 Group[365]: 10370 Group[366]: 10371 Group[367]: 10372 Group[368]: 10373 Group[369]: 10374 Group[370]: 10375 Group[371]: 10376 Group[372]: 10377 Group[373]: 10378 Group[374]: 10379 Group[375]: 10380 Group[376]: 10381 Group[377]: 10382 Group[378]: 10383 Group[379]: 10384 Group[380]: 10385 Group[381]: 10386 Group[382]: 10387 Group[383]: 10388 Group[384]: 10389 Group[385]: 10390 Group[386]: 10391 Group[387]: 10392 Group[388]: 10393 Group[389]: 10394 Group[390]: 10395 Group[391]: 10396 Group[392]: 10397 Group[393]: 10398 Group[394]: 10399 Group[395]: 10400 Group[396]: 10401 Group[397]: 10402 Group[398]: 10403 Group[399]: 10404 Group[400]: 10002 Group[401]: 10003 Group[402]: 10004 Group[403]: 10001 [2012/11/09 16:29:30.685365, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,10006) [2012/11/09 16:29:30.685420, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /var/tmp [2012/11/09 16:29:30.685458, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:30.685480, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:30.685511, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:30.685537, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:30.685573, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2014) [2012/11/09 16:29:30.685605, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:30.685636, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:30.685659, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:30.685702, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:30.685728, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.685782, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.685857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.685898, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:30.685920, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:30.685951, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:30.685977, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:30.686016, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:30.686040, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.686051, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2688 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:30.687136, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/11/09 16:29:30.687179, 3] smbd/process.c:1662(process_smb) Transaction 317 of length 132 (0 toread) [2012/11/09 16:29:30.687204, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.687223, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2755 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 8210 (0x2012) smb_bcc=61 [2012/11/09 16:29:30.687502, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:30.687545, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:30.687576, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/11/09 16:29:30.687597, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/11/09 16:29:30.687625, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/11/09 16:29:30.687648, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/11/09 16:29:30.687686, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 2012) [2012/11/09 16:29:30.687713, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/11/09 16:29:30.687743, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/11/09 16:29:30.687769, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/11/09 16:29:30.687802, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 [2012/11/09 16:29:30.687824, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.687889, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.687932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! [0010] 55 31 00 00 U1.. [2012/11/09 16:29:30.687969, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/11/09 16:29:30.687990, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/11/09 16:29:30.688023, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 4280 [2012/11/09 16:29:30.688056, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/11/09 16:29:30.688081, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/11/09 16:29:30.688101, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.688112, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=5012 smb_uid=101 smb_mid=2755 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/11/09 16:29:30.689249, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:30.689283, 3] smbd/process.c:1662(process_smb) Transaction 318 of length 45 (0 toread) [2012/11/09 16:29:30.689303, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.689314, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2816 smt_wct=3 smb_vwv[ 0]= 8212 (0x2014) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:30.689434, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:30.689455, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:30.689475, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8212 (numopen=2) [2012/11/09 16:29:30.689494, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:30.689539, 5] smbd/files.c:482(file_free) freed files structure 8212 (1 used) [2012/11/09 16:29:30.689562, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.689574, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2816 smt_wct=0 smb_bcc=0 [2012/11/09 16:29:30.690540, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/11/09 16:29:30.690581, 3] smbd/process.c:1662(process_smb) Transaction 319 of length 45 (0 toread) [2012/11/09 16:29:30.690602, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.690614, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51223 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=3 smb_vwv[ 0]= 8210 (0x2012) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/11/09 16:29:30.690733, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 [2012/11/09 16:29:30.690754, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/11/09 16:29:30.690774, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=8210 (numopen=1) [2012/11/09 16:29:30.690793, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2012/11/09 16:29:30.690975, 5] smbd/files.c:482(file_free) freed files structure 8210 (0 used) [2012/11/09 16:29:30.691030, 5] lib/util.c:332(show_msg) [2012/11/09 16:29:30.691057, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2880 smt_wct=0 smb_bcc=0 [2012/11/09 16:30:11.102743, 5] smbd/process.c:2474(housekeeping_fn) housekeeping [2012/11/09 16:30:11.102852, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:30:11.102892, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:30:11.102925, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:30:11.102995, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:31:11.157929, 5] smbd/process.c:2474(housekeeping_fn) housekeeping [2012/11/09 16:31:11.158077, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:31:11.158106, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:31:11.158125, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:31:11.158163, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/11/09 16:32:11.158332, 5] smbd/process.c:2474(housekeeping_fn) housekeeping [2012/11/09 16:32:11.158444, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/11/09 16:32:11.158484, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/11/09 16:32:11.158524, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/11/09 16:32:11.158590, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0)