The Samba-Bugzilla – Attachment 8179 Details for
Bug 9378
publish of printer is not possible "Object class violation"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
loglevel9log_from_publish_bug_samba369
log.publish_bug (text/plain), 1.97 MB, created by
Franz Pförtsch
on 2012-11-11 20:24:00 UTC
(
hide
)
Description:
loglevel9log_from_publish_bug_samba369
Filename:
MIME Type:
Creator:
Franz Pförtsch
Created:
2012-11-11 20:24:00 UTC
Size:
1.97 MB
patch
obsolete
>[2012/11/09 16:29:11.061438, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 > > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 > >[2012/11/09 16:29:11.061622, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.061663, 3] smbd/oplock.c:922(init_oplocks) > init_oplocks: initializing messages. >[2012/11/09 16:29:11.061751, 3] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) > Linux kernel oplocks enabled >[2012/11/09 16:29:11.061794, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 1 - private_data=(nil) >[2012/11/09 16:29:11.061887, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x85 >[2012/11/09 16:29:11.061963, 3] smbd/process.c:1662(process_smb) > Transaction 0 of length 137 (0 toread) >[2012/11/09 16:29:11.061997, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.062017, 5] lib/util.c:342(show_msg) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51267 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2012/11/09 16:29:11.062183, 3] smbd/process.c:1467(switch_message) > switch message SMBnegprot (pid 12629) conn 0x0 >[2012/11/09 16:29:11.062219, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.062257, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.062299, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.062362, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.062646, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2012/11/09 16:29:11.062694, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN1.0] >[2012/11/09 16:29:11.062730, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [Windows for Workgroups 3.1a] >[2012/11/09 16:29:11.062767, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LM1.2X002] >[2012/11/09 16:29:11.062804, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [LANMAN2.1] >[2012/11/09 16:29:11.062841, 3] smbd/negprot.c:598(reply_negprot) > Requested protocol [NT LM 0.12] >[2012/11/09 16:29:11.062890, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 > > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 > >[2012/11/09 16:29:11.063047, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 > > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 > >[2012/11/09 16:29:11.063203, 3] smbd/negprot.c:419(reply_nt1) > using SPNEGO >[2012/11/09 16:29:11.063234, 3] smbd/negprot.c:704(reply_negprot) > Selected protocol NT LM 0.12 >[2012/11/09 16:29:11.063262, 5] smbd/negprot.c:711(reply_negprot) > negprot index=5 >[2012/11/09 16:29:11.063291, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.063308, 5] lib/util.c:342(show_msg) > size=181 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51267 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=21760 (0x5500) > smb_vwv[ 8]= 49 (0x31) > smb_vwv[ 9]=64512 (0xFC00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=17280 (0x4380) > smb_vwv[12]=32865 (0x8061) > smb_vwv[13]=36599 (0x8EF7) > smb_vwv[14]=52670 (0xCDBE) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]= 255 (0xFF) > smb_bcc=112 >[2012/11/09 16:29:11.069807, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x2310 >[2012/11/09 16:29:11.069882, 3] smbd/process.c:1662(process_smb) > Transaction 1 of length 8980 (0 toread) >[2012/11/09 16:29:11.069903, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.069915, 5] lib/util.c:342(show_msg) > size=8976 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=65535 > smb_pid=65279 > smb_uid=0 > smb_mid=48064 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 8913 (0x22D1) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=8917 >[2012/11/09 16:29:11.070104, 3] smbd/process.c:1467(switch_message) > switch message SMBsesssetupX (pid 12629) conn 0x0 >[2012/11/09 16:29:11.070125, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.070144, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.070163, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.070196, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.070220, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) > wct=12 flg2=0xc817 >[2012/11/09 16:29:11.070242, 2] smbd/sesssetup.c:1279(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2012/11/09 16:29:11.070263, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) > Doing spnego session setup >[2012/11/09 16:29:11.070309, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) > NativeOS=[] NativeLanMan=[] PrimaryDomain=[] >[2012/11/09 16:29:11.070392, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.2.840.48018.1.2.2 >[2012/11/09 16:29:11.070421, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.2.840.113554.1.2.2 >[2012/11/09 16:29:11.070441, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.30 >[2012/11/09 16:29:11.070459, 5] smbd/sesssetup.c:607(parse_spnego_mechanisms) > parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 >[2012/11/09 16:29:11.070478, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 8835 >[2012/11/09 16:29:11.074572, 3] libads/authdata.c:332(decode_pac_data) > Found account name from PAC: PFOERFR [Pförtsch, Franz] >[2012/11/09 16:29:11.074698, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) > Kerberos ticket principal name is [PFOERFR@XXXXX.XXX] >[2012/11/09 16:29:11.074748, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user BROSE+PFOERFR >[2012/11/09 16:29:11.074779, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr >[2012/11/09 16:29:11.082136, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [BROSE+PFOERFR]! >[2012/11/09 16:29:11.083743, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 > > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 > >[2012/11/09 16:29:11.083859, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user BROSE+pfoerfr >[2012/11/09 16:29:11.083915, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr >[2012/11/09 16:29:11.083943, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [BROSE+pfoerfr]! >[2012/11/09 16:29:11.084919, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.084955, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.084978, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.085013, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.085045, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.086742, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.086796, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-19743] >[2012/11/09 16:29:11.086845, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-513] >[2012/11/09 16:29:11.086890, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334230] >[2012/11/09 16:29:11.086935, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-23353] >[2012/11/09 16:29:11.086963, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304793] >[2012/11/09 16:29:11.086987, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269408] >[2012/11/09 16:29:11.087011, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50420] >[2012/11/09 16:29:11.087035, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113634] >[2012/11/09 16:29:11.087059, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113662] >[2012/11/09 16:29:11.087083, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260755] >[2012/11/09 16:29:11.087107, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288770] >[2012/11/09 16:29:11.087131, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67892] >[2012/11/09 16:29:11.087155, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20800] >[2012/11/09 16:29:11.087179, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269744] >[2012/11/09 16:29:11.087203, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63803] >[2012/11/09 16:29:11.087227, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360934] >[2012/11/09 16:29:11.087251, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-421750] >[2012/11/09 16:29:11.087274, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294313] >[2012/11/09 16:29:11.087298, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-109619] >[2012/11/09 16:29:11.087343, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13623] >[2012/11/09 16:29:11.087394, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113660] >[2012/11/09 16:29:11.087442, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13846] >[2012/11/09 16:29:11.087488, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351693] >[2012/11/09 16:29:11.087517, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56178] >[2012/11/09 16:29:11.087542, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268914] >[2012/11/09 16:29:11.087566, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276389] >[2012/11/09 16:29:11.087590, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294265] >[2012/11/09 16:29:11.087614, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289050] >[2012/11/09 16:29:11.087639, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284074] >[2012/11/09 16:29:11.087664, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353623] >[2012/11/09 16:29:11.087688, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-60632] >[2012/11/09 16:29:11.087712, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-299617] >[2012/11/09 16:29:11.087737, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269875] >[2012/11/09 16:29:11.087761, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260777] >[2012/11/09 16:29:11.087785, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-72011] >[2012/11/09 16:29:11.087809, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56174] >[2012/11/09 16:29:11.087833, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294145] >[2012/11/09 16:29:11.087858, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-46643] >[2012/11/09 16:29:11.087887, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-110684] >[2012/11/09 16:29:11.087935, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69476] >[2012/11/09 16:29:11.087985, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-354438] >[2012/11/09 16:29:11.088031, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288215] >[2012/11/09 16:29:11.088066, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418124] >[2012/11/09 16:29:11.088092, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32947] >[2012/11/09 16:29:11.088128, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373447] >[2012/11/09 16:29:11.088154, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21119] >[2012/11/09 16:29:11.088178, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-254283] >[2012/11/09 16:29:11.088203, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21918] >[2012/11/09 16:29:11.088227, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268915] >[2012/11/09 16:29:11.088251, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267093] >[2012/11/09 16:29:11.088276, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-340888] >[2012/11/09 16:29:11.088300, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294363] >[2012/11/09 16:29:11.088324, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-414620] >[2012/11/09 16:29:11.088349, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260959] >[2012/11/09 16:29:11.088374, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56176] >[2012/11/09 16:29:11.088398, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373472] >[2012/11/09 16:29:11.088423, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294492] >[2012/11/09 16:29:11.088447, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373554] >[2012/11/09 16:29:11.088548, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104382] >[2012/11/09 16:29:11.088597, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294361] >[2012/11/09 16:29:11.088643, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-245149] >[2012/11/09 16:29:11.088680, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32807] >[2012/11/09 16:29:11.088705, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63805] >[2012/11/09 16:29:11.088730, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290135] >[2012/11/09 16:29:11.088754, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248439] >[2012/11/09 16:29:11.088778, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58745] >[2012/11/09 16:29:11.088803, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288316] >[2012/11/09 16:29:11.088827, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373441] >[2012/11/09 16:29:11.088861, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268916] >[2012/11/09 16:29:11.088888, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-17597] >[2012/11/09 16:29:11.088912, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113654] >[2012/11/09 16:29:11.088937, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304050] >[2012/11/09 16:29:11.088961, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-112626] >[2012/11/09 16:29:11.088985, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360946] >[2012/11/09 16:29:11.089009, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-1116] >[2012/11/09 16:29:11.089034, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294490] >[2012/11/09 16:29:11.089058, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373442] >[2012/11/09 16:29:11.089082, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402137] >[2012/11/09 16:29:11.089122, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373470] >[2012/11/09 16:29:11.089170, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284963] >[2012/11/09 16:29:11.089215, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21963] >[2012/11/09 16:29:11.089260, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373556] >[2012/11/09 16:29:11.089288, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351504] >[2012/11/09 16:29:11.089313, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360382] >[2012/11/09 16:29:11.089338, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266966] >[2012/11/09 16:29:11.089362, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-21-160562036-3150058255-2134394716-63797 > Privilege set: 0x20 >[2012/11/09 16:29:11.089394, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31306] >[2012/11/09 16:29:11.089419, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-420969] >[2012/11/09 16:29:11.089443, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58439] >[2012/11/09 16:29:11.089468, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351240] >[2012/11/09 16:29:11.089492, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290160] >[2012/11/09 16:29:11.089516, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-335340] >[2012/11/09 16:29:11.089540, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32819] >[2012/11/09 16:29:11.089581, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63801] >[2012/11/09 16:29:11.089607, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-53171] >[2012/11/09 16:29:11.089632, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294243] >[2012/11/09 16:29:11.089656, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-350032] >[2012/11/09 16:29:11.089680, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63737] >[2012/11/09 16:29:11.089711, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-13863] >[2012/11/09 16:29:11.089758, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351719] >[2012/11/09 16:29:11.089806, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56165] >[2012/11/09 16:29:11.089851, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113646] >[2012/11/09 16:29:11.089888, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430811] >[2012/11/09 16:29:11.089914, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284081] >[2012/11/09 16:29:11.089938, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256696] >[2012/11/09 16:29:11.089963, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416414] >[2012/11/09 16:29:11.089987, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49609] >[2012/11/09 16:29:11.090012, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-377791] >[2012/11/09 16:29:11.090036, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32821] >[2012/11/09 16:29:11.090060, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-359223] >[2012/11/09 16:29:11.090084, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284091] >[2012/11/09 16:29:11.090109, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433713] >[2012/11/09 16:29:11.090133, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-33100] >[2012/11/09 16:29:11.090157, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416203] >[2012/11/09 16:29:11.090181, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-317007] >[2012/11/09 16:29:11.090205, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69542] >[2012/11/09 16:29:11.090229, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268918] >[2012/11/09 16:29:11.090267, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69428] >[2012/11/09 16:29:11.090294, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-316764] >[2012/11/09 16:29:11.090324, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55705] >[2012/11/09 16:29:11.090372, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-291229] >[2012/11/09 16:29:11.090423, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-250116] >[2012/11/09 16:29:11.090469, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294315] >[2012/11/09 16:29:11.090503, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402469] >[2012/11/09 16:29:11.090528, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256697] >[2012/11/09 16:29:11.090552, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418438] >[2012/11/09 16:29:11.090577, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-435652] >[2012/11/09 16:29:11.090608, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-45010] >[2012/11/09 16:29:11.090634, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322368] >[2012/11/09 16:29:11.090659, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267090] >[2012/11/09 16:29:11.090683, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32825] >[2012/11/09 16:29:11.090708, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-35099] >[2012/11/09 16:29:11.090732, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56157] >[2012/11/09 16:29:11.090756, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113648] >[2012/11/09 16:29:11.090781, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55709] >[2012/11/09 16:29:11.090805, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-108789] >[2012/11/09 16:29:11.090830, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56159] >[2012/11/09 16:29:11.090854, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-268919] >[2012/11/09 16:29:11.090879, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-245147] >[2012/11/09 16:29:11.090903, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430693] >[2012/11/09 16:29:11.090942, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289617] >[2012/11/09 16:29:11.090990, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373445] >[2012/11/09 16:29:11.091052, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-14282] >[2012/11/09 16:29:11.091095, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433712] >[2012/11/09 16:29:11.091122, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-59232] >[2012/11/09 16:29:11.091146, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-33429] >[2012/11/09 16:29:11.091171, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-437634] >[2012/11/09 16:29:11.091195, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-23354] >[2012/11/09 16:29:11.091220, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113636] >[2012/11/09 16:29:11.091244, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63799] >[2012/11/09 16:29:11.091268, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-261009] >[2012/11/09 16:29:11.091293, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290498] >[2012/11/09 16:29:11.091317, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-375928] >[2012/11/09 16:29:11.091342, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276407] >[2012/11/09 16:29:11.091366, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357401] >[2012/11/09 16:29:11.091390, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357385] >[2012/11/09 16:29:11.091415, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-269404] >[2012/11/09 16:29:11.091439, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67790] >[2012/11/09 16:29:11.091463, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-392120] >[2012/11/09 16:29:11.091488, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276395] >[2012/11/09 16:29:11.091512, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-113343] >[2012/11/09 16:29:11.091551, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56172] >[2012/11/09 16:29:11.091599, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402467] >[2012/11/09 16:29:11.091646, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-293007] >[2012/11/09 16:29:11.091693, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-427942] >[2012/11/09 16:29:11.091723, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373529] >[2012/11/09 16:29:11.091758, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-263163] >[2012/11/09 16:29:11.091785, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64111] >[2012/11/09 16:29:11.091810, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266852] >[2012/11/09 16:29:11.091835, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357892] >[2012/11/09 16:29:11.091860, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104429] >[2012/11/09 16:29:11.091885, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32813] >[2012/11/09 16:29:11.091909, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360722] >[2012/11/09 16:29:11.091934, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-284092] >[2012/11/09 16:29:11.091959, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289619] >[2012/11/09 16:29:11.091983, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-369316] >[2012/11/09 16:29:11.092008, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49542] >[2012/11/09 16:29:11.092032, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-329659] >[2012/11/09 16:29:11.092057, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32809] >[2012/11/09 16:29:11.092081, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-108767] >[2012/11/09 16:29:11.092106, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-305399] >[2012/11/09 16:29:11.092133, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-263161] >[2012/11/09 16:29:11.092179, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-314050] >[2012/11/09 16:29:11.092229, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31001] >[2012/11/09 16:29:11.092275, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-279682] >[2012/11/09 16:29:11.092313, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294147] >[2012/11/09 16:29:11.092339, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56163] >[2012/11/09 16:29:11.092364, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-285751] >[2012/11/09 16:29:11.092389, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21723] >[2012/11/09 16:29:11.092413, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-8332] >[2012/11/09 16:29:11.092437, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32827] >[2012/11/09 16:29:11.092495, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256460] >[2012/11/09 16:29:11.092522, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256183] >[2012/11/09 16:29:11.092547, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-300424] >[2012/11/09 16:29:11.092571, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55677] >[2012/11/09 16:29:11.092596, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-253145] >[2012/11/09 16:29:11.092620, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63804] >[2012/11/09 16:29:11.092644, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-358866] >[2012/11/09 16:29:11.092668, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32823] >[2012/11/09 16:29:11.092692, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276620] >[2012/11/09 16:29:11.092717, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361940] >[2012/11/09 16:29:11.092744, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49274] >[2012/11/09 16:29:11.092791, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402177] >[2012/11/09 16:29:11.092840, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252230] >[2012/11/09 16:29:11.092885, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-321100] >[2012/11/09 16:29:11.092923, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20801] >[2012/11/09 16:29:11.092949, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276621] >[2012/11/09 16:29:11.092973, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252010] >[2012/11/09 16:29:11.092998, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-292766] >[2012/11/09 16:29:11.093022, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37331] >[2012/11/09 16:29:11.093046, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260776] >[2012/11/09 16:29:11.093070, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-386708] >[2012/11/09 16:29:11.093094, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-374616] >[2012/11/09 16:29:11.093118, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21084] >[2012/11/09 16:29:11.093142, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294267] >[2012/11/09 16:29:11.093176, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63802] >[2012/11/09 16:29:11.093203, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-31186] >[2012/11/09 16:29:11.093228, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-105575] >[2012/11/09 16:29:11.093252, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361874] >[2012/11/09 16:29:11.093276, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360362] >[2012/11/09 16:29:11.093300, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357734] >[2012/11/09 16:29:11.093324, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294241] >[2012/11/09 16:29:11.093354, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-251778] >[2012/11/09 16:29:11.093403, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-49510] >[2012/11/09 16:29:11.093450, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-35015] >[2012/11/09 16:29:11.093495, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-20749] >[2012/11/09 16:29:11.093542, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294291] >[2012/11/09 16:29:11.093581, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-254469] >[2012/11/09 16:29:11.093607, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-247296] >[2012/11/09 16:29:11.093632, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63798] >[2012/11/09 16:29:11.093656, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-59035] >[2012/11/09 16:29:11.093681, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430331] >[2012/11/09 16:29:11.093705, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21301] >[2012/11/09 16:29:11.093730, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55627] >[2012/11/09 16:29:11.093755, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32815] >[2012/11/09 16:29:11.093779, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-277164] >[2012/11/09 16:29:11.093803, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-21552] >[2012/11/09 16:29:11.093828, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-56622] >[2012/11/09 16:29:11.093853, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37315] >[2012/11/09 16:29:11.093877, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334225] >[2012/11/09 16:29:11.093911, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338141] >[2012/11/09 16:29:11.093938, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-246169] >[2012/11/09 16:29:11.093973, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-297835] >[2012/11/09 16:29:11.094020, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353615] >[2012/11/09 16:29:11.094068, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322371] >[2012/11/09 16:29:11.094114, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63235] >[2012/11/09 16:29:11.094155, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266849] >[2012/11/09 16:29:11.094182, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-293998] >[2012/11/09 16:29:11.094207, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-433714] >[2012/11/09 16:29:11.094231, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-107694] >[2012/11/09 16:29:11.094256, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288317] >[2012/11/09 16:29:11.094281, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-44135] >[2012/11/09 16:29:11.094305, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290560] >[2012/11/09 16:29:11.094329, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322681] >[2012/11/09 16:29:11.094353, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-283109] >[2012/11/09 16:29:11.094378, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357879] >[2012/11/09 16:29:11.094402, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289046] >[2012/11/09 16:29:11.094426, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-32803] >[2012/11/09 16:29:11.094450, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-343968] >[2012/11/09 16:29:11.094483, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50792] >[2012/11/09 16:29:11.094509, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50518] >[2012/11/09 16:29:11.094534, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-37238] >[2012/11/09 16:29:11.094560, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360465] >[2012/11/09 16:29:11.094617, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-366652] >[2012/11/09 16:29:11.094666, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294094] >[2012/11/09 16:29:11.094728, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288540] >[2012/11/09 16:29:11.094756, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-297984] >[2012/11/09 16:29:11.094780, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-276427] >[2012/11/09 16:29:11.094805, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333792] >[2012/11/09 16:29:11.094829, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-427342] >[2012/11/09 16:29:11.094853, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333794] >[2012/11/09 16:29:11.094878, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-290460] >[2012/11/09 16:29:11.094902, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294091] >[2012/11/09 16:29:11.094926, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-333793] >[2012/11/09 16:29:11.094950, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338207] >[2012/11/09 16:29:11.094974, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-409571] >[2012/11/09 16:29:11.094999, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-294054] >[2012/11/09 16:29:11.095023, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-30854] >[2012/11/09 16:29:11.095047, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288547] >[2012/11/09 16:29:11.095071, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-365347] >[2012/11/09 16:29:11.095096, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-6776287-465249537-1446904402-4108] >[2012/11/09 16:29:11.095120, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-58230] >[2012/11/09 16:29:11.095144, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357400] >[2012/11/09 16:29:11.095173, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-343966] >[2012/11/09 16:29:11.095222, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104268] >[2012/11/09 16:29:11.095270, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334228] >[2012/11/09 16:29:11.095316, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357384] >[2012/11/09 16:29:11.095350, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64500] >[2012/11/09 16:29:11.095375, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-291227] >[2012/11/09 16:29:11.095410, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62708] >[2012/11/09 16:29:11.095437, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266847] >[2012/11/09 16:29:11.095462, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-313857] >[2012/11/09 16:29:11.095486, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-350031] >[2012/11/09 16:29:11.095511, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373448] >[2012/11/09 16:29:11.095535, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-420970] >[2012/11/09 16:29:11.095560, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351238] >[2012/11/09 16:29:11.095584, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-11861] >[2012/11/09 16:29:11.095622, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353613] >[2012/11/09 16:29:11.095649, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322679] >[2012/11/09 16:29:11.095674, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-253148] >[2012/11/09 16:29:11.095723, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-277162] >[2012/11/09 16:29:11.095770, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304048] >[2012/11/09 16:29:11.095816, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-288768] >[2012/11/09 16:29:11.095860, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62920] >[2012/11/09 16:29:11.095887, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62814] >[2012/11/09 16:29:11.095912, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-338139] >[2012/11/09 16:29:11.095939, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-266850] >[2012/11/09 16:29:11.095964, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-74038] >[2012/11/09 16:29:11.095988, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62715] >[2012/11/09 16:29:11.096013, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357877] >[2012/11/09 16:29:11.096037, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-252117] >[2012/11/09 16:29:11.096062, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-322372] >[2012/11/09 16:29:11.096087, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-65121] >[2012/11/09 16:29:11.096111, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62711] >[2012/11/09 16:29:11.096147, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267091] >[2012/11/09 16:29:11.096173, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-24652] >[2012/11/09 16:29:11.096198, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360933] >[2012/11/09 16:29:11.096234, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-354437] >[2012/11/09 16:29:11.096282, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249119] >[2012/11/09 16:29:11.096328, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248731] >[2012/11/09 16:29:11.096374, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64215] >[2012/11/09 16:29:11.096406, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373475] >[2012/11/09 16:29:11.096431, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-250664] >[2012/11/09 16:29:11.096474, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-267088] >[2012/11/09 16:29:11.096505, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50311] >[2012/11/09 16:29:11.096531, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62644] >[2012/11/09 16:29:11.096555, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69148] >[2012/11/09 16:29:11.096579, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360380] >[2012/11/09 16:29:11.096604, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-52124] >[2012/11/09 16:29:11.096629, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-351502] >[2012/11/09 16:29:11.096653, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-317005] >[2012/11/09 16:29:11.096677, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62713] >[2012/11/09 16:29:11.096702, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-313855] >[2012/11/09 16:29:11.096727, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-53143] >[2012/11/09 16:29:11.096751, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-349705] >[2012/11/09 16:29:11.096777, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357732] >[2012/11/09 16:29:11.096817, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402142] >[2012/11/09 16:29:11.096865, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-50421] >[2012/11/09 16:29:11.096925, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-357890] >[2012/11/09 16:29:11.096967, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-416413] >[2012/11/09 16:29:11.096998, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-255117] >[2012/11/09 16:29:11.097049, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-73891] >[2012/11/09 16:29:11.097097, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-377792] >[2012/11/09 16:29:11.097148, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-63081] >[2012/11/09 16:29:11.097195, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-386707] >[2012/11/09 16:29:11.097250, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64112] >[2012/11/09 16:29:11.097296, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256555] >[2012/11/09 16:29:11.097343, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-361939] >[2012/11/09 16:29:11.097370, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62709] >[2012/11/09 16:29:11.097395, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-248759] >[2012/11/09 16:29:11.097433, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-359221] >[2012/11/09 16:29:11.097483, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-310730] >[2012/11/09 16:29:11.097531, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-109617] >[2012/11/09 16:29:11.097577, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-60474] >[2012/11/09 16:29:11.097607, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-402472] >[2012/11/09 16:29:11.097632, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55679] >[2012/11/09 16:29:11.097672, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69153] >[2012/11/09 16:29:11.097701, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-22265] >[2012/11/09 16:29:11.097726, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-423112] >[2012/11/09 16:29:11.097752, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289044] >[2012/11/09 16:29:11.097798, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-67791] >[2012/11/09 16:29:11.097841, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69156] >[2012/11/09 16:29:11.097886, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62712] >[2012/11/09 16:29:11.097954, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360721] >[2012/11/09 16:29:11.098002, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-435651] >[2012/11/09 16:29:11.098052, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69149] >[2012/11/09 16:29:11.098099, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-73730] >[2012/11/09 16:29:11.098146, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-243660] >[2012/11/09 16:29:11.098192, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-104280] >[2012/11/09 16:29:11.098237, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-430692] >[2012/11/09 16:29:11.098281, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-256558] >[2012/11/09 16:29:11.098326, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-54515] >[2012/11/09 16:29:11.098373, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-334223] >[2012/11/09 16:29:11.098420, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-304790] >[2012/11/09 16:29:11.098465, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373528] >[2012/11/09 16:29:11.098510, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-375927] >[2012/11/09 16:29:11.098555, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-74039] >[2012/11/09 16:29:11.098614, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62781] >[2012/11/09 16:29:11.098664, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69157] >[2012/11/09 16:29:11.098711, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-309445] >[2012/11/09 16:29:11.098756, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62733] >[2012/11/09 16:29:11.098803, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-418123] >[2012/11/09 16:29:11.098850, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64415] >[2012/11/09 16:29:11.098895, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-414619] >[2012/11/09 16:29:11.098941, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373446] >[2012/11/09 16:29:11.098986, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-289048] >[2012/11/09 16:29:11.099033, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69158] >[2012/11/09 16:29:11.099078, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-373559] >[2012/11/09 16:29:11.099138, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-110686] >[2012/11/09 16:29:11.099186, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-260757] >[2012/11/09 16:29:11.099233, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249663] >[2012/11/09 16:29:11.099278, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249619] >[2012/11/09 16:29:11.099326, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-321098] >[2012/11/09 16:29:11.099371, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-64497] >[2012/11/09 16:29:11.099417, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-112627] >[2012/11/09 16:29:11.099463, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-62710] >[2012/11/09 16:29:11.099507, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-360361] >[2012/11/09 16:29:11.099552, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-353621] >[2012/11/09 16:29:11.099598, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-365152] >[2012/11/09 16:29:11.099645, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-69544] >[2012/11/09 16:29:11.099691, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-249644] >[2012/11/09 16:29:11.099733, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-160562036-3150058255-2134394716-55625] >[2012/11/09 16:29:11.099760, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/11/09 16:29:11.099790, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/11/09 16:29:11.099813, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/11/09 16:29:11.099837, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-32-545] >[2012/11/09 16:29:11.146640, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: BROSE+pfoerfr Real name: Pförtsch, Franz >[2012/11/09 16:29:11.146723, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 10000 is UNIX user BROSE+pfoerfr, and will be vuid 101 >[2012/11/09 16:29:11.147039, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find BROSE+pfoerfr >[2012/11/09 16:29:11.147069, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user BROSE+pfoerfr >[2012/11/09 16:29:11.147089, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr >[2012/11/09 16:29:11.147110, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [BROSE+pfoerfr]! >[2012/11/09 16:29:11.147128, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'BROSE+pfoerfr' using home directory: '/home/BROSE/pfoerfr' >[2012/11/09 16:29:11.147151, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find homes >[2012/11/09 16:29:11.147182, 3] smbd/signing.c:267(srv_set_signing) > srv_set_signing: turning on SMB signing: signing negotiated = 1, mandatory_signing = 0. >[2012/11/09 16:29:11.147224, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.shares.conf -> /etc/samba/smb.shares.conf last mod_time: Thu Oct 25 21:33:17 2012 > > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Wed Nov 7 11:01:17 2012 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 9 16:26:49 2012 > >[2012/11/09 16:29:11.147344, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.147360, 5] lib/util.c:342(show_msg) > size=302 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=65279 > smb_uid=101 > smb_mid=48064 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 152 (0x98) > smb_bcc=259 >[2012/11/09 16:29:11.148801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2012/11/09 16:29:11.148833, 3] smbd/process.c:1662(process_smb) > Transaction 2 of length 86 (0 toread) >[2012/11/09 16:29:11.148853, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.148864, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=48128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 82 (0x52) > smb_vwv[ 2]= 12 (0xC) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2012/11/09 16:29:11.148986, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 12629) conn 0x0 >[2012/11/09 16:29:11.149008, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.149027, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.149045, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.149076, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.149103, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2012/11/09 16:29:11.149130, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2012/11/09 16:29:11.149154, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.149213, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user BROSE+pfoerfr >[2012/11/09 16:29:11.149240, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr >[2012/11/09 16:29:11.149260, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [BROSE+pfoerfr]! >[2012/11/09 16:29:11.149283, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/var/tmp' for service [IPC$] >[2012/11/09 16:29:11.149330, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/11/09 16:29:11.149356, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2012/11/09 16:29:11.149377, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2012/11/09 16:29:11.149395, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/11/09 16:29:11.149424, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2012/11/09 16:29:11.149705, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.149739, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:11.157119, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:11.160411, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:11.160473, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.160500, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.160531, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.160573, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.160612, 3] smbd/service.c:1114(make_connection_snum) > 10.129.108.68 (10.129.108.68) signed connect to service IPC$ initially as user BROSE+pfoerfr (uid=10000, gid=10006) (pid 12629) >[2012/11/09 16:29:11.160641, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2012/11/09 16:29:11.161487, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:11.161519, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 106 (0 toread) >[2012/11/09 16:29:11.161547, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.161561, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48192 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:11.161848, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.161871, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.161891, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:11.168593, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:11.171382, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:11.171415, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/tmp >[2012/11/09 16:29:11.171454, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:11.171490, 5] smbd/files.c:140(file_new) > allocated file structure 4114, fnum = 8210 (1 used) >[2012/11/09 16:29:11.171532, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:11.171606, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:11.171635, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:11.173048, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:11.173079, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 228 (0 toread) >[2012/11/09 16:29:11.173098, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.173109, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48256 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:11.173297, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.173317, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.173340, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 160 >[2012/11/09 16:29:11.173373, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:11.173409, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.173436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:11.173456, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:11.173476, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.173508, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:11.174630, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.174661, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 63 (0 toread) >[2012/11/09 16:29:11.174680, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.174691, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48320 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.174866, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.174886, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.174908, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.174928, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:11.174956, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:11.176062, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:11.176100, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 296 (0 toread) >[2012/11/09 16:29:11.176119, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.176129, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48384 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=225 >[2012/11/09 16:29:11.176349, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.176371, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.176395, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:11.176417, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.176435, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.176472, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.176496, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:11.176516, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:11.176543, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.176566, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:11.176598, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:11.176644, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.176691, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:11.176720, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] >[2012/11/09 16:29:11.176792, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.176823, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.176867, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.176893, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.176935, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.176959, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.176978, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.176996, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.177075, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.177132, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177194, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177238, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.177283, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.177323, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.177365, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.177406, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.177442, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.177491, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [_pdf] >[2012/11/09 16:29:11.177540, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177599, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177734, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.177780, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177823, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.177854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.177927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.177968, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.177999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178040, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178070, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178112, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178183, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178406, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178482, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178555, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178637, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178737, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.178756, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.178791, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.178831, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.178926, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.178964, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.179004, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.179042, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.179080, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.179116, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.179160, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [_pdf] >[2012/11/09 16:29:11.179208, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179318, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.179338, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.179384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179429, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\_pdf] >[2012/11/09 16:29:11.179449, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.179484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 9D 50 47 21 ...."... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179564, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.179592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 9D 50 47 21 ....!... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179670, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.179697, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 9D 50 47 21 .... ... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179775, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.179802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.179880, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.179913, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.179941, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.179971, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.179993, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.180019, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.180042, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.180074, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.180093, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.180171, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.180216, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180296, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180345, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.180388, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.180428, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.180486, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.180529, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.180565, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.180611, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [lpt1] >[2012/11/09 16:29:11.180663, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180797, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180842, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.180874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180916, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.180947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.180989, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181020, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181061, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181107, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181224, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181295, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181326, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181368, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181440, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181471, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181686, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181741, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181786, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181831, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.181850, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.181881, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.181921, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.181974, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182017, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.182055, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.182094, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.182132, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.182169, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.182205, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.182248, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [lpt1] >[2012/11/09 16:29:11.182307, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182411, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.182430, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.182479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182532, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\lpt1] >[2012/11/09 16:29:11.182553, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.182586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 9D 50 47 21 ....&... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182690, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.182741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182789, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 9D 50 47 21 ....%... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182827, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.182855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182896, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 9D 50 47 21 ....$... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.182936, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.182975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 9D 50 47 21 ....#... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.183089, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.183117, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.183160, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.183185, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.183211, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.183234, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.183252, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.183270, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.183336, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.183386, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183494, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.183536, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.183576, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.183617, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.183677, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.183715, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.183760, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0705] >[2012/11/09 16:29:11.183809, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183878, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.183964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184018, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184102, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184176, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184293, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184373, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184487, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184524, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184572, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184670, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184701, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184745, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184833, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184865, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184907, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.184950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.184997, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185030, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185071, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185110, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185158, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185325, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185362, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185405, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185497, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185577, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185636, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185697, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185718, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.185750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185793, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.185813, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.185858, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.185914, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.185969, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186017, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.186066, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.186107, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.186146, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.186185, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.186243, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.186291, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0705] >[2012/11/09 16:29:11.186340, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186456, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.186476, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.186526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186571, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0705] >[2012/11/09 16:29:11.186603, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.186639, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186682, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 9D 50 47 21 ....*... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186719, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.186748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186799, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 9D 50 47 21 ....)... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186838, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.186866, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 9D 50 47 21 ....(... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.186960, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.186992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 9D 50 47 21 ....'... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187071, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.187119, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.187155, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.187187, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.187210, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.187236, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.187259, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.187277, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.187297, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.187375, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.187420, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187530, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.187573, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.187612, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.187654, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.187703, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.187742, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.187788, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0687ptx] >[2012/11/09 16:29:11.187838, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187904, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.187988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188054, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188135, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188233, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188422, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188524, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188557, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188660, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188742, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188831, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188905, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.188937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.188991, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189081, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189112, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189171, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189206, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189250, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189415, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189488, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189523, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189576, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189654, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189703, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189757, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189788, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.189822, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.189866, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.189894, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.189940, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.189983, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190080, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.190118, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.190158, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.190196, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.190242, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.190289, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.190335, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0687ptx] >[2012/11/09 16:29:11.190383, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190483, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.190502, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.190552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190600, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0687ptx] >[2012/11/09 16:29:11.190622, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.190655, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190707, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190758, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.190816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 9D 50 47 21 ....-... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.190999, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.191053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 9D 50 47 21 ....,... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191138, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.191168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191210, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 9D 50 47 21 ....+... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191247, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.191287, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.191317, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.191348, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.191371, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.191399, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.191422, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.191441, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.191458, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.191532, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.191580, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.191687, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.191729, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.191769, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.191822, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.191861, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.191897, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.191943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0790] >[2012/11/09 16:29:11.191991, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192128, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192174, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192259, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192295, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192338, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192410, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192507, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192666, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192701, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192775, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192817, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.192961, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.192993, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193035, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193107, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193211, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193253, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193334, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193409, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193481, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193528, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193573, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.193592, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.193623, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.193664, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.193760, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.193798, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.193838, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.193876, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.193914, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.193950, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.193994, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0790] >[2012/11/09 16:29:11.194042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194097, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194140, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.194172, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.194226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0790] >[2012/11/09 16:29:11.194290, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.194322, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 9D 50 47 21 ....2... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194402, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.194430, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194472, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 9D 50 47 21 ....1... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.194536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 9D 50 47 21 ....0... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194621, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.194650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 9D 50 47 21 ..../... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194729, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:11.194796, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/11/09 16:29:11.194821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.194901, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.194924, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.194963, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:11.194988, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.195012, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.195041, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.195064, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.195090, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.195113, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.195131, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.195149, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.195215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.195261, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195315, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195359, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.195400, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.195440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.195479, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.195517, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.195552, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.195608, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.195661, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195711, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:11.195745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195786, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 9D 50 47 21 ....4... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195823, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.195850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195891, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 9D 50 47 21 ....3... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.195942, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.195975, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.196009, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.196036, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 10301 >[2012/11/09 16:29:11.196070, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:11.196092, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.196103, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48384 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:11.199430, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/11/09 16:29:11.199463, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 4244 (0 toread) >[2012/11/09 16:29:11.199483, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.199494, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=4173 >[2012/11/09 16:29:11.199699, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.199720, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.199744, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/11/09 16:29:11.199765, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.199783, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.199802, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.199820, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:11.199840, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/11/09 16:29:11.199866, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.199888, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:11.199909, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:11.199936, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.199978, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200016, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.200037, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.200078, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.200108, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.200129, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.200155, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.200178, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.200197, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.200215, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.200281, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.200327, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200424, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.200484, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.200529, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.200569, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.200607, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.200642, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.200688, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.200736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.200924, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.200958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201000, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201032, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201074, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201161, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201234, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201265, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201307, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201338, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201380, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201411, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201453, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201527, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201601, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201674, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201757, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201791, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201833, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201865, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201907, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.201938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.201980, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202053, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202084, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202125, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202200, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202232, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202321, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202366, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.202427, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202471, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.202490, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.202527, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.202569, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202630, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.202674, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.202712, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.202751, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.202790, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.202828, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.202863, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.202908, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.202955, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203053, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.203073, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.203123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203167, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.203187, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.203219, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 9D 50 47 21 ....8... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203309, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.203339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 9D 50 47 21 ....7... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203418, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.203445, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 9D 50 47 21 ....6... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203524, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.203552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203593, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 9D 50 47 21 ....5... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.203630, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.203674, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.203716, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.203744, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.203763, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.203781, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.203844, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.203873, 4] printing/printing.c:1316(print_cache_expired) > print_cache_expired: cache expired for queue yyyp0708 (last_qscan_time = 1352473314, time now = 1352474951, qcachetime = 30) >[2012/11/09 16:29:11.206552, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.206673, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.206726, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/11/09 16:29:11.206756, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/11/09 16:29:11.206776, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/11/09 16:29:11.206803, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.206815, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/11/09 16:29:11.208954, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.209003, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 63 (0 toread) >[2012/11/09 16:29:11.209033, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.209051, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48512 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3112 (0xC28) > smb_vwv[ 6]= 3112 (0xC28) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3112 (0xC28) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.209330, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.209364, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.209397, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3112 >[2012/11/09 16:29:11.209429, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:11.209483, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3112 max=3112 nread=3112 >[2012/11/09 16:29:11.213174, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:11.213219, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 4348 (0 toread) >[2012/11/09 16:29:11.213239, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.213250, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48576 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:11.213473, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.213495, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.213514, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:11.213535, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:11.213568, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:11.214686, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1b8 >[2012/11/09 16:29:11.214717, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 444 (0 toread) >[2012/11/09 16:29:11.214736, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.214746, 5] lib/util.c:342(show_msg) > size=440 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48640 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 356 (0x164) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 356 (0x164) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=373 >[2012/11/09 16:29:11.214949, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.214969, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.214992, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=356 params=0 setup=2 >[2012/11/09 16:29:11.215033, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.215052, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.215070, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.215088, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:11.215107, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 356 >[2012/11/09 16:29:11.215130, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.215151, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:11.215171, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:11.215192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.215233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.215270, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.215294, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.215319, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.215351, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.215373, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.215407, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.215430, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.215449, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.215467, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.215559, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.215628, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.215691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.215734, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.215777, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.215818, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.215859, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.215898, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.215935, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.215982, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.216031, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216101, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216191, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216237, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216388, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216519, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216562, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216636, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216783, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216825, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216869, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216902, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.216944, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.216976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217196, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217237, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217269, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217310, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217342, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217416, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217458, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217546, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217714, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217733, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.217765, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217807, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.217825, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.217863, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.217905, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.217958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218001, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.218040, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.218079, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.218117, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.218155, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.218190, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.218234, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.218281, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218337, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218390, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.218412, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.218463, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218508, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.218528, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.218561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 9D 50 47 21 ....<... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218648, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.218676, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 9D 50 47 21 ....;... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218754, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.218781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 9D 50 47 21 ....:... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218857, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.218885, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 9D 50 47 21 ....9... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.218963, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.219048, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.219086, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/11/09 16:29:11.219116, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 4136 too large >[2012/11/09 16:29:11.219138, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..4136] (align 0) >[2012/11/09 16:29:11.219159, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/11/09 16:29:11.219190, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.219202, 5] lib/util.c:342(show_msg) > size=4192 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48640 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4136 (0x1028) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 4136 (0x1028) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=4137 >[2012/11/09 16:29:11.221073, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.221105, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 63 (0 toread) >[2012/11/09 16:29:11.221124, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.221135, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48704 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 144 (0x90) > smb_vwv[ 6]= 144 (0x90) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 144 (0x90) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.221311, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.221332, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.221352, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 144 >[2012/11/09 16:29:11.221377, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=144 max=144 nread=144 >[2012/11/09 16:29:11.222633, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.222677, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 63 (0 toread) >[2012/11/09 16:29:11.222697, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.222708, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.222917, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.222939, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.222961, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.222986, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:11.223020, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=336 >[2012/11/09 16:29:11.228228, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:11.228262, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 106 (0 toread) >[2012/11/09 16:29:11.228282, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.228303, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=48832 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:11.228828, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.228867, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.228907, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:11.228947, 5] smbd/files.c:140(file_new) > allocated file structure 4115, fnum = 8211 (2 used) >[2012/11/09 16:29:11.228990, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:11.229059, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:11.229102, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:11.230333, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:11.230367, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 228 (0 toread) >[2012/11/09 16:29:11.230387, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.230398, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48896 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8211 (0x2013) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:11.230587, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.230614, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.230634, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2013 name: spoolss len: 160 >[2012/11/09 16:29:11.230653, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:11.230678, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.230698, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:11.230717, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:11.230736, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.230765, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:11.231961, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.231997, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 63 (0 toread) >[2012/11/09 16:29:11.232016, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.232027, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=48960 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8211 (0x2013) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.232204, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.232239, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.232261, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.232282, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:11.232306, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:11.233415, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:11.233462, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 296 (0 toread) >[2012/11/09 16:29:11.233500, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.233522, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8211 (0x2013) > smb_bcc=225 >[2012/11/09 16:29:11.233834, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.233867, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.233909, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:11.233938, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.233957, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.233975, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.233993, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2013) >[2012/11/09 16:29:11.234028, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:11.234054, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.234081, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:11.234116, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:11.234158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.234211, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:11.234238, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:11.234294, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/11/09 16:29:11.234314, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.234351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.234388, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.234410, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.234445, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:11.234466, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.234490, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.234519, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.234540, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.234577, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.234607, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.234627, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.234645, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.234731, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.234782, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.234838, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.234881, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.234923, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.234963, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.235003, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.235041, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.235077, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.235134, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.235216, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.235305, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:11.235354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.235432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 9D 50 47 21 ....?... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.235504, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.235553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.235643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 9D 50 47 21 ....>... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.235738, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.235792, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.235840, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.235881, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:11.235927, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:11.235965, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.235986, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:11.238119, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c >[2012/11/09 16:29:11.238166, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 144 (0 toread) >[2012/11/09 16:29:11.238186, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.238198, 5] lib/util.c:342(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8211 (0x2013) > smb_bcc=73 >[2012/11/09 16:29:11.238402, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.238422, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.238445, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2012/11/09 16:29:11.238467, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.238484, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.238503, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.238521, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2013) >[2012/11/09 16:29:11.238541, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 56 >[2012/11/09 16:29:11.238566, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.238587, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:11.238613, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:11.238635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.238675, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.238712, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.238735, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.238776, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.238806, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.238828, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.238858, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.238881, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.238900, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.238918, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.239006, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.239073, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239176, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.239219, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.239258, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.239298, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.239336, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.239373, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.239419, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.239468, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239523, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239609, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.239689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239731, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.239762, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239814, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.239849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239891, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.239923, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.239966, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240017, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240063, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240137, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240211, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240285, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240359, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240432, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240548, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240583, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240625, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240843, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.240915, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.240953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.241052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241094, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.241143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241188, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.241219, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.241255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241298, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.241317, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.241355, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.241396, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241492, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.241530, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.241569, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.241607, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.241645, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.241680, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.241724, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.241771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.241869, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.241888, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.241949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242007, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.242028, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.242063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 9D 50 47 21 ....C... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242154, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.242183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 9D 50 47 21 ....B... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242262, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.242288, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242329, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 9D 50 47 21 ....A... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242366, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.242394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 9D 50 47 21 ....@... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.242471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.242536, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.242571, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.242602, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:11.242635, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:11.242656, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.242667, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:11.244949, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:11.244982, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 4348 (0 toread) >[2012/11/09 16:29:11.245002, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.245013, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49152 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8211 (0x2013) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:11.245202, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.245235, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.245257, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2013 name: spoolss len: 4280 >[2012/11/09 16:29:11.245277, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:11.245306, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:11.246410, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x138 >[2012/11/09 16:29:11.246441, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 316 (0 toread) >[2012/11/09 16:29:11.246461, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.246472, 5] lib/util.c:342(show_msg) > size=312 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49216 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 228 (0xE4) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8211 (0x2013) > smb_bcc=245 >[2012/11/09 16:29:11.246674, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.246694, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.246716, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=228 params=0 setup=2 >[2012/11/09 16:29:11.246736, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.246754, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.246771, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.246789, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2013) >[2012/11/09 16:29:11.246816, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 228 >[2012/11/09 16:29:11.246853, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.246876, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:11.246896, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:11.246917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.246956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.246993, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.247014, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.247039, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.247067, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.247088, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.247116, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.247139, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.247158, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.247175, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.247265, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.247312, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.247370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.247419, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.247461, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.247500, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.247539, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.247577, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.247612, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.247657, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.247704, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.247758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.247886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.247935, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.247969, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248011, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248043, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248085, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248157, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248316, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248390, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248433, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248505, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248583, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248615, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248656, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248729, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248822, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.248931, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.248992, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249069, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249100, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249141, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249172, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249214, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249289, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249361, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249454, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249473, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.249503, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249545, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.249564, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.249599, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.249653, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.249773, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.249822, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.249862, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.249900, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.249937, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.249971, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.250014, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.250062, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250189, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.250208, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.250259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250303, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.250322, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.250354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 9D 50 47 21 ....G... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250433, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.250461, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 9D 50 47 21 ....F... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250538, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.250565, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250622, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 9D 50 47 21 ....E... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250661, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.250690, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 9D 50 47 21 ....D... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.250797, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.250874, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.250910, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.250940, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/11/09 16:29:11.250962, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/11/09 16:29:11.250982, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/11/09 16:29:11.251001, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.251012, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49216 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/11/09 16:29:11.252371, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.252404, 3] smbd/process.c:1662(process_smb) > Transaction 20 of length 63 (0 toread) >[2012/11/09 16:29:11.252423, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.252434, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49280 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8211 (0x2013) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3256 (0xCB8) > smb_vwv[ 6]= 3256 (0xCB8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3256 (0xCB8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.252633, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.252654, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.252675, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3256 >[2012/11/09 16:29:11.252700, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3256 max=3256 nread=3256 >[2012/11/09 16:29:11.254044, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.254104, 3] smbd/process.c:1662(process_smb) > Transaction 21 of length 63 (0 toread) >[2012/11/09 16:29:11.254140, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.254154, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8211 (0x2013) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.254456, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.254488, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.254513, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.254557, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:11.254615, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=208 >[2012/11/09 16:29:11.256546, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:11.256581, 3] smbd/process.c:1662(process_smb) > Transaction 22 of length 132 (0 toread) >[2012/11/09 16:29:11.256606, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.256629, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8211 (0x2013) > smb_bcc=61 >[2012/11/09 16:29:11.256860, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.256883, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.256907, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:11.256929, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.256947, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.256966, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.256985, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2013) >[2012/11/09 16:29:11.257005, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:11.257031, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.257053, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:11.257073, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:11.257102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.257145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.257183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 9D 50 47 21 ....=... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.257221, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.257245, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.257273, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.257317, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:11.257344, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:11.257365, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.257376, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:11.259057, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:11.259090, 3] smbd/process.c:1662(process_smb) > Transaction 23 of length 45 (0 toread) >[2012/11/09 16:29:11.259110, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.259121, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49472 > smt_wct=3 > smb_vwv[ 0]= 8211 (0x2013) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:11.259239, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.259259, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.259281, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8211 (numopen=2) >[2012/11/09 16:29:11.259303, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:11.259371, 5] smbd/files.c:482(file_free) > freed files structure 8211 (1 used) >[2012/11/09 16:29:11.259395, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.259407, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49472 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:11.260568, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:11.260601, 3] smbd/process.c:1662(process_smb) > Transaction 24 of length 106 (0 toread) >[2012/11/09 16:29:11.260621, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.260632, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49536 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:11.260903, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.260923, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.260946, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:11.260968, 5] smbd/files.c:140(file_new) > allocated file structure 4116, fnum = 8212 (2 used) >[2012/11/09 16:29:11.260995, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:11.261044, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:11.261083, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:11.262456, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:11.262498, 3] smbd/process.c:1662(process_smb) > Transaction 25 of length 228 (0 toread) >[2012/11/09 16:29:11.262523, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.262535, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49600 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:11.262741, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.262764, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.262784, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2014 name: spoolss len: 160 >[2012/11/09 16:29:11.262804, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:11.262829, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.262850, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:11.262869, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:11.262889, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:11.262919, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:11.264112, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.264144, 3] smbd/process.c:1662(process_smb) > Transaction 26 of length 63 (0 toread) >[2012/11/09 16:29:11.264164, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.264175, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.264386, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.264410, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.264432, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.264500, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:11.264530, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:11.265567, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:11.265610, 3] smbd/process.c:1662(process_smb) > Transaction 27 of length 296 (0 toread) >[2012/11/09 16:29:11.265633, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.265644, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=225 >[2012/11/09 16:29:11.265875, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.265897, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.265920, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:11.265942, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.265960, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.265979, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.265998, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.266018, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:11.266042, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.266063, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:11.266084, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:11.266123, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.266164, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:11.266191, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:11.266249, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/11/09 16:29:11.266269, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.266308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.266346, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.266382, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.266409, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:11.266431, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.266456, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.266486, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.266508, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.266542, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.266566, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.266585, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.266615, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.266708, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.266760, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.266817, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.266861, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.266912, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.266958, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.266999, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.267039, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.267076, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.267124, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.267173, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.267224, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:11.267253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.267294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 9D 50 47 21 ....J... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.267333, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.267375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.267419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 9D 50 47 21 ....I... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.267457, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.267489, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.267520, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.267545, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:11.267572, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:11.267593, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.267604, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:11.273719, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:11.273794, 3] smbd/process.c:1662(process_smb) > Transaction 28 of length 148 (0 toread) >[2012/11/09 16:29:11.273815, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.273827, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=77 >[2012/11/09 16:29:11.274044, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.274066, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.274092, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2012/11/09 16:29:11.274114, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.274133, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.274159, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.274192, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.274229, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2012/11/09 16:29:11.274267, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.274306, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/11/09 16:29:11.274339, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fa2ea3e4850 >[2012/11/09 16:29:11.274371, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [0] > Info level [2] >[2012/11/09 16:29:11.274412, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.274447, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.274475, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:11.274501, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2012/11/09 16:29:11.274522, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.274533, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/11/09 16:29:11.275665, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:11.275697, 3] smbd/process.c:1662(process_smb) > Transaction 29 of length 148 (0 toread) >[2012/11/09 16:29:11.275718, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.275729, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=77 >[2012/11/09 16:29:11.275968, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.275990, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.276012, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2012/11/09 16:29:11.276033, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.276051, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.276070, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.276089, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.276109, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2012/11/09 16:29:11.276132, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.276154, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/11/09 16:29:11.276175, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fa2ea3e4850 >[2012/11/09 16:29:11.276196, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [0] > Info level [1] >[2012/11/09 16:29:11.276231, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.276271, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.276321, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.276349, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.276384, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.276408, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.276428, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.276485, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.276588, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.276651, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.276719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.276778, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.276801, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/11/09 16:29:11.276841, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.276864, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/11/09 16:29:11.276901, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.276924, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/11/09 16:29:11.276974, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.276997, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.277035, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Forms] >[2012/11/09 16:29:11.277076, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277136, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) > winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms >[2012/11/09 16:29:11.277167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277293, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 9D 50 47 21 ....L... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277332, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.277360, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 9D 50 47 21 ....K... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.277440, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.277583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.277624, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.277651, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 31741 >[2012/11/09 16:29:11.277696, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2012/11/09 16:29:11.277721, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.277733, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=49856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/11/09 16:29:11.279464, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:11.279505, 3] smbd/process.c:1662(process_smb) > Transaction 30 of length 4348 (0 toread) >[2012/11/09 16:29:11.279526, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.279537, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49920 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:11.279799, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.279823, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.279844, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2014 name: spoolss len: 4280 >[2012/11/09 16:29:11.279865, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:11.279896, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:11.281586, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:11.281628, 3] smbd/process.c:1662(process_smb) > Transaction 31 of length 4348 (0 toread) >[2012/11/09 16:29:11.281650, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.281662, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=49984 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:11.281887, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.281924, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.281946, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2014 name: spoolss len: 4280 >[2012/11/09 16:29:11.281967, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:11.281997, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:11.283143, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x440 >[2012/11/09 16:29:11.283176, 3] smbd/process.c:1662(process_smb) > Transaction 32 of length 1092 (0 toread) >[2012/11/09 16:29:11.283196, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.283208, 5] lib/util.c:342(show_msg) > size=1088 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1004 (0x3EC) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1004 (0x3EC) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=1021 >[2012/11/09 16:29:11.283421, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.283441, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.283465, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1004 params=0 setup=2 >[2012/11/09 16:29:11.283488, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.283506, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.283526, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.283545, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.283565, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1004 >[2012/11/09 16:29:11.283590, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.283623, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/11/09 16:29:11.283647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fa2ea3e4850 >[2012/11/09 16:29:11.283687, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [9456] > Info level [1] >[2012/11/09 16:29:11.283732, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.283758, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.283785, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.283807, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.283837, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.283870, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.283902, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.283923, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.284025, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.284100, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.284163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.284220, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.284245, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/11/09 16:29:11.284301, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.284330, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/11/09 16:29:11.284369, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.284401, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/11/09 16:29:11.284442, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:11.284493, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.284561, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Forms] >[2012/11/09 16:29:11.284636, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.284748, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) > winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms >[2012/11/09 16:29:11.284815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.284954, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.285059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 9D 50 47 21 ....N... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.285138, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.285182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.285227, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 9D 50 47 21 ....M... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.285266, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.285583, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.285640, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:11.285673, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/11/09 16:29:11.285697, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/11/09 16:29:11.285717, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/11/09 16:29:11.285738, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.285750, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/11/09 16:29:11.287075, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.287111, 3] smbd/process.c:1662(process_smb) > Transaction 33 of length 63 (0 toread) >[2012/11/09 16:29:11.287131, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.287142, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=50112 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3256 (0xCB8) > smb_vwv[ 6]= 3256 (0xCB8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3256 (0xCB8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.287329, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.287350, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.287372, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3256 >[2012/11/09 16:29:11.287399, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3256 max=3256 nread=3256 >[2012/11/09 16:29:11.288803, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.288847, 3] smbd/process.c:1662(process_smb) > Transaction 34 of length 63 (0 toread) >[2012/11/09 16:29:11.288870, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.288882, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=50176 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.289079, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.289100, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.289122, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.289152, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:11.290719, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:11.290775, 3] smbd/process.c:1662(process_smb) > Transaction 35 of length 63 (0 toread) >[2012/11/09 16:29:11.290800, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.290812, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=50240 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:11.291050, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.291075, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.291096, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.291124, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 31741 >[2012/11/09 16:29:11.291177, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=988 >[2012/11/09 16:29:11.306726, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2012/11/09 16:29:11.306826, 3] smbd/process.c:1662(process_smb) > Transaction 36 of length 176 (0 toread) >[2012/11/09 16:29:11.306859, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.306877, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50304 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=105 >[2012/11/09 16:29:11.307234, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.307275, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.307321, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2012/11/09 16:29:11.307365, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.307402, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.307440, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.307476, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.307514, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2012/11/09 16:29:11.307563, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.307605, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/11/09 16:29:11.307670, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 >[2012/11/09 16:29:11.307725, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.307807, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/11/09 16:29:11.307845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.307919, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.307962, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.308011, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.308065, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.308107, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.308160, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.308200, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.308236, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.308270, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.308413, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.308534, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.308644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.308729, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.308806, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.308875, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.308947, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.309016, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.309080, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.309161, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.309240, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:11.309325, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.309431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.309513, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:11.309572, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.309663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.309747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 9D 50 47 21 ....P... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.309824, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.309878, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.309959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 9D 50 47 21 ....O... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.310039, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.310099, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.310157, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.310205, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:11.310253, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) >[2012/11/09 16:29:11.310293, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.310315, 5] lib/util.c:342(show_msg) > size=1120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50304 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1064 (0x428) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1064 (0x428) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1065 >[2012/11/09 16:29:11.312328, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c0 >[2012/11/09 16:29:11.312409, 3] smbd/process.c:1662(process_smb) > Transaction 37 of length 2244 (0 toread) >[2012/11/09 16:29:11.312475, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.312503, 5] lib/util.c:342(show_msg) > size=2240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2156 (0x86C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2156 (0x86C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2173 >[2012/11/09 16:29:11.312884, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.312923, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.312966, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2156 params=0 setup=2 >[2012/11/09 16:29:11.313006, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:11.313042, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:11.313078, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:11.313114, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:11.313181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2156 >[2012/11/09 16:29:11.313228, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:11.313270, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 >[2012/11/09 16:29:11.313309, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[53].fn == 0x7fa2ea3e16c0 >[2012/11/09 16:29:11.313357, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) > _spoolss_GetPrinterDriver2 >[2012/11/09 16:29:11.313398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.313476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.313552, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:11.313592, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:11.313639, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:11.313692, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.313735, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.313787, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.313827, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.313863, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.313899, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.314031, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.314115, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.314218, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.314300, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.314376, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.314447, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.314518, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.314585, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.314659, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.314744, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.314827, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.314927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315183, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.315244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.315384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315464, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.315522, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.315677, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315783, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.315854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.315947, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316021, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316118, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316445, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316627, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316767, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.316906, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.316965, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317046, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317188, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317242, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317317, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317534, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317572, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317628, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317664, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317711, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317793, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.317868, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.317900, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.317949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.318022, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.318054, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.318112, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.318185, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.318274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.318349, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:11.318413, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:11.318475, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:11.318536, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:11.318604, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.318663, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:11.318736, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.318813, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.318909, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.318998, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.319033, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.319092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319146, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:11.319168, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:11.319205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319249, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 9D 50 47 21 ....T... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319288, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.319319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 9D 50 47 21 ....S... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319419, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.319450, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 9D 50 47 21 ....R... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319530, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.319561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319613, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 9D 50 47 21 ....Q... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.319661, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.319707, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/11/09 16:29:11.319750, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:11.319775, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.319812, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.319838, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.319858, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.319888, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.319993, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.320053, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320162, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/11/09 16:29:11.320203, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/11/09 16:29:11.320257, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/11/09 16:29:11.320315, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:11.320362, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Environments] >[2012/11/09 16:29:11.320412, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows x64] >[2012/11/09 16:29:11.320491, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Drivers] >[2012/11/09 16:29:11.320541, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Version-3] >[2012/11/09 16:29:11.320599, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:11.320655, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320802, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320849, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.320883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.320938, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.320975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321148, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321199, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321236, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321281, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321356, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321435, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321470, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321528, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321566, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321610, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321686, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321795, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321895, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.321928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.321972, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322007, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322061, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322097, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322147, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322183, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322226, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322301, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322334, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322382, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322461, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322494, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322551, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322637, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322715, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\yyyp0708] >[2012/11/09 16:29:11.322781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322842, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 9D 50 47 21 ....V... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322884, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.322915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 9D 50 47 21 ....U... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:11.322997, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:11.323039, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/11/09 16:29:11.323129, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:11.323170, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:11.323199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2323 >[2012/11/09 16:29:11.323231, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2096] (align 0) >[2012/11/09 16:29:11.323252, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.323265, 5] lib/util.c:342(show_msg) > size=2152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2096 (0x830) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2096 (0x830) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2097 >[2012/11/09 16:29:11.325274, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x68 >[2012/11/09 16:29:11.325311, 3] smbd/process.c:1662(process_smb) > Transaction 38 of length 108 (0 toread) >[2012/11/09 16:29:11.325331, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.325357, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50432 > smt_wct=15 > smb_vwv[ 0]= 36 (0x24) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 36 (0x24) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 16 (0x10) > smb_bcc=39 >[2012/11/09 16:29:11.325565, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:11.325587, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.325638, 3] smbd/msdfs.c:891(get_referred_path) > get_referred_path: |print$| in dfs path \yyyu0031\print$ is not a dfs root. >[2012/11/09 16:29:11.325674, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/trans2.c(8340) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND >[2012/11/09 16:29:11.325699, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.325711, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x32 > smb_rcls=37 > smb_reh=2 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=50432 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:11.326971, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/11/09 16:29:11.327020, 3] smbd/process.c:1662(process_smb) > Transaction 39 of length 90 (0 toread) >[2012/11/09 16:29:11.327051, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.327064, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=50496 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 86 (0x56) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=43 >[2012/11/09 16:29:11.327206, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 12629) conn 0x0 >[2012/11/09 16:29:11.327229, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.327248, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.327267, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.327300, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.327328, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [PRINT$] >[2012/11/09 16:29:11.327354, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service print$ >[2012/11/09 16:29:11.327377, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:11.327429, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user BROSE+pfoerfr >[2012/11/09 16:29:11.327456, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is brose+pfoerfr >[2012/11/09 16:29:11.327477, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [BROSE+pfoerfr]! >[2012/11/09 16:29:11.327507, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.327528, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.327547, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.327565, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.327583, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.327655, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.330863, 3] smbd/service.c:581(find_forced_group) > Forced group ntadmin >[2012/11/09 16:29:11.330926, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/var/lib/samba/drivers' for service [print$] >[2012/11/09 16:29:11.330973, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/11/09 16:29:11.330995, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/11/09 16:29:11.331026, 5] smbd/connection.c:134(claim_connection) > claiming [print$] >[2012/11/09 16:29:11.331102, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID @BROSE+YYY_CUPS_Printer_Admin is not in a valid format >[2012/11/09 16:29:11.331159, 5] auth/user_util.c:152(user_in_netgroup) > looking for user BROSE+pfoerfr of domain in netgroup BROSE+YYY_CUPS_Printer_Admin >[2012/11/09 16:29:11.331461, 5] auth/user_util.c:175(user_in_netgroup) > looking for user brose+pfoerfr of domain in netgroup BROSE+YYY_CUPS_Printer_Admin >[2012/11/09 16:29:11.333107, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 71 >[2012/11/09 16:29:11.333139, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.333160, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.333180, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:11.333199, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.333235, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.333299, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.333326, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.333347, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-22-2-71 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:11.340697, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 71 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:11.343688, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,71) >[2012/11/09 16:29:11.343723, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.343743, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:11.343761, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:11.343792, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:11.343827, 1] smbd/service.c:1114(make_connection_snum) > 10.129.108.68 (10.129.108.68) signed connect to service print$ initially as user BROSE+pfoerfr (uid=10000, gid=71) (pid 12629) >[2012/11/09 16:29:11.343858, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=PRINT$ >[2012/11/09 16:29:11.345575, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x58 >[2012/11/09 16:29:11.345624, 3] smbd/process.c:1662(process_smb) > Transaction 40 of length 92 (0 toread) >[2012/11/09 16:29:11.345645, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.345656, 5] lib/util.c:342(show_msg) > size=88 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50560 > smt_wct=15 > smb_vwv[ 0]= 20 (0x14) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 20 (0x14) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 5 (0x5) > smb_bcc=23 >[2012/11/09 16:29:11.345863, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:11.345902, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:11.345927, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-22-2-71 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:11.353214, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 71 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:11.356268, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,71) >[2012/11/09 16:29:11.356302, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/drivers >[2012/11/09 16:29:11.356334, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >[2012/11/09 16:29:11.356366, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3" >[2012/11/09 16:29:11.356393, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3, dirpath = , start = x64/3 >[2012/11/09 16:29:11.356421, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eacb2620:size 5) X64/3 -> x64/3 >[2012/11/09 16:29:11.356442, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3 -> x64/3 >[2012/11/09 16:29:11.356487, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:11.356522, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:11.356567, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3 (fnum = -1) level=1004 call=5 total_data=0 >[2012/11/09 16:29:11.356594, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1004 max_data=40 >[2012/11/09 16:29:11.356617, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3 >[2012/11/09 16:29:11.356637, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning d >[2012/11/09 16:29:11.356657, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning d >[2012/11/09 16:29:11.356682, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Tue Oct 30 11:28:16 2012 > access: Thu Nov 8 18:45:19 2012 > write: Tue Oct 30 11:28:16 2012 > change: Tue Oct 30 11:28:16 2012 > mode: 10 >[2012/11/09 16:29:11.356754, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/11/09 16:29:11.356774, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/11/09 16:29:11.356794, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.356805, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50560 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/11/09 16:29:11.358270, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x58 >[2012/11/09 16:29:11.358310, 3] smbd/process.c:1662(process_smb) > Transaction 41 of length 92 (0 toread) >[2012/11/09 16:29:11.358330, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.358341, 5] lib/util.c:342(show_msg) > size=88 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50624 > smt_wct=15 > smb_vwv[ 0]= 20 (0x14) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 20 (0x14) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 5 (0x5) > smb_bcc=23 >[2012/11/09 16:29:11.358549, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:11.358570, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.358591, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 >[2012/11/09 16:29:11.358641, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3" >[2012/11/09 16:29:11.358667, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:11.358693, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:11.358722, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3 (fnum = -1) level=1005 call=5 total_data=0 >[2012/11/09 16:29:11.358744, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1005 max_data=24 >[2012/11/09 16:29:11.358773, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3 >[2012/11/09 16:29:11.358802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning d >[2012/11/09 16:29:11.358824, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning d >[2012/11/09 16:29:11.358846, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:11.358867, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:11.358886, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.358897, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50624 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:11.360372, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/11/09 16:29:11.360405, 3] smbd/process.c:1662(process_smb) > Transaction 42 of length 124 (0 toread) >[2012/11/09 16:29:11.360425, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.360436, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50688 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/11/09 16:29:11.360667, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:11.360689, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.360716, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:11.360740, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/11/09 16:29:11.360764, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript5.dll, dirpath = x64/3, start = pscript5.dll >[2012/11/09 16:29:11.360787, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eacb2630:size 12) X64/3/PSCRIPT5.DLL -> x64/3/pscript5.dll >[2012/11/09 16:29:11.360807, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript5.dll -> x64/3/pscript5.dll >[2012/11/09 16:29:11.360827, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:11.360853, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll >[2012/11/09 16:29:11.360883, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/11/09 16:29:11.360907, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:11.360928, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:11.360952, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:11.360994, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:11.361017, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/11/09 16:29:11.361037, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:11.361064, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eacb9120 now at offset -1 >[2012/11/09 16:29:11.361089, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:11.361113, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:11.361133, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:11.361156, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/11/09 16:29:11.361200, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:11.361224, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:11.361255, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/11/09 16:29:11.361277, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/11/09 16:29:11.361297, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.361308, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50688 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/11/09 16:29:11.361488, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:11.371673, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/11/09 16:29:11.371750, 3] smbd/process.c:1662(process_smb) > Transaction 43 of length 128 (0 toread) >[2012/11/09 16:29:11.371772, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:11.371784, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50752 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=17408 (0x4400) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/11/09 16:29:11.372075, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:11.372099, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:11.372128, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/11/09 16:29:11.372177, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:11.372211, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll >[2012/11/09 16:29:11.372238, 5] smbd/files.c:140(file_new) > allocated file structure 4117, fnum = 8213 (3 used) >[2012/11/09 16:29:11.372266, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0664 >[2012/11/09 16:29:11.372287, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:11.372307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:11.372326, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:11.372374, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:11.372406, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) >[2012/11/09 16:29:11.372445, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) > linux_set_kernel_oplock: Refused oplock on file x64/3/pscript5.dll, fd = 32, file_id = fd02:e10:0. (Keine Berechtigung) >[2012/11/09 16:29:11.372767, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:11.372802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:11.372835, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.379623, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8213, open name = x64/3/pscript5.dll >[2012/11/09 16:29:16.380807, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.380852, 3] smbd/process.c:1662(process_smb) > Transaction 44 of length 76 (0 toread) >[2012/11/09 16:29:16.380874, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.380886, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50816 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.381637, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.381675, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.381703, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/11/09 16:29:16.381739, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8213) level=1006 call=7 total_data=0 >[2012/11/09 16:29:16.381762, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8213) level=1006 max_data=8 >[2012/11/09 16:29:16.381782, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.381802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.381821, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.381845, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/11/09 16:29:16.381865, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/11/09 16:29:16.381883, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.381894, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50816 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/11/09 16:29:16.383426, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.383462, 3] smbd/process.c:1662(process_smb) > Transaction 45 of length 76 (0 toread) >[2012/11/09 16:29:16.383482, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.383494, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50880 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.383732, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.383755, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.383775, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.383801, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8213) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.383823, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8213) level=1005 max_data=24 >[2012/11/09 16:29:16.383842, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.383861, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.383880, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.383902, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.383921, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.383940, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.383951, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50880 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.385607, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/11/09 16:29:16.385651, 3] smbd/process.c:1662(process_smb) > Transaction 46 of length 122 (0 toread) >[2012/11/09 16:29:16.385672, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.385683, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=50944 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=17408 (0x4400) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/11/09 16:29:16.385964, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.385986, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.386011, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/11/09 16:29:16.386036, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/ps5ui.dll, dirpath = x64/3, start = ps5ui.dll >[2012/11/09 16:29:16.386060, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eacb9bf0:size f) X64/3/PS5UI.DLL -> x64/3/ps5ui.dll >[2012/11/09 16:29:16.386079, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/ps5ui.dll -> x64/3/ps5ui.dll >[2012/11/09 16:29:16.386098, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.386127, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll >[2012/11/09 16:29:16.386151, 5] smbd/files.c:140(file_new) > allocated file structure 4118, fnum = 8214 (4 used) >[2012/11/09 16:29:16.386175, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0664 >[2012/11/09 16:29:16.386195, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.386214, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.386232, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.386265, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.386292, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=2) >[2012/11/09 16:29:16.386317, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) > linux_set_kernel_oplock: Refused oplock on file x64/3/ps5ui.dll, fd = 33, file_id = fd02:e12:0. (Keine Berechtigung) >[2012/11/09 16:29:16.386357, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.386379, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.386405, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.386475, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8214, open name = x64/3/ps5ui.dll >[2012/11/09 16:29:16.387482, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.387527, 3] smbd/process.c:1662(process_smb) > Transaction 47 of length 76 (0 toread) >[2012/11/09 16:29:16.387550, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.387561, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51008 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.387761, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.387780, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.387801, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/11/09 16:29:16.387827, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8214) level=1006 call=7 total_data=0 >[2012/11/09 16:29:16.387863, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8214) level=1006 max_data=8 >[2012/11/09 16:29:16.387886, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.387905, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.387924, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.387946, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/11/09 16:29:16.387965, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/11/09 16:29:16.387984, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.387995, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51008 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/11/09 16:29:16.389357, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.389401, 3] smbd/process.c:1662(process_smb) > Transaction 48 of length 76 (0 toread) >[2012/11/09 16:29:16.389433, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.389452, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51072 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.389757, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.389789, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.389821, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.389861, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8214) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.389896, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8214) level=1005 max_data=24 >[2012/11/09 16:29:16.389927, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.389958, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.389987, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.390021, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.390053, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.390083, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.390101, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51072 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.391811, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/11/09 16:29:16.391862, 3] smbd/process.c:1662(process_smb) > Transaction 49 of length 128 (0 toread) >[2012/11/09 16:29:16.391886, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.391897, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51136 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=17408 (0x4400) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/11/09 16:29:16.392157, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.392177, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.392200, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/yyyp0708.ppd" >[2012/11/09 16:29:16.392224, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/yyyp0708.ppd, dirpath = x64/3, start = yyyp0708.ppd >[2012/11/09 16:29:16.392250, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eaca50a0:size 12) X64/3/YYYP0708.PPD -> x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392271, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/yyyp0708.ppd -> x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392290, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/yyyp0708.ppd] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.392316, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/yyyp0708.ppd reduced to /var/lib/samba/drivers/x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392338, 5] smbd/files.c:140(file_new) > allocated file structure 4119, fnum = 8215 (5 used) >[2012/11/09 16:29:16.392361, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/yyyp0708.ppd) returning 0664 >[2012/11/09 16:29:16.392381, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392401, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.392419, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.392451, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.392502, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/yyyp0708.ppd read=Yes write=No (numopen=3) >[2012/11/09 16:29:16.392527, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) > linux_set_kernel_oplock: Refused oplock on file x64/3/yyyp0708.ppd, fd = 34, file_id = fd02:e18:0. (Keine Berechtigung) >[2012/11/09 16:29:16.392562, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392585, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.392604, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.392653, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8215, open name = x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.392691, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.392715, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.392734, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.392768, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:16.394151, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.394202, 3] smbd/process.c:1662(process_smb) > Transaction 50 of length 76 (0 toread) >[2012/11/09 16:29:16.394237, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.394258, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51200 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.394602, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.394645, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.394683, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-22-2-71 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:16.402020, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 71 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:16.405074, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,71) >[2012/11/09 16:29:16.405123, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/11/09 16:29:16.405164, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/yyyp0708.ppd (fnum = 8215) level=1006 call=7 total_data=0 >[2012/11/09 16:29:16.405188, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/yyyp0708.ppd (fnum = 8215) level=1006 max_data=8 >[2012/11/09 16:29:16.405208, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.405229, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.405248, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.405272, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/11/09 16:29:16.405292, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/11/09 16:29:16.405311, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.405322, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51200 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/11/09 16:29:16.406839, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.406891, 3] smbd/process.c:1662(process_smb) > Transaction 51 of length 76 (0 toread) >[2012/11/09 16:29:16.406920, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.406933, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51264 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.407195, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.407219, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.407240, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.407280, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/yyyp0708.ppd (fnum = 8215) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.407321, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/yyyp0708.ppd (fnum = 8215) level=1005 max_data=24 >[2012/11/09 16:29:16.407357, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.407395, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.407430, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.407456, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.407476, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.407495, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.407507, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51264 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.409231, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/11/09 16:29:16.409268, 3] smbd/process.c:1662(process_smb) > Transaction 52 of length 126 (0 toread) >[2012/11/09 16:29:16.409289, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.409301, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51328 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=17408 (0x4400) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/11/09 16:29:16.409625, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.409674, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.409723, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/11/09 16:29:16.409778, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript.hlp, dirpath = x64/3, start = pscript.hlp >[2012/11/09 16:29:16.409839, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eaccf5f0:size 11) X64/3/PSCRIPT.HLP -> x64/3/pscript.hlp >[2012/11/09 16:29:16.409882, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript.hlp -> x64/3/pscript.hlp >[2012/11/09 16:29:16.409916, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.409961, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/drivers/x64/3/pscript.hlp >[2012/11/09 16:29:16.409999, 5] smbd/files.c:140(file_new) > allocated file structure 4120, fnum = 8216 (6 used) >[2012/11/09 16:29:16.410042, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.hlp) returning 0664 >[2012/11/09 16:29:16.410081, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/11/09 16:29:16.410136, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.410175, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.410236, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.410287, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) >[2012/11/09 16:29:16.410328, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) > linux_set_kernel_oplock: Refused oplock on file x64/3/pscript.hlp, fd = 35, file_id = fd02:e13:0. (Keine Berechtigung) >[2012/11/09 16:29:16.410372, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/11/09 16:29:16.410396, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.410415, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.410471, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8216, open name = x64/3/pscript.hlp >[2012/11/09 16:29:16.411387, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.411430, 3] smbd/process.c:1662(process_smb) > Transaction 53 of length 76 (0 toread) >[2012/11/09 16:29:16.411468, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.411483, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51392 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.411767, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.411808, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.411847, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/11/09 16:29:16.411884, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 8216) level=1006 call=7 total_data=0 >[2012/11/09 16:29:16.411907, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 8216) level=1006 max_data=8 >[2012/11/09 16:29:16.411928, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/11/09 16:29:16.411948, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.411967, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.411990, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/11/09 16:29:16.412010, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/11/09 16:29:16.412029, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.412048, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51392 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/11/09 16:29:16.413189, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.413222, 3] smbd/process.c:1662(process_smb) > Transaction 54 of length 76 (0 toread) >[2012/11/09 16:29:16.413242, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.413268, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51456 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.413477, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.413498, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.413519, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.413545, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 8216) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.413568, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 8216) level=1005 max_data=24 >[2012/11/09 16:29:16.413588, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/11/09 16:29:16.413607, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.413630, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.413672, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.413710, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.413747, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.413770, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51456 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.415155, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/11/09 16:29:16.415187, 3] smbd/process.c:1662(process_smb) > Transaction 55 of length 126 (0 toread) >[2012/11/09 16:29:16.415208, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.415219, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51520 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=17408 (0x4400) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/11/09 16:29:16.415506, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.415543, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.415581, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/11/09 16:29:16.415641, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript.ntf, dirpath = x64/3, start = pscript.ntf >[2012/11/09 16:29:16.415691, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fa2eacd1660:size 11) X64/3/PSCRIPT.NTF -> x64/3/pscript.ntf >[2012/11/09 16:29:16.415718, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript.ntf -> x64/3/pscript.ntf >[2012/11/09 16:29:16.415753, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.415785, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/drivers/x64/3/pscript.ntf >[2012/11/09 16:29:16.415824, 5] smbd/files.c:140(file_new) > allocated file structure 4121, fnum = 8217 (7 used) >[2012/11/09 16:29:16.415857, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.ntf) returning 0664 >[2012/11/09 16:29:16.415879, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/11/09 16:29:16.415898, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.415918, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.415954, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.415989, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) >[2012/11/09 16:29:16.416019, 3] smbd/oplock_linux.c:135(linux_set_kernel_oplock) > linux_set_kernel_oplock: Refused oplock on file x64/3/pscript.ntf, fd = 36, file_id = fd02:e14:0. (Keine Berechtigung) >[2012/11/09 16:29:16.416066, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/11/09 16:29:16.416091, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.416110, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.416157, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8217, open name = x64/3/pscript.ntf >[2012/11/09 16:29:16.416914, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.416946, 3] smbd/process.c:1662(process_smb) > Transaction 56 of length 76 (0 toread) >[2012/11/09 16:29:16.416966, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.416977, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51584 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.417204, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.417227, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.417247, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/11/09 16:29:16.417278, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 8217) level=1006 call=7 total_data=0 >[2012/11/09 16:29:16.417306, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 8217) level=1006 max_data=8 >[2012/11/09 16:29:16.417326, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/11/09 16:29:16.417345, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.417366, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.417401, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/11/09 16:29:16.417436, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/11/09 16:29:16.417458, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.417470, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51584 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/11/09 16:29:16.418618, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.418651, 3] smbd/process.c:1662(process_smb) > Transaction 57 of length 76 (0 toread) >[2012/11/09 16:29:16.418671, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.418684, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51648 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.418910, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.418933, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.418954, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.418980, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 8217) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.419003, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 8217) level=1005 max_data=24 >[2012/11/09 16:29:16.419023, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/11/09 16:29:16.419042, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.419061, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.419084, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.419113, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.419134, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.419146, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51648 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.421012, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/11/09 16:29:16.421059, 3] smbd/process.c:1662(process_smb) > Transaction 58 of length 128 (0 toread) >[2012/11/09 16:29:16.421093, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.421107, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51712 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/11/09 16:29:16.421451, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.421490, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.421527, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/11/09 16:29:16.421563, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.421607, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll >[2012/11/09 16:29:16.421643, 5] smbd/files.c:140(file_new) > allocated file structure 4122, fnum = 8218 (8 used) >[2012/11/09 16:29:16.421678, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0664 >[2012/11/09 16:29:16.421710, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.421740, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.421769, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.421807, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.421849, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=6) >[2012/11/09 16:29:16.421886, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript5.dll, fd02:e10:0/2976701240, tv_sec = 509d214c, tv_usec = 66f0a >[2012/11/09 16:29:16.421939, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.421973, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.422003, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.422064, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8218, open name = x64/3/pscript5.dll >[2012/11/09 16:29:16.423126, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.423166, 3] smbd/process.c:1662(process_smb) > Transaction 59 of length 76 (0 toread) >[2012/11/09 16:29:16.423197, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.423214, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51776 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.423526, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.423559, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.423591, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.423641, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8218) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.423677, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8218) level=1005 max_data=24 >[2012/11/09 16:29:16.423721, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.423756, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.423786, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.423820, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.423852, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.423882, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.423900, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=51776 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.425008, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.425045, 3] smbd/process.c:1662(process_smb) > Transaction 60 of length 63 (0 toread) >[2012/11/09 16:29:16.425065, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.425077, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=51840 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8218 (0x201A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.425341, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.425389, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.425450, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 37 0 4096 0 >[2012/11/09 16:29:16.425519, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=37 offset=0 count=4096 type=0 >[2012/11/09 16:29:16.425563, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 37 is returned info 2 pid 0 >[2012/11/09 16:29:16.425598, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.425672, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8218 max=4096 nread=4096 >[2012/11/09 16:29:16.427093, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.427146, 3] smbd/process.c:1662(process_smb) > Transaction 61 of length 63 (0 toread) >[2012/11/09 16:29:16.427181, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.427200, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=51904 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8213 (0x2015) > smb_vwv[ 3]=35328 (0x8A00) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]= 5120 (0x1400) > smb_vwv[ 6]= 5120 (0x1400) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 5120 (0x1400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.427489, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.427527, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.427570, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 32 625152 5120 0 >[2012/11/09 16:29:16.427610, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=32 offset=625152 count=5120 type=0 >[2012/11/09 16:29:16.427669, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 32 is returned info 2 pid 0 >[2012/11/09 16:29:16.427710, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.427749, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8213 max=5120 nread=5120 >[2012/11/09 16:29:16.429333, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.429382, 3] smbd/process.c:1662(process_smb) > Transaction 62 of length 45 (0 toread) >[2012/11/09 16:29:16.429420, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.429439, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=51968 > smt_wct=3 > smb_vwv[ 0]= 8218 (0x201A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.429594, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.429617, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.429647, 3] smbd/reply.c:4848(reply_close) > close fd=37 fnum=8218 (numopen=6) >[2012/11/09 16:29:16.429686, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.429784, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=5) NT_STATUS_OK >[2012/11/09 16:29:16.429826, 5] smbd/files.c:482(file_free) > freed files structure 8218 (7 used) >[2012/11/09 16:29:16.429860, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.429884, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=51968 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.431082, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.431127, 3] smbd/process.c:1662(process_smb) > Transaction 63 of length 63 (0 toread) >[2012/11/09 16:29:16.431164, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.431180, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=52032 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8213 (0x2015) > smb_vwv[ 3]=34816 (0x8800) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.431397, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.431425, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.431450, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 32 428032 16384 0 >[2012/11/09 16:29:16.431474, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=32 offset=428032 count=16384 type=0 >[2012/11/09 16:29:16.431496, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 32 is returned info 2 pid 0 >[2012/11/09 16:29:16.431516, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.431543, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8213 max=16384 nread=16384 >[2012/11/09 16:29:16.434170, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:16.434211, 3] smbd/process.c:1662(process_smb) > Transaction 64 of length 148 (0 toread) >[2012/11/09 16:29:16.434232, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.434244, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52096 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=14848 (0x3A00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=61 >[2012/11/09 16:29:16.434643, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.434667, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.434693, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de-DE/pscript5.dll.mui" >[2012/11/09 16:29:16.434721, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de-DE/pscript5.dll.mui, dirpath = x64/3, start = de-DE/pscript5.dll.mui >[2012/11/09 16:29:16.434789, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de-DE >[2012/11/09 16:29:16.434817, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.434842, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.434854, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52096 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.436371, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.436414, 3] smbd/process.c:1662(process_smb) > Transaction 65 of length 142 (0 toread) >[2012/11/09 16:29:16.436444, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.436487, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52160 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.436891, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.436922, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.436954, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de/pscript5.dll.mui" >[2012/11/09 16:29:16.436988, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de/pscript5.dll.mui, dirpath = x64/3, start = de/pscript5.dll.mui >[2012/11/09 16:29:16.437042, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de >[2012/11/09 16:29:16.437076, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.437106, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.437123, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52160 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.438593, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:16.438640, 3] smbd/process.c:1662(process_smb) > Transaction 66 of length 148 (0 toread) >[2012/11/09 16:29:16.438676, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.438689, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52224 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=14848 (0x3A00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=61 >[2012/11/09 16:29:16.438960, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.438980, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.439003, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en-US/pscript5.dll.mui" >[2012/11/09 16:29:16.439027, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en-US/pscript5.dll.mui, dirpath = x64/3, start = en-US/pscript5.dll.mui >[2012/11/09 16:29:16.439062, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en-US >[2012/11/09 16:29:16.439085, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.439106, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.439117, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52224 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.440597, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.440634, 3] smbd/process.c:1662(process_smb) > Transaction 67 of length 142 (0 toread) >[2012/11/09 16:29:16.440674, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.440694, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52288 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.441102, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.441140, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.441186, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en/pscript5.dll.mui" >[2012/11/09 16:29:16.441237, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en/pscript5.dll.mui, dirpath = x64/3, start = en/pscript5.dll.mui >[2012/11/09 16:29:16.441320, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en >[2012/11/09 16:29:16.441362, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.441397, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.441420, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52288 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.444611, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/11/09 16:29:16.444687, 3] smbd/process.c:1662(process_smb) > Transaction 68 of length 128 (0 toread) >[2012/11/09 16:29:16.444724, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.444738, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52352 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/11/09 16:29:16.445032, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.445055, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.445093, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/11/09 16:29:16.445147, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.445195, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll >[2012/11/09 16:29:16.445232, 5] smbd/files.c:140(file_new) > allocated file structure 4123, fnum = 8219 (8 used) >[2012/11/09 16:29:16.445262, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0664 >[2012/11/09 16:29:16.445283, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.445302, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.445322, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.445361, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.445391, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/pscript5.dll read=Yes write=No (numopen=6) >[2012/11/09 16:29:16.445432, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript5.dll, fd02:e10:0/2976701241, tv_sec = 509d214c, tv_usec = 6cb2f >[2012/11/09 16:29:16.445486, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.445516, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.445545, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.445607, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8219, open name = x64/3/pscript5.dll >[2012/11/09 16:29:16.446831, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.446869, 3] smbd/process.c:1662(process_smb) > Transaction 69 of length 76 (0 toread) >[2012/11/09 16:29:16.446889, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.446901, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52416 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.447152, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.447175, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.447198, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.447228, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 8219) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.447251, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 8219) level=1005 max_data=24 >[2012/11/09 16:29:16.447271, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.447291, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.447310, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.447335, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.447355, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.447374, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.447385, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52416 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.448548, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.448581, 3] smbd/process.c:1662(process_smb) > Transaction 70 of length 63 (0 toread) >[2012/11/09 16:29:16.448600, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.448611, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=52480 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8219 (0x201B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.448795, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.448815, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.448840, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 37 0 4096 0 >[2012/11/09 16:29:16.448866, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=37 offset=0 count=4096 type=0 >[2012/11/09 16:29:16.448887, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 37 is returned info 2 pid 0 >[2012/11/09 16:29:16.448906, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.448930, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8219 max=4096 nread=4096 >[2012/11/09 16:29:16.450635, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.450685, 3] smbd/process.c:1662(process_smb) > Transaction 71 of length 63 (0 toread) >[2012/11/09 16:29:16.450719, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.450738, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=52544 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8219 (0x201B) > smb_vwv[ 3]=35328 (0x8A00) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]= 5120 (0x1400) > smb_vwv[ 6]= 5120 (0x1400) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 5120 (0x1400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.451040, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.451064, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.451089, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 37 625152 5120 0 >[2012/11/09 16:29:16.451113, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=37 offset=625152 count=5120 type=0 >[2012/11/09 16:29:16.451153, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 37 is returned info 2 pid 0 >[2012/11/09 16:29:16.451175, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.451199, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8219 max=5120 nread=5120 >[2012/11/09 16:29:16.453368, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.453411, 3] smbd/process.c:1662(process_smb) > Transaction 72 of length 63 (0 toread) >[2012/11/09 16:29:16.453440, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.453452, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=52608 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8219 (0x201B) > smb_vwv[ 3]=34816 (0x8800) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.453653, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.453683, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.453708, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 37 428032 16384 0 >[2012/11/09 16:29:16.453733, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=37 offset=428032 count=16384 type=0 >[2012/11/09 16:29:16.453754, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 37 is returned info 2 pid 0 >[2012/11/09 16:29:16.453774, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.453801, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8219 max=16384 nread=16384 >[2012/11/09 16:29:16.457099, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:16.457160, 3] smbd/process.c:1662(process_smb) > Transaction 73 of length 148 (0 toread) >[2012/11/09 16:29:16.457181, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.457192, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52672 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=14848 (0x3A00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=61 >[2012/11/09 16:29:16.457455, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.457499, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.457526, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de-DE/pscript5.dll.mui" >[2012/11/09 16:29:16.457554, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de-DE/pscript5.dll.mui, dirpath = x64/3, start = de-DE/pscript5.dll.mui >[2012/11/09 16:29:16.457600, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de-DE >[2012/11/09 16:29:16.457624, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.457645, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.457655, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52672 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.459303, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.459346, 3] smbd/process.c:1662(process_smb) > Transaction 74 of length 142 (0 toread) >[2012/11/09 16:29:16.459366, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.459377, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52736 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.459639, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.459659, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.459681, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de/pscript5.dll.mui" >[2012/11/09 16:29:16.459705, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de/pscript5.dll.mui, dirpath = x64/3, start = de/pscript5.dll.mui >[2012/11/09 16:29:16.459742, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de >[2012/11/09 16:29:16.459778, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.459800, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.459811, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52736 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.461341, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/11/09 16:29:16.461376, 3] smbd/process.c:1662(process_smb) > Transaction 75 of length 148 (0 toread) >[2012/11/09 16:29:16.461396, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.461407, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52800 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=14848 (0x3A00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=61 >[2012/11/09 16:29:16.461687, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.461724, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.461757, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en-US/pscript5.dll.mui" >[2012/11/09 16:29:16.461782, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en-US/pscript5.dll.mui, dirpath = x64/3, start = en-US/pscript5.dll.mui >[2012/11/09 16:29:16.461819, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en-US >[2012/11/09 16:29:16.461843, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.461863, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.461873, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52800 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.463371, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.463417, 3] smbd/process.c:1662(process_smb) > Transaction 76 of length 142 (0 toread) >[2012/11/09 16:29:16.463439, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.463450, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52864 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.463714, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.463734, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.463756, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en/pscript5.dll.mui" >[2012/11/09 16:29:16.463781, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en/pscript5.dll.mui, dirpath = x64/3, start = en/pscript5.dll.mui >[2012/11/09 16:29:16.463818, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en >[2012/11/09 16:29:16.463842, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.463862, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.463872, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52864 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.465945, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.466003, 3] smbd/process.c:1662(process_smb) > Transaction 77 of length 63 (0 toread) >[2012/11/09 16:29:16.466042, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.466064, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=52928 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8219 (0x201B) > smb_vwv[ 3]=51200 (0xC800) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.466392, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.466429, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.466473, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 37 444416 16384 0 >[2012/11/09 16:29:16.466518, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=37 offset=444416 count=16384 type=0 >[2012/11/09 16:29:16.466559, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 37 is returned info 2 pid 0 >[2012/11/09 16:29:16.466598, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.466653, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8219 max=16384 nread=16384 >[2012/11/09 16:29:16.470740, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/11/09 16:29:16.470802, 3] smbd/process.c:1662(process_smb) > Transaction 78 of length 122 (0 toread) >[2012/11/09 16:29:16.470823, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.470834, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=52992 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/11/09 16:29:16.471114, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.471136, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.471162, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/11/09 16:29:16.471190, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.471220, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll >[2012/11/09 16:29:16.471244, 5] smbd/files.c:140(file_new) > allocated file structure 4124, fnum = 8220 (9 used) >[2012/11/09 16:29:16.471268, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0664 >[2012/11/09 16:29:16.471288, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.471307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.471326, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.471363, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.471394, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=7) >[2012/11/09 16:29:16.471415, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/ps5ui.dll, fd02:e12:0/2976701242, tv_sec = 509d214c, tv_usec = 730cb >[2012/11/09 16:29:16.471457, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.471484, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.471523, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.471582, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8220, open name = x64/3/ps5ui.dll >[2012/11/09 16:29:16.473028, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.473077, 3] smbd/process.c:1662(process_smb) > Transaction 79 of length 76 (0 toread) >[2012/11/09 16:29:16.473097, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.473108, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53056 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.473306, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.473327, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.473349, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.473380, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8220) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.473423, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8220) level=1005 max_data=24 >[2012/11/09 16:29:16.473452, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.473473, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.473491, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.473515, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.473548, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.473571, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.473588, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53056 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.474891, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.474938, 3] smbd/process.c:1662(process_smb) > Transaction 80 of length 63 (0 toread) >[2012/11/09 16:29:16.474971, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.474990, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53120 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8220 (0x201C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.475256, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.475287, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.475325, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 38 0 4096 0 >[2012/11/09 16:29:16.475376, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=38 offset=0 count=4096 type=0 >[2012/11/09 16:29:16.475399, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 38 is returned info 2 pid 0 >[2012/11/09 16:29:16.475418, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.475451, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8220 max=4096 nread=4096 >[2012/11/09 16:29:16.482135, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.482216, 3] smbd/process.c:1662(process_smb) > Transaction 81 of length 63 (0 toread) >[2012/11/09 16:29:16.482244, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.482257, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53184 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8214 (0x2016) > smb_vwv[ 3]=56832 (0xDE00) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]= 4608 (0x1200) > smb_vwv[ 6]= 4608 (0x1200) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4608 (0x1200) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.482437, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.482458, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.482485, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 33 843264 4608 0 >[2012/11/09 16:29:16.482511, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=33 offset=843264 count=4608 type=0 >[2012/11/09 16:29:16.482533, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 33 is returned info 2 pid 0 >[2012/11/09 16:29:16.482552, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.482577, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8214 max=4608 nread=4608 >[2012/11/09 16:29:16.484727, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.484787, 3] smbd/process.c:1662(process_smb) > Transaction 82 of length 45 (0 toread) >[2012/11/09 16:29:16.484826, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.484847, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53248 > smt_wct=3 > smb_vwv[ 0]= 8220 (0x201C) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.485054, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.485094, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.485135, 3] smbd/reply.c:4848(reply_close) > close fd=38 fnum=8220 (numopen=7) >[2012/11/09 16:29:16.485173, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.485263, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=6) NT_STATUS_OK >[2012/11/09 16:29:16.485302, 5] smbd/files.c:482(file_free) > freed files structure 8220 (8 used) >[2012/11/09 16:29:16.485332, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.485350, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53248 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.486844, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.486882, 3] smbd/process.c:1662(process_smb) > Transaction 83 of length 63 (0 toread) >[2012/11/09 16:29:16.486902, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.486913, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53312 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8214 (0x2016) > smb_vwv[ 3]=35840 (0x8C00) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.487121, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.487146, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.487190, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 33 560128 16384 0 >[2012/11/09 16:29:16.487231, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=33 offset=560128 count=16384 type=0 >[2012/11/09 16:29:16.487263, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 33 is returned info 2 pid 0 >[2012/11/09 16:29:16.487290, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.487331, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8214 max=16384 nread=16384 >[2012/11/09 16:29:16.490902, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.490979, 3] smbd/process.c:1662(process_smb) > Transaction 84 of length 142 (0 toread) >[2012/11/09 16:29:16.491008, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.491024, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53376 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.491389, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.491417, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.491452, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de-DE/ps5ui.dll.mui" >[2012/11/09 16:29:16.491488, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de-DE/ps5ui.dll.mui, dirpath = x64/3, start = de-DE/ps5ui.dll.mui >[2012/11/09 16:29:16.491545, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de-DE >[2012/11/09 16:29:16.491582, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.491613, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.491632, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53376 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.493195, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x84 >[2012/11/09 16:29:16.493250, 3] smbd/process.c:1662(process_smb) > Transaction 85 of length 136 (0 toread) >[2012/11/09 16:29:16.493285, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.493306, 5] lib/util.c:342(show_msg) > size=132 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53440 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=11776 (0x2E00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:16.493761, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.493799, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.493834, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de/ps5ui.dll.mui" >[2012/11/09 16:29:16.493880, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de/ps5ui.dll.mui, dirpath = x64/3, start = de/ps5ui.dll.mui >[2012/11/09 16:29:16.493941, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de >[2012/11/09 16:29:16.493969, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.493993, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.494015, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53440 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.495506, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.495559, 3] smbd/process.c:1662(process_smb) > Transaction 86 of length 142 (0 toread) >[2012/11/09 16:29:16.495597, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.495631, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53504 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.496081, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.496117, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.496153, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en-US/ps5ui.dll.mui" >[2012/11/09 16:29:16.496197, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en-US/ps5ui.dll.mui, dirpath = x64/3, start = en-US/ps5ui.dll.mui >[2012/11/09 16:29:16.496257, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en-US >[2012/11/09 16:29:16.496299, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.496337, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.496357, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53504 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.497946, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x84 >[2012/11/09 16:29:16.497998, 3] smbd/process.c:1662(process_smb) > Transaction 87 of length 136 (0 toread) >[2012/11/09 16:29:16.498037, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.498079, 5] lib/util.c:342(show_msg) > size=132 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53568 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=11776 (0x2E00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:16.498526, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.498563, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.498605, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en/ps5ui.dll.mui" >[2012/11/09 16:29:16.498662, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en/ps5ui.dll.mui, dirpath = x64/3, start = en/ps5ui.dll.mui >[2012/11/09 16:29:16.498726, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en >[2012/11/09 16:29:16.498764, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.498799, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.498819, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53568 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.500705, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.500761, 3] smbd/process.c:1662(process_smb) > Transaction 88 of length 63 (0 toread) >[2012/11/09 16:29:16.500795, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.500817, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53632 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8214 (0x2016) > smb_vwv[ 3]=35840 (0x8C00) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.501122, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.501159, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.501199, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 33 822272 16384 0 >[2012/11/09 16:29:16.501246, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=33 offset=822272 count=16384 type=0 >[2012/11/09 16:29:16.501291, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 33 is returned info 2 pid 0 >[2012/11/09 16:29:16.501328, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.501381, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8214 max=16384 nread=16384 >[2012/11/09 16:29:16.505702, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/11/09 16:29:16.505790, 3] smbd/process.c:1662(process_smb) > Transaction 89 of length 122 (0 toread) >[2012/11/09 16:29:16.505830, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.505851, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53696 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/11/09 16:29:16.506328, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.506364, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.506407, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/11/09 16:29:16.506458, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.506514, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll >[2012/11/09 16:29:16.506555, 5] smbd/files.c:140(file_new) > allocated file structure 4125, fnum = 8221 (9 used) >[2012/11/09 16:29:16.506596, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0664 >[2012/11/09 16:29:16.506633, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.506667, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.506700, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.506760, 4] smbd/open.c:2065(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0664, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/11/09 16:29:16.506814, 2] smbd/open.c:704(open_file) > BROSE+pfoerfr opened file x64/3/ps5ui.dll read=Yes write=No (numopen=7) >[2012/11/09 16:29:16.506853, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/ps5ui.dll, fd02:e12:0/2976701243, tv_sec = 509d214c, tv_usec = 7baba >[2012/11/09 16:29:16.506904, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.506940, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.506973, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.507059, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 8221, open name = x64/3/ps5ui.dll >[2012/11/09 16:29:16.508510, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:16.508561, 3] smbd/process.c:1662(process_smb) > Transaction 90 of length 76 (0 toread) >[2012/11/09 16:29:16.508596, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.508616, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53760 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:16.508952, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.508988, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.509023, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/11/09 16:29:16.509070, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 8221) level=1005 call=7 total_data=0 >[2012/11/09 16:29:16.509135, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 8221) level=1005 max_data=24 >[2012/11/09 16:29:16.509176, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.509211, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.509244, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.509282, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:16.509316, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:16.509349, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.509367, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=53760 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:16.510648, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.510693, 3] smbd/process.c:1662(process_smb) > Transaction 91 of length 63 (0 toread) >[2012/11/09 16:29:16.510713, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.510724, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53824 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8221 (0x201D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.510933, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.510959, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.510985, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 38 0 4096 0 >[2012/11/09 16:29:16.511010, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=38 offset=0 count=4096 type=0 >[2012/11/09 16:29:16.511031, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 38 is returned info 2 pid 0 >[2012/11/09 16:29:16.511050, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.511073, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8221 max=4096 nread=4096 >[2012/11/09 16:29:16.512647, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.512703, 3] smbd/process.c:1662(process_smb) > Transaction 92 of length 63 (0 toread) >[2012/11/09 16:29:16.512737, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.512758, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53888 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8221 (0x201D) > smb_vwv[ 3]=56832 (0xDE00) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]= 4608 (0x1200) > smb_vwv[ 6]= 4608 (0x1200) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4608 (0x1200) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.513044, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.513079, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.513114, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 38 843264 4608 0 >[2012/11/09 16:29:16.513180, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=38 offset=843264 count=4608 type=0 >[2012/11/09 16:29:16.513220, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 38 is returned info 2 pid 0 >[2012/11/09 16:29:16.513296, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.513334, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8221 max=4608 nread=4608 >[2012/11/09 16:29:16.515539, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.515582, 3] smbd/process.c:1662(process_smb) > Transaction 93 of length 63 (0 toread) >[2012/11/09 16:29:16.515611, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.515663, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=53952 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8221 (0x201D) > smb_vwv[ 3]=35840 (0x8C00) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.515878, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.515912, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.515952, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 38 560128 16384 0 >[2012/11/09 16:29:16.515991, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=38 offset=560128 count=16384 type=0 >[2012/11/09 16:29:16.516034, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 38 is returned info 2 pid 0 >[2012/11/09 16:29:16.516074, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.516120, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8221 max=16384 nread=16384 >[2012/11/09 16:29:16.519462, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.519525, 3] smbd/process.c:1662(process_smb) > Transaction 94 of length 142 (0 toread) >[2012/11/09 16:29:16.519547, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.519559, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54016 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.519836, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.519858, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.519886, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de-DE/ps5ui.dll.mui" >[2012/11/09 16:29:16.519915, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de-DE/ps5ui.dll.mui, dirpath = x64/3, start = de-DE/ps5ui.dll.mui >[2012/11/09 16:29:16.519967, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de-DE >[2012/11/09 16:29:16.519992, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.520014, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.520045, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54016 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.523137, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x84 >[2012/11/09 16:29:16.523208, 3] smbd/process.c:1662(process_smb) > Transaction 95 of length 136 (0 toread) >[2012/11/09 16:29:16.523233, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.523244, 5] lib/util.c:342(show_msg) > size=132 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54080 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=11776 (0x2E00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:16.523552, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.523575, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.523598, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/de/ps5ui.dll.mui" >[2012/11/09 16:29:16.523624, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/de/ps5ui.dll.mui, dirpath = x64/3, start = de/ps5ui.dll.mui >[2012/11/09 16:29:16.523666, 5] smbd/filename.c:675(unix_convert) > Intermediate not found de >[2012/11/09 16:29:16.523690, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.523710, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.523721, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54080 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.525324, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8a >[2012/11/09 16:29:16.525372, 3] smbd/process.c:1662(process_smb) > Transaction 96 of length 142 (0 toread) >[2012/11/09 16:29:16.525401, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.525417, 5] lib/util.c:342(show_msg) > size=138 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54144 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=13312 (0x3400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=55 >[2012/11/09 16:29:16.525809, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.525839, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.525871, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en-US/ps5ui.dll.mui" >[2012/11/09 16:29:16.525906, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en-US/ps5ui.dll.mui, dirpath = x64/3, start = en-US/ps5ui.dll.mui >[2012/11/09 16:29:16.525977, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en-US >[2012/11/09 16:29:16.526011, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.526041, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.526058, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54144 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.527482, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x84 >[2012/11/09 16:29:16.527530, 3] smbd/process.c:1662(process_smb) > Transaction 97 of length 136 (0 toread) >[2012/11/09 16:29:16.527562, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.527578, 5] lib/util.c:342(show_msg) > size=132 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54208 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=11776 (0x2E00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:16.527971, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.528007, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.528047, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/en/ps5ui.dll.mui" >[2012/11/09 16:29:16.528089, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/en/ps5ui.dll.mui, dirpath = x64/3, start = en/ps5ui.dll.mui >[2012/11/09 16:29:16.528149, 5] smbd/filename.c:675(unix_convert) > Intermediate not found en >[2012/11/09 16:29:16.528186, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(552) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND >[2012/11/09 16:29:16.528221, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.528243, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa2 > smb_rcls=58 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54208 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.530134, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.530182, 3] smbd/process.c:1662(process_smb) > Transaction 98 of length 63 (0 toread) >[2012/11/09 16:29:16.530218, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.530239, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59415 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54272 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8221 (0x201D) > smb_vwv[ 3]=35840 (0x8C00) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]=16384 (0x4000) > smb_vwv[ 6]=16384 (0x4000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=16384 (0x4000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.530553, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.530592, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.530645, 8] locking/posix.c:254(posix_fcntl_getlock) > posix_fcntl_getlock 38 822272 16384 0 >[2012/11/09 16:29:16.530690, 8] lib/util.c:1474(fcntl_getlock) > fcntl_getlock fd=38 offset=822272 count=16384 type=0 >[2012/11/09 16:29:16.530773, 3] lib/util.c:1498(fcntl_getlock) > fcntl_getlock: fd 38 is returned info 2 pid 0 >[2012/11/09 16:29:16.530813, 8] locking/posix.c:284(posix_fcntl_getlock) > posix_fcntl_getlock: Lock query call successful >[2012/11/09 16:29:16.530862, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=8221 max=16384 nread=16384 >[2012/11/09 16:29:16.535101, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/11/09 16:29:16.535157, 3] smbd/process.c:1662(process_smb) > Transaction 99 of length 124 (0 toread) >[2012/11/09 16:29:16.535177, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.535189, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54336 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/11/09 16:29:16.535389, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.535409, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.535435, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:16.535461, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/11/09 16:29:16.535508, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.535559, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/drivers/x64/3/pscript5.dll >[2012/11/09 16:29:16.535590, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/11/09 16:29:16.535643, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:16.535683, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.535727, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:16.535775, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:16.535810, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/11/09 16:29:16.535840, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:16.535879, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 >[2012/11/09 16:29:16.535921, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/11/09 16:29:16.535960, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.535992, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.536041, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/11/09 16:29:16.536088, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:16.536125, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:16.536167, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/11/09 16:29:16.536202, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/11/09 16:29:16.536240, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.536284, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54336 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/11/09 16:29:16.536647, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:16.536684, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.536707, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.536726, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.536762, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:16.539486, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x72 >[2012/11/09 16:29:16.539543, 3] smbd/process.c:1662(process_smb) > Transaction 100 of length 118 (0 toread) >[2012/11/09 16:29:16.539577, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.539598, 5] lib/util.c:342(show_msg) > size=114 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54400 > smt_wct=15 > smb_vwv[ 0]= 46 (0x2E) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 46 (0x2E) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=49 >[2012/11/09 16:29:16.539937, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.539975, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 71) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.540011, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-22-2-71 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:16.549887, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 71 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:16.553827, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,71) >[2012/11/09 16:29:16.553883, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:16.553932, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/11/09 16:29:16.553981, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.554017, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/drivers/x64/3/ps5ui.dll >[2012/11/09 16:29:16.554037, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = ps5ui.dll >[2012/11/09 16:29:16.554057, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:16.554076, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.554098, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:16.554127, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:16.554148, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = ps5ui.dll, attr = 22 >[2012/11/09 16:29:16.554167, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:16.554193, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eacbb820 now at offset -1 >[2012/11/09 16:29:16.554215, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/11/09 16:29:16.554246, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.554267, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.554299, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) >[2012/11/09 16:29:16.554327, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:16.554367, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:16.554396, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 >[2012/11/09 16:29:16.554417, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 >[2012/11/09 16:29:16.554435, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.554446, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54400 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2012/11/09 16:29:16.554641, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:16.557677, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/11/09 16:29:16.557748, 3] smbd/process.c:1662(process_smb) > Transaction 101 of length 124 (0 toread) >[2012/11/09 16:29:16.557789, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.557811, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54464 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/11/09 16:29:16.558168, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.558204, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.558247, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:16.558292, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/yyyp0708.ppd" >[2012/11/09 16:29:16.558324, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/yyyp0708.ppd] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.558355, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/yyyp0708.ppd reduced to /var/lib/samba/drivers/x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.558375, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = yyyp0708.ppd >[2012/11/09 16:29:16.558395, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:16.558414, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.558437, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:16.558464, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:16.558484, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = yyyp0708.ppd, attr = 22 >[2012/11/09 16:29:16.558503, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:16.558547, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 >[2012/11/09 16:29:16.558570, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/yyyp0708.ppd >[2012/11/09 16:29:16.558590, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.558609, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.558640, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[yyyp0708.ppd] found x64/3/yyyp0708.ppd fname=yyyp0708.ppd (yyyp0708.ppd) >[2012/11/09 16:29:16.558668, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:16.558688, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:16.558712, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/11/09 16:29:16.558732, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/11/09 16:29:16.558750, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.558761, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54464 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/11/09 16:29:16.558939, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=yyyp0708.ppd directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:16.562046, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/11/09 16:29:16.562116, 3] smbd/process.c:1662(process_smb) > Transaction 102 of length 122 (0 toread) >[2012/11/09 16:29:16.562150, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.562170, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54528 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/11/09 16:29:16.562527, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.562568, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.562612, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:16.562660, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/11/09 16:29:16.562708, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.562758, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/drivers/x64/3/pscript.hlp >[2012/11/09 16:29:16.562793, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.hlp >[2012/11/09 16:29:16.562827, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:16.562860, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.562900, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:16.562965, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:16.563000, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.hlp, attr = 22 >[2012/11/09 16:29:16.563032, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:16.563073, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 >[2012/11/09 16:29:16.563115, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/11/09 16:29:16.563153, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.563193, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.563243, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) >[2012/11/09 16:29:16.563292, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:16.563332, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:16.563380, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/11/09 16:29:16.563422, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/11/09 16:29:16.563462, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.563485, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54528 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/11/09 16:29:16.563767, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:16.566501, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/11/09 16:29:16.566581, 3] smbd/process.c:1662(process_smb) > Transaction 103 of length 122 (0 toread) >[2012/11/09 16:29:16.566618, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.566635, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54592 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/11/09 16:29:16.566924, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.566957, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.566991, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/11/09 16:29:16.567031, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/11/09 16:29:16.567077, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.567124, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/drivers/x64/3/pscript.ntf >[2012/11/09 16:29:16.567157, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.ntf >[2012/11/09 16:29:16.567189, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/11/09 16:29:16.567242, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/drivers] >[2012/11/09 16:29:16.567283, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/drivers/x64/3 >[2012/11/09 16:29:16.567323, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/11/09 16:29:16.567354, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.ntf, attr = 22 >[2012/11/09 16:29:16.567383, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/11/09 16:29:16.567422, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fa2eaca7500 now at offset -1 >[2012/11/09 16:29:16.567456, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/11/09 16:29:16.567485, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning >[2012/11/09 16:29:16.567507, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning >[2012/11/09 16:29:16.567537, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) >[2012/11/09 16:29:16.567565, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/11/09 16:29:16.567586, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/11/09 16:29:16.567611, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/11/09 16:29:16.567640, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/11/09 16:29:16.567675, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.567696, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=5012 > smb_uid=101 > smb_mid=54592 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/11/09 16:29:16.567959, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 >[2012/11/09 16:29:16.570123, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.570167, 3] smbd/process.c:1662(process_smb) > Transaction 104 of length 45 (0 toread) >[2012/11/09 16:29:16.570188, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.570199, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54656 > smt_wct=3 > smb_vwv[ 0]= 8219 (0x201B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.570315, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.570336, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.570355, 3] smbd/reply.c:4848(reply_close) > close fd=37 fnum=8219 (numopen=7) >[2012/11/09 16:29:16.570375, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.570427, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=6) NT_STATUS_OK >[2012/11/09 16:29:16.570453, 5] smbd/files.c:482(file_free) > freed files structure 8219 (8 used) >[2012/11/09 16:29:16.570474, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.570486, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54656 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.574066, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.574170, 3] smbd/process.c:1662(process_smb) > Transaction 105 of length 45 (0 toread) >[2012/11/09 16:29:16.574208, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.574230, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54720 > smt_wct=3 > smb_vwv[ 0]= 8213 (0x2015) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.574431, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.574462, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.574498, 3] smbd/reply.c:4848(reply_close) > close fd=32 fnum=8213 (numopen=6) >[2012/11/09 16:29:16.574531, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.574620, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/pscript5.dll (numopen=5) NT_STATUS_OK >[2012/11/09 16:29:16.574662, 5] smbd/files.c:482(file_free) > freed files structure 8213 (7 used) >[2012/11/09 16:29:16.574702, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.574725, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54720 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.576164, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.576221, 3] smbd/process.c:1662(process_smb) > Transaction 106 of length 45 (0 toread) >[2012/11/09 16:29:16.576258, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.576279, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54784 > smt_wct=3 > smb_vwv[ 0]= 8221 (0x201D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.576500, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.576538, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.576573, 3] smbd/reply.c:4848(reply_close) > close fd=38 fnum=8221 (numopen=5) >[2012/11/09 16:29:16.576611, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.576691, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=4) NT_STATUS_OK >[2012/11/09 16:29:16.576736, 5] smbd/files.c:482(file_free) > freed files structure 8221 (6 used) >[2012/11/09 16:29:16.576775, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.576797, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54784 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.578238, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.578305, 3] smbd/process.c:1662(process_smb) > Transaction 107 of length 45 (0 toread) >[2012/11/09 16:29:16.578342, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.578363, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54848 > smt_wct=3 > smb_vwv[ 0]= 8214 (0x2016) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.578536, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.578567, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.578597, 3] smbd/reply.c:4848(reply_close) > close fd=33 fnum=8214 (numopen=4) >[2012/11/09 16:29:16.578635, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.578733, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/ps5ui.dll (numopen=3) NT_STATUS_OK >[2012/11/09 16:29:16.578773, 5] smbd/files.c:482(file_free) > freed files structure 8214 (5 used) >[2012/11/09 16:29:16.578806, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.578821, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54848 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.580174, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.580221, 3] smbd/process.c:1662(process_smb) > Transaction 108 of length 45 (0 toread) >[2012/11/09 16:29:16.580248, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.580263, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54912 > smt_wct=3 > smb_vwv[ 0]= 8215 (0x2017) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.580429, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.580457, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.580517, 3] smbd/reply.c:4848(reply_close) > close fd=34 fnum=8215 (numopen=3) >[2012/11/09 16:29:16.580549, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.580606, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/yyyp0708.ppd (numopen=2) NT_STATUS_OK >[2012/11/09 16:29:16.580640, 5] smbd/files.c:482(file_free) > freed files structure 8215 (4 used) >[2012/11/09 16:29:16.580670, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.580686, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54912 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.582283, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.582341, 3] smbd/process.c:1662(process_smb) > Transaction 109 of length 45 (0 toread) >[2012/11/09 16:29:16.582362, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.582374, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54976 > smt_wct=3 > smb_vwv[ 0]= 8216 (0x2018) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.582494, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.582516, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.582537, 3] smbd/reply.c:4848(reply_close) > close fd=35 fnum=8216 (numopen=2) >[2012/11/09 16:29:16.582557, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.582608, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/pscript.hlp (numopen=1) NT_STATUS_OK >[2012/11/09 16:29:16.582634, 5] smbd/files.c:482(file_free) > freed files structure 8216 (3 used) >[2012/11/09 16:29:16.582656, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.582668, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=54976 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.583883, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.583920, 3] smbd/process.c:1662(process_smb) > Transaction 110 of length 45 (0 toread) >[2012/11/09 16:29:16.583940, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.583951, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=55040 > smt_wct=3 > smb_vwv[ 0]= 8217 (0x2019) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.584093, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:16.584114, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.584134, 3] smbd/reply.c:4848(reply_close) > close fd=36 fnum=8217 (numopen=1) >[2012/11/09 16:29:16.584154, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.584196, 2] smbd/close.c:696(close_normal_file) > BROSE+pfoerfr closed file x64/3/pscript.ntf (numopen=0) NT_STATUS_OK >[2012/11/09 16:29:16.584221, 5] smbd/files.c:482(file_free) > freed files structure 8217 (2 used) >[2012/11/09 16:29:16.584243, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.584255, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=55040 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.742693, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x890 >[2012/11/09 16:29:16.742794, 3] smbd/process.c:1662(process_smb) > Transaction 111 of length 2196 (0 toread) >[2012/11/09 16:29:16.742826, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.742850, 5] lib/util.c:342(show_msg) > size=2192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55104 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2108 (0x83C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2108 (0x83C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2125 >[2012/11/09 16:29:16.743192, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.743227, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.743266, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:16.755753, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:16.759736, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:16.759784, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/tmp >[2012/11/09 16:29:16.759828, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2108 params=0 setup=2 >[2012/11/09 16:29:16.759862, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.759890, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.759919, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.759947, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.759980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2108 >[2012/11/09 16:29:16.760026, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.760061, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:16.760095, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:16.760129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.760200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.760268, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.760318, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.760359, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.760405, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.760438, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.760519, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.760556, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.760585, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.760613, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.760742, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.760820, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.760917, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.760991, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.761056, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.761118, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.761181, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.761240, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.761295, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.761371, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.761447, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.761543, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.761733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.761808, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.761855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.761918, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.761961, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762259, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762303, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762366, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762474, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762518, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762580, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762688, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762795, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762839, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.762904, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.762948, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763023, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763067, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763130, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763340, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763672, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763777, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.763910, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.763952, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.763998, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.764063, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.764091, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.764141, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.764200, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.764277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.764343, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.764395, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.764448, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.764529, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.764582, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.764629, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.764692, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.764763, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.764849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.764918, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.764946, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.765019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765088, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.765115, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.765160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 9D 50 4C 21 ....Z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765304, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.765346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765415, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 9D 50 4C 21 ....Y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765484, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.765530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765605, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 9D 50 4C 21 ....X... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765686, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.765735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 9D 50 4C 21 ....W... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.765875, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.765948, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.765998, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.766043, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.766078, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.766124, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.766161, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.766192, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.766220, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.766339, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.766410, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.766501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.766574, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.766638, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.766698, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.766765, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.766848, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.766904, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.766977, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.767054, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767219, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.767250, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.767329, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767405, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.767438, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.767487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767559, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 9D 50 4C 21 ....\... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767628, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.767671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767743, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 9D 50 4C 21 ....[... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.767810, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.767872, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.767922, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.767962, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 7481 >[2012/11/09 16:29:16.768010, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) >[2012/11/09 16:29:16.768042, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.768060, 5] lib/util.c:342(show_msg) > size=2144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55104 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2088 (0x828) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2088 (0x828) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2089 >[2012/11/09 16:29:16.769685, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x890 >[2012/11/09 16:29:16.769750, 3] smbd/process.c:1662(process_smb) > Transaction 112 of length 2196 (0 toread) >[2012/11/09 16:29:16.769771, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.769782, 5] lib/util.c:342(show_msg) > size=2192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55168 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2108 (0x83C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2108 (0x83C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2125 >[2012/11/09 16:29:16.769990, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.770012, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.770037, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2108 params=0 setup=2 >[2012/11/09 16:29:16.770060, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.770078, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.770097, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.770115, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.770136, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2108 >[2012/11/09 16:29:16.770165, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.770189, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:16.770209, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:16.770231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.770311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.770352, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.770376, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.770404, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.770435, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.770458, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.770491, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.770516, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.770534, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.770552, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.770643, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.770696, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.770773, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.770817, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.770861, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.770903, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.770943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.770983, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.771019, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.771066, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.771115, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771259, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771306, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771381, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771455, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771529, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771560, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771601, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771728, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771779, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.771898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.771968, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772016, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772086, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772204, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772446, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772600, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772717, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772777, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772851, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.772902, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.772973, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773021, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773141, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773213, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773262, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773407, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773480, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773510, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.773556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773627, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.773656, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.773710, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.773771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.773942, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.774000, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.774063, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.774122, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.774179, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.774232, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.774301, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.774375, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.774465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.774537, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.774566, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.774650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.774725, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.774755, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.774804, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.774874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 60 00 00 00 00 00 00 00 9D 50 4C 21 ....`... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.774940, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.774982, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775052, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5F 00 00 00 00 00 00 00 9D 50 4C 21 ...._... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775117, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.775157, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775229, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5E 00 00 00 00 00 00 00 9D 50 4C 21 ....^... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775312, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.775357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 9D 50 4C 21 ....]... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.775495, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.775594, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.775663, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.775702, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:16.775749, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:16.775780, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.775798, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55168 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:16.777323, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:16.777396, 3] smbd/process.c:1662(process_smb) > Transaction 113 of length 4348 (0 toread) >[2012/11/09 16:29:16.777427, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.777447, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55232 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:16.777754, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.777789, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.777825, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2014 name: spoolss len: 4280 >[2012/11/09 16:29:16.777857, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:16.777909, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:16.778869, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x138 >[2012/11/09 16:29:16.778915, 3] smbd/process.c:1662(process_smb) > Transaction 114 of length 316 (0 toread) >[2012/11/09 16:29:16.778947, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.778965, 5] lib/util.c:342(show_msg) > size=312 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55296 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 228 (0xE4) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=245 >[2012/11/09 16:29:16.779307, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.779337, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.779370, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=228 params=0 setup=2 >[2012/11/09 16:29:16.779404, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.779430, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.779455, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.779480, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.779506, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 228 >[2012/11/09 16:29:16.779547, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.779579, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:16.779607, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:16.779636, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.779704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.779770, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.779801, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.779836, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.779883, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.779922, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.779968, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.780005, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.780042, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.780079, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.780215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.780316, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.780422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.780529, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.780607, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.780673, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.780742, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.780808, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.780885, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.780963, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.781045, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781359, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.781410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781484, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.781534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781606, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.781660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781736, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.781785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781855, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.781904, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.781972, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782093, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782159, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782353, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782402, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782477, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782533, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782604, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782733, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782780, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.782897, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.782966, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783014, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783084, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783202, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783342, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783465, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783737, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783767, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.783815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.783887, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.783916, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.783974, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.784043, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.784131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.784203, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.784263, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.784325, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.784384, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.784443, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.784597, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.784704, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.784786, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.784883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.784958, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.784990, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.785070, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785144, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.785174, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.785225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 64 00 00 00 00 00 00 00 9D 50 4C 21 ....d... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785363, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.785406, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785475, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 63 00 00 00 00 00 00 00 9D 50 4C 21 ....c... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785541, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.785582, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 62 00 00 00 00 00 00 00 9D 50 4C 21 ....b... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785733, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.785778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 61 00 00 00 00 00 00 00 9D 50 4C 21 ....a... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.785913, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.786039, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.786107, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.786153, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..4280] (align 0) >[2012/11/09 16:29:16.786186, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.786204, 5] lib/util.c:342(show_msg) > size=4336 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55296 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4280 (0x10B8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:16.787696, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.787741, 3] smbd/process.c:1662(process_smb) > Transaction 115 of length 63 (0 toread) >[2012/11/09 16:29:16.787771, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.787788, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55360 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8212 (0x2014) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.788055, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.788086, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.788119, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.788156, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8991 >[2012/11/09 16:29:16.788205, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=208 >[2012/11/09 16:29:16.789322, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x890 >[2012/11/09 16:29:16.789373, 3] smbd/process.c:1662(process_smb) > Transaction 116 of length 2196 (0 toread) >[2012/11/09 16:29:16.789403, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.789420, 5] lib/util.c:342(show_msg) > size=2192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55424 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2108 (0x83C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2108 (0x83C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2125 >[2012/11/09 16:29:16.789745, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.789777, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.789812, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2108 params=0 setup=2 >[2012/11/09 16:29:16.789845, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.789871, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.789900, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.789927, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.789957, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2108 >[2012/11/09 16:29:16.789996, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.790052, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:16.790083, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:16.790115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.790184, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.790250, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.790284, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.790323, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.790369, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.790403, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.790448, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.790482, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.790511, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.790538, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.790662, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.790737, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.790826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.790899, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.790964, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.791027, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.791089, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.791148, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.791202, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.791274, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.791350, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.791439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.791575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.791682, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.791736, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.791808, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.791857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.791926, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.791973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792042, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792088, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792156, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792202, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792269, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792388, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792436, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792541, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792662, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792801, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.792922, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.792970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793040, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793088, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793158, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793206, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793276, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793324, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793394, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793442, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793559, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793752, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793822, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.793900, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.793980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.794058, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.794088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.794135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.794206, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.794235, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.794290, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.794353, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.794440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.794513, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.794573, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.794640, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.794702, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.794759, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.794813, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.794883, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.794957, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795118, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.795148, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.795225, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795314, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.795344, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.795395, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 68 00 00 00 00 00 00 00 9D 50 4C 21 ....h... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795535, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.795579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 67 00 00 00 00 00 00 00 9D 50 4C 21 ....g... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795735, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.795778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 66 00 00 00 00 00 00 00 9D 50 4C 21 ....f... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.795913, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.795956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.796026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 65 00 00 00 00 00 00 00 9D 50 4C 21 ....e... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.796091, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.796151, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.796192, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.796236, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.796268, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.796319, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.796354, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.796383, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.796411, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.796552, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.796643, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.796733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.796805, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.796867, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.796927, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.796987, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.797045, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.797097, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.797168, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.797243, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797541, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.797592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797664, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.797716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797790, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.797842, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.797912, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.797960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798033, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798103, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798181, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798238, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798437, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798556, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798690, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798742, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798813, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798862, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.798937, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.798988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799108, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799321, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799440, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799559, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799680, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799800, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.799947, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.799977, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.800025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.800098, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.800127, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.800187, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.800262, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.800371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.800445, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.800583, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.800647, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.800708, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.800771, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.800828, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.800899, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.800975, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801135, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.801164, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.801241, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801315, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.801345, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.801394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801465, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6C 00 00 00 00 00 00 00 9D 50 4C 21 ....l... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801531, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.801574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6B 00 00 00 00 00 00 00 9D 50 4C 21 ....k... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801712, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.801754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6A 00 00 00 00 00 00 00 9D 50 4C 21 ....j... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.801904, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.801949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.802019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 69 00 00 00 00 00 00 00 9D 50 4C 21 ....i... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.802084, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.802144, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.802179, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.802221, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.802255, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.802284, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.802311, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.802425, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.802490, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.802579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.802661, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.802725, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.802785, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.802844, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.802902, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.802955, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.803026, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.803092, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:16.803162, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803252, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803322, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.803352, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.803432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6E 00 00 00 00 00 00 00 9D 50 4C 21 ....n... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803573, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.803613, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6D 00 00 00 00 00 00 00 9D 50 4C 21 ....m... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.803746, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.803803, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.803853, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.803890, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 7451 >[2012/11/09 16:29:16.803943, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) >[2012/11/09 16:29:16.803975, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.803992, 5] lib/util.c:342(show_msg) > size=2144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55424 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2088 (0x828) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2088 (0x828) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2089 >[2012/11/09 16:29:16.831207, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:16.831331, 3] smbd/process.c:1662(process_smb) > Transaction 117 of length 106 (0 toread) >[2012/11/09 16:29:16.831370, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.831439, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55488 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:16.831998, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.832036, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.832077, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:16.832114, 5] smbd/files.c:140(file_new) > allocated file structure 4126, fnum = 8222 (3 used) >[2012/11/09 16:29:16.832162, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:16.832282, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:16.832330, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:16.833361, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:16.833415, 3] smbd/process.c:1662(process_smb) > Transaction 118 of length 228 (0 toread) >[2012/11/09 16:29:16.833446, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.833469, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55552 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8222 (0x201E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:16.833741, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.833764, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.833785, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 201e name: spoolss len: 160 >[2012/11/09 16:29:16.833805, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:16.833833, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.833854, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:16.833889, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:16.833928, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.833974, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:16.834924, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.834957, 3] smbd/process.c:1662(process_smb) > Transaction 119 of length 63 (0 toread) >[2012/11/09 16:29:16.834985, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.835009, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55616 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8222 (0x201E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.835246, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.835269, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.835291, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.835312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:16.835336, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:16.836353, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xc4 >[2012/11/09 16:29:16.836399, 3] smbd/process.c:1662(process_smb) > Transaction 120 of length 200 (0 toread) >[2012/11/09 16:29:16.836434, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.836484, 5] lib/util.c:342(show_msg) > size=196 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55680 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 112 (0x70) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8222 (0x201E) > smb_bcc=129 >[2012/11/09 16:29:16.836773, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.836796, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.836820, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=112 params=0 setup=2 >[2012/11/09 16:29:16.836842, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.836860, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.836879, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.836897, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 201e) >[2012/11/09 16:29:16.836929, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 112 >[2012/11/09 16:29:16.836969, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.836994, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x33 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTPROCDATATYPES >[2012/11/09 16:29:16.837017, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[51].fn == 0x7fa2ea3e1cc0 >[2012/11/09 16:29:16.837048, 5] rpc_server/spoolss/srv_spoolss_nt.c:8810(_spoolss_EnumPrintProcDataTypes) > _spoolss_EnumPrintProcDataTypes >[2012/11/09 16:29:16.837078, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.837106, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.837131, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1257 >[2012/11/09 16:29:16.837157, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.837177, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.837189, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55680 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.841916, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.841955, 3] smbd/process.c:1662(process_smb) > Transaction 121 of length 45 (0 toread) >[2012/11/09 16:29:16.841975, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.841987, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55744 > smt_wct=3 > smb_vwv[ 0]= 8222 (0x201E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.842136, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.842168, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.842196, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8222 (numopen=3) >[2012/11/09 16:29:16.842225, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.842285, 5] smbd/files.c:482(file_free) > freed files structure 8222 (2 used) >[2012/11/09 16:29:16.842318, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.842335, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55744 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.843529, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:16.843569, 3] smbd/process.c:1662(process_smb) > Transaction 122 of length 106 (0 toread) >[2012/11/09 16:29:16.843598, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.843614, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=55808 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:16.843999, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.844029, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.844059, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:16.844090, 5] smbd/files.c:140(file_new) > allocated file structure 4127, fnum = 8223 (3 used) >[2012/11/09 16:29:16.844127, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:16.844194, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:16.844231, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:16.845121, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:16.845162, 3] smbd/process.c:1662(process_smb) > Transaction 123 of length 228 (0 toread) >[2012/11/09 16:29:16.845190, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.845206, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55872 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8223 (0x201F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:16.845489, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.845518, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.845547, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 201f name: spoolss len: 160 >[2012/11/09 16:29:16.845576, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:16.845611, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.845657, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:16.845686, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:16.845715, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.845757, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:16.846725, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.846777, 3] smbd/process.c:1662(process_smb) > Transaction 124 of length 63 (0 toread) >[2012/11/09 16:29:16.846799, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.846810, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=55936 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8223 (0x201F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.847009, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.847033, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.847075, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.847123, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:16.847172, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:16.848087, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe8 >[2012/11/09 16:29:16.848134, 3] smbd/process.c:1662(process_smb) > Transaction 125 of length 236 (0 toread) >[2012/11/09 16:29:16.848170, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.848193, 5] lib/util.c:342(show_msg) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56000 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8223 (0x201F) > smb_bcc=165 >[2012/11/09 16:29:16.848526, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.848565, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.848607, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=148 params=0 setup=2 >[2012/11/09 16:29:16.848646, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.848679, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.848716, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.848747, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 201f) >[2012/11/09 16:29:16.848785, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 148 >[2012/11/09 16:29:16.848839, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.848879, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x33 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTPROCDATATYPES >[2012/11/09 16:29:16.848915, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[51].fn == 0x7fa2ea3e1cc0 >[2012/11/09 16:29:16.848954, 5] rpc_server/spoolss/srv_spoolss_nt.c:8810(_spoolss_EnumPrintProcDataTypes) > _spoolss_EnumPrintProcDataTypes >[2012/11/09 16:29:16.849000, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.849047, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.849089, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1257 >[2012/11/09 16:29:16.849133, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..76] (align 0) >[2012/11/09 16:29:16.849197, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.849217, 5] lib/util.c:342(show_msg) > size=132 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56000 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 76 (0x4C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=77 >[2012/11/09 16:29:16.850347, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.850389, 3] smbd/process.c:1662(process_smb) > Transaction 126 of length 45 (0 toread) >[2012/11/09 16:29:16.850411, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.850423, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56064 > smt_wct=3 > smb_vwv[ 0]= 8223 (0x201F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.850556, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.850579, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.850599, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8223 (numopen=3) >[2012/11/09 16:29:16.850626, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.850680, 5] smbd/files.c:482(file_free) > freed files structure 8223 (2 used) >[2012/11/09 16:29:16.850706, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.850727, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56064 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.852084, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbc >[2012/11/09 16:29:16.852119, 3] smbd/process.c:1662(process_smb) > Transaction 127 of length 192 (0 toread) >[2012/11/09 16:29:16.852139, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.852151, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56128 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=121 >[2012/11/09 16:29:16.852411, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.852434, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.852474, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=104 params=0 setup=2 >[2012/11/09 16:29:16.852503, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.852522, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.852541, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.852560, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.852590, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 104 >[2012/11/09 16:29:16.852628, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.852653, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/11/09 16:29:16.852674, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 >[2012/11/09 16:29:16.852712, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.852756, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/11/09 16:29:16.852778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.852840, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.852868, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.852896, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.852928, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.852951, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.852986, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.853011, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.853031, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.853050, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.853155, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.853211, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.853273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.853334, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.853404, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.853454, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.853496, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.853537, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.853575, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.853652, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.853725, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.853799, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.853884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.853940, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.853972, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.854028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.854074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 70 00 00 00 00 00 00 00 9D 50 4C 21 ....p... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.854114, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.854143, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.854215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 6F 00 00 00 00 00 00 00 9D 50 4C 21 ....o... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.854258, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.854293, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.854326, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.854352, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:16.854381, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) >[2012/11/09 16:29:16.854402, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.854421, 5] lib/util.c:342(show_msg) > size=1120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56128 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1064 (0x428) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1064 (0x428) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1065 >[2012/11/09 16:29:16.855396, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xc4 >[2012/11/09 16:29:16.855430, 3] smbd/process.c:1662(process_smb) > Transaction 128 of length 200 (0 toread) >[2012/11/09 16:29:16.855451, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.855462, 5] lib/util.c:342(show_msg) > size=196 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56192 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 112 (0x70) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=129 >[2012/11/09 16:29:16.855692, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.855714, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.855738, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=112 params=0 setup=2 >[2012/11/09 16:29:16.855760, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.855778, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.855797, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.855817, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.855848, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 112 >[2012/11/09 16:29:16.855875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.855916, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/11/09 16:29:16.855948, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fa2ea3e5d00 >[2012/11/09 16:29:16.855972, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.856014, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/11/09 16:29:16.856033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.856072, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.856096, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.856121, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.856149, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.856183, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.856232, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.856271, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.856293, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.856320, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.856404, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.856453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.856536, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.856581, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.856625, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.856666, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.856707, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.856746, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.856783, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.856830, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.856874, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.856921, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.856979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.857035, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.857056, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:16.857134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.857198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 72 00 00 00 00 00 00 00 9D 50 4C 21 ....r... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.857256, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.857289, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.857332, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 71 00 00 00 00 00 00 00 9D 50 4C 21 ....q... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.857371, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.857403, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.857438, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.857485, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:16.857532, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) >[2012/11/09 16:29:16.857568, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.857587, 5] lib/util.c:342(show_msg) > size=1120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56192 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1064 (0x428) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1064 (0x428) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1065 >[2012/11/09 16:29:16.858854, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:16.858900, 3] smbd/process.c:1662(process_smb) > Transaction 129 of length 106 (0 toread) >[2012/11/09 16:29:16.858923, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.858935, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:16.859235, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.859275, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.859301, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:16.859323, 5] smbd/files.c:140(file_new) > allocated file structure 4128, fnum = 8224 (3 used) >[2012/11/09 16:29:16.859350, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:16.859396, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:16.859425, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:16.860218, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:16.860252, 3] smbd/process.c:1662(process_smb) > Transaction 130 of length 228 (0 toread) >[2012/11/09 16:29:16.860272, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.860284, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8224 (0x2020) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:16.860507, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.860529, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.860551, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2020 name: spoolss len: 160 >[2012/11/09 16:29:16.860572, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:16.860597, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.860619, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:16.860639, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:16.860659, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:16.860690, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:16.861478, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:16.861512, 3] smbd/process.c:1662(process_smb) > Transaction 131 of length 63 (0 toread) >[2012/11/09 16:29:16.861532, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.861543, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8224 (0x2020) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:16.861732, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.861753, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.861775, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.861797, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:16.861821, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:16.862628, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1cc >[2012/11/09 16:29:16.862672, 3] smbd/process.c:1662(process_smb) > Transaction 132 of length 464 (0 toread) >[2012/11/09 16:29:16.862714, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.862755, 5] lib/util.c:342(show_msg) > size=460 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 376 (0x178) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 376 (0x178) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8224 (0x2020) > smb_bcc=393 >[2012/11/09 16:29:16.863151, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.863196, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.863253, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=376 params=0 setup=2 >[2012/11/09 16:29:16.863293, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.863314, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.863334, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.863353, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2020) >[2012/11/09 16:29:16.863375, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 376 >[2012/11/09 16:29:16.863414, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.863444, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0xc - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVERDIRECTORY >[2012/11/09 16:29:16.863481, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[12].fn == 0x7fa2ea3e8280 >[2012/11/09 16:29:16.863526, 5] rpc_server/spoolss/srv_spoolss_nt.c:8207(_spoolss_GetPrinterDriverDirectory) > _spoolss_GetPrinterDriverDirectory: level 1 >[2012/11/09 16:29:16.863574, 4] rpc_server/spoolss/srv_spoolss_nt.c:8184(getprinterdriverdir_level_1) > printer driver directory: [\\yyyu0031\print$\x64] >[2012/11/09 16:29:16.863608, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.863651, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:16.863690, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 51 >[2012/11/09 16:29:16.863718, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..296] (align 0) >[2012/11/09 16:29:16.863739, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.863751, 5] lib/util.c:342(show_msg) > size=352 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 296 (0x128) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 296 (0x128) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=297 >[2012/11/09 16:29:16.864796, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:16.864829, 3] smbd/process.c:1662(process_smb) > Transaction 133 of length 45 (0 toread) >[2012/11/09 16:29:16.864850, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.864861, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56512 > smt_wct=3 > smb_vwv[ 0]= 8224 (0x2020) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:16.865001, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.865039, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.865076, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8224 (numopen=3) >[2012/11/09 16:29:16.865112, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:16.865160, 5] smbd/files.c:482(file_free) > freed files structure 8224 (2 used) >[2012/11/09 16:29:16.865184, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.865196, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=56512 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:16.866103, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x94 >[2012/11/09 16:29:16.866137, 3] smbd/process.c:1662(process_smb) > Transaction 134 of length 152 (0 toread) >[2012/11/09 16:29:16.866158, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.866169, 5] lib/util.c:342(show_msg) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=81 >[2012/11/09 16:29:16.866385, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.866406, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.866428, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=64 params=0 setup=2 >[2012/11/09 16:29:16.866450, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.866469, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.866488, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.866507, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.866528, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 64 >[2012/11/09 16:29:16.866552, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.866574, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.866595, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.866619, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.866661, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.866681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.866719, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.866744, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.866771, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.866800, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.866822, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.866868, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.866908, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.866938, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.866959, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.867063, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.867117, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867175, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867220, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.867264, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.867305, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.867346, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.867386, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.867423, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.867471, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.867522, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867715, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.867749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867802, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.867838, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867881, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.867915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.867985, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 74 00 00 00 00 00 00 00 9D 50 4C 21 ....t... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.868031, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.868063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.868106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 73 00 00 00 00 00 00 00 9D 50 4C 21 ....s... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.868145, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.868183, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.868214, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.868239, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2765 >[2012/11/09 16:29:16.868267, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:16.868288, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.868308, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:16.869289, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x94 >[2012/11/09 16:29:16.869322, 3] smbd/process.c:1662(process_smb) > Transaction 135 of length 152 (0 toread) >[2012/11/09 16:29:16.869342, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.869354, 5] lib/util.c:342(show_msg) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56640 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=81 >[2012/11/09 16:29:16.869568, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.869589, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.869611, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=64 params=0 setup=2 >[2012/11/09 16:29:16.869632, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.869651, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.869670, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.869689, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.869710, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 64 >[2012/11/09 16:29:16.869734, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.869756, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.869786, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.869810, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.869851, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.869871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.869943, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.869971, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.869998, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.870025, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.870046, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.870073, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.870097, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.870117, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.870136, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.870206, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.870252, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870353, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.870396, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.870437, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.870478, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.870517, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.870554, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.870601, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.870658, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870715, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870799, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870867, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.870921, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.870970, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.871003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.871046, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) > _winreg_EnumKey: enumerating key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:16.871078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.871121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 76 00 00 00 00 00 00 00 9D 50 4C 21 ....v... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.871160, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.871190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.871233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 75 00 00 00 00 00 00 00 9D 50 4C 21 ....u... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.871272, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.871307, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.871338, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.871364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2842 >[2012/11/09 16:29:16.871391, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..112] (align 0) >[2012/11/09 16:29:16.871412, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.871423, 5] lib/util.c:342(show_msg) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56640 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2012/11/09 16:29:16.872347, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.872385, 3] smbd/process.c:1662(process_smb) > Transaction 136 of length 168 (0 toread) >[2012/11/09 16:29:16.872407, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.872419, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56704 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.872666, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.872689, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.872712, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.872733, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.872752, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.872771, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.872790, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.872819, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.872859, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.872892, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.872915, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.872937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.872978, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.872997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.873035, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.873057, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.873083, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.873109, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.873131, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.873157, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.873182, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.873201, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.873220, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.873308, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.873370, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.873453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.873525, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.873585, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.873661, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.873770, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.873853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.873939, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.874055, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.874160, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsDriver] >[2012/11/09 16:29:16.874292, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.874467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.874693, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.874843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 78 00 00 00 00 00 00 00 9D 50 4C 21 ....x... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.874979, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.875096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.875264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 77 00 00 00 00 00 00 00 9D 50 4C 21 ....w... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.875400, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.875544, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.875726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.875830, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2765 >[2012/11/09 16:29:16.875935, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:16.876013, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.876054, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56704 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:16.877460, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.877588, 3] smbd/process.c:1662(process_smb) > Transaction 137 of length 168 (0 toread) >[2012/11/09 16:29:16.877640, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.877670, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56768 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.878168, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.878204, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.878242, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.878277, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.878308, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.878340, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.878385, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.878442, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.878517, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.878585, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.878645, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.878699, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.878792, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.878820, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.878893, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.878946, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.879001, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.879058, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.879093, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.879153, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.879197, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.879236, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.879289, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.879473, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.879589, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.879731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.879838, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.879942, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.880035, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.880165, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.880249, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.880331, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.880451, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.880604, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsDriver] >[2012/11/09 16:29:16.880704, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.880849, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.880985, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.881066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7A 00 00 00 00 00 00 00 9D 50 4C 21 ....z... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.881133, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.881175, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.881244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 79 00 00 00 00 00 00 00 9D 50 4C 21 ....y... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.881321, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.881397, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.881465, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.881519, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2782 >[2012/11/09 16:29:16.881575, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.881622, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.881653, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56768 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.882891, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.882957, 3] smbd/process.c:1662(process_smb) > Transaction 138 of length 168 (0 toread) >[2012/11/09 16:29:16.882994, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.883015, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.883391, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.883420, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.883447, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.883470, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.883488, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.883507, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.883526, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.883566, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.883605, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.883633, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX >[2012/11/09 16:29:16.883654, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[79].fn == 0x7fa2ea3dd410 >[2012/11/09 16:29:16.883679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.883720, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) > _spoolss_EnumPrinterDataEx >[2012/11/09 16:29:16.883739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.883777, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.883801, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.883829, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.883859, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.883880, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.883916, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.883940, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.883959, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.883978, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.884083, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.884175, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.884275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.884398, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.884510, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.884588, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.884692, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.884763, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.884828, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.884911, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.884988, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsDriver] >[2012/11/09 16:29:16.885067, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885168, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885290, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7C 00 00 00 00 00 00 00 9D 50 4C 21 ....|... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885444, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.885493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7B 00 00 00 00 00 00 00 9D 50 4C 21 ....{... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.885666, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.885722, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.885776, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.885819, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:16.885866, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.885895, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.885907, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.886983, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.887021, 3] smbd/process.c:1662(process_smb) > Transaction 139 of length 168 (0 toread) >[2012/11/09 16:29:16.887042, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.887053, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.887282, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.887304, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.887329, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.887350, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.887377, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.887406, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.887426, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.887447, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.887488, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.887515, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.887536, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.887558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.887600, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.887618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.887656, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.887679, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.887705, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.887732, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.887754, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.887790, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.887814, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.887834, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.887852, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.887938, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.887987, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888090, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.888133, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.888184, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.888226, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.888266, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.888301, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.888349, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.888392, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:16.888444, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7E 00 00 00 00 00 00 00 9D 50 4C 21 ....~... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888705, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.888733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7D 00 00 00 00 00 00 00 9D 50 4C 21 ....}... .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.888811, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.888847, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.888877, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.888902, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2765 >[2012/11/09 16:29:16.888929, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:16.888949, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.888961, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:16.890121, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.890154, 3] smbd/process.c:1662(process_smb) > Transaction 140 of length 168 (0 toread) >[2012/11/09 16:29:16.890173, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.890184, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.890424, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.890447, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.890469, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.890490, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.890508, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.890526, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.890544, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.890563, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.890586, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.890608, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.890635, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.890656, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.890695, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.890713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.890750, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.890772, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.890797, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.890823, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.890843, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.890872, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.890896, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.890914, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.890932, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.891007, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.891054, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891154, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.891195, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.891255, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.891296, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.891334, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.891378, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.891456, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.891509, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:16.891556, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891687, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 80 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891770, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.891798, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891839, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 7F 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.891877, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.891910, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.891939, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.891964, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2782 >[2012/11/09 16:29:16.891990, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.892011, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.892022, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=56960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.893094, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.893131, 3] smbd/process.c:1662(process_smb) > Transaction 141 of length 168 (0 toread) >[2012/11/09 16:29:16.893151, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.893163, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.893383, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.893405, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.893427, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.893448, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.893466, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.893484, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.893503, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.893523, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.893546, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.893568, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX >[2012/11/09 16:29:16.893588, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[79].fn == 0x7fa2ea3dd410 >[2012/11/09 16:29:16.893610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.893650, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) > _spoolss_EnumPrinterDataEx >[2012/11/09 16:29:16.893669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.893706, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.893728, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.893753, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.893779, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.893800, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.893828, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.893852, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.893871, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.893977, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.894096, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.894176, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894282, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894363, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.894423, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.894480, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.894522, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.894562, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.894598, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.894645, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.894689, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:16.894734, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894790, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894919, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.894953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.894996, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895028, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895070, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895145, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895408, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895557, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895589, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895649, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895700, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895765, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.895889, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.895942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.896021, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.896084, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.896163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 82 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.896237, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.896291, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.896387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 81 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.896492, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.896570, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.896622, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.896657, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 18478 >[2012/11/09 16:29:16.896698, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.896727, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.896742, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.897990, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/11/09 16:29:16.898029, 3] smbd/process.c:1662(process_smb) > Transaction 142 of length 168 (0 toread) >[2012/11/09 16:29:16.898056, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.898071, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=97 >[2012/11/09 16:29:16.898389, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.898427, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.898464, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/11/09 16:29:16.898504, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.898532, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.898556, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.898579, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.898605, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/11/09 16:29:16.898644, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.898673, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX >[2012/11/09 16:29:16.898700, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[79].fn == 0x7fa2ea3dd410 >[2012/11/09 16:29:16.898728, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.898790, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) > _spoolss_EnumPrinterDataEx >[2012/11/09 16:29:16.898830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.898889, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.898918, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.898951, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.898989, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.899021, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.899064, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.899099, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.899128, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.899157, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.899260, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.899327, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.899419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.899491, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.899554, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.899608, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.899664, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.899717, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.899764, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.899826, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.899882, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:16.899944, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900136, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900203, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900246, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900323, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900432, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900573, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900734, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900852, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.900896, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.900960, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901077, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901127, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901199, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901330, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901403, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901612, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901742, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:16.901803, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901880, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 84 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.901950, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.902003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.902089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 83 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.902171, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.902279, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.902338, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.902386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 18478 >[2012/11/09 16:29:16.902443, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1424] (align 0) >[2012/11/09 16:29:16.902484, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.902506, 5] lib/util.c:342(show_msg) > size=1480 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1424 (0x590) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1424 (0x590) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1425 >[2012/11/09 16:29:16.967279, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/11/09 16:29:16.967363, 3] smbd/process.c:1662(process_smb) > Transaction 143 of length 184 (0 toread) >[2012/11/09 16:29:16.967384, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.967418, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57152 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=113 >[2012/11/09 16:29:16.967665, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.967688, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.967715, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=96 params=0 setup=2 >[2012/11/09 16:29:16.967737, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.967755, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.967773, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.967792, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.967812, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 96 >[2012/11/09 16:29:16.967841, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.967864, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.967885, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.967908, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.967949, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.967967, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.968004, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.968029, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.968055, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.968085, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.968107, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.968142, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.968166, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.968185, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.968203, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.968302, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.968356, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.968415, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.968494, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.968562, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.968659, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.968748, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.968808, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.968850, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.968899, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.968942, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.968990, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969046, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969127, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969172, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 86 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969209, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.969237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 85 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.969315, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.969351, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.969382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.969407, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2765 >[2012/11/09 16:29:16.969434, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/11/09 16:29:16.969455, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.969466, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57152 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/11/09 16:29:16.970523, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/11/09 16:29:16.970555, 3] smbd/process.c:1662(process_smb) > Transaction 144 of length 184 (0 toread) >[2012/11/09 16:29:16.970575, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.970596, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57216 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=113 >[2012/11/09 16:29:16.970853, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.970875, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.970897, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=96 params=0 setup=2 >[2012/11/09 16:29:16.970918, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.970936, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.970954, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.970972, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.970991, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 96 >[2012/11/09 16:29:16.971014, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.971036, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x50 - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERKEY >[2012/11/09 16:29:16.971055, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[80].fn == 0x7fa2ea3dd0c0 >[2012/11/09 16:29:16.971076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.971115, 4] rpc_server/spoolss/srv_spoolss_nt.c:9484(_spoolss_EnumPrinterKey) > _spoolss_EnumPrinterKey >[2012/11/09 16:29:16.971134, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.971171, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.971192, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.971216, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.971241, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.971262, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.971289, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.971312, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.971331, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.971349, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.971417, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.971477, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.971542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.971597, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.971641, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.971680, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.971719, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.971758, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.971792, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.971838, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.971880, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.971926, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.971981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.972124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.972214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 88 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.972295, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.972355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.972435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 87 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.972545, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.972606, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.972661, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.972713, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2782 >[2012/11/09 16:29:16.972749, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.972770, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.972781, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57216 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.973764, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/11/09 16:29:16.973795, 3] smbd/process.c:1662(process_smb) > Transaction 145 of length 184 (0 toread) >[2012/11/09 16:29:16.973829, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.973842, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57280 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=113 >[2012/11/09 16:29:16.974048, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.974069, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.974091, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=96 params=0 setup=2 >[2012/11/09 16:29:16.974111, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.974129, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.974147, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.974166, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.974185, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 96 >[2012/11/09 16:29:16.974209, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.974230, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX >[2012/11/09 16:29:16.974250, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[79].fn == 0x7fa2ea3dd410 >[2012/11/09 16:29:16.974272, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.974311, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) > _spoolss_EnumPrinterDataEx >[2012/11/09 16:29:16.974330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.974367, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.974390, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.974415, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.974441, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.974462, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.974493, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.974516, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.974535, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.974553, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.974640, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.974691, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.974747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.974806, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.974849, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.974888, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.974928, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.974966, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.975002, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.975047, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.975090, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.975137, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975274, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975321, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975396, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975469, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975500, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975542, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975673, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975718, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975792, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975823, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975864, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.975937, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.975971, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.976054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976096, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.976128, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976170, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.976201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976243, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.976280, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976338, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8A 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976378, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.976407, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976449, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 89 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.976513, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.976570, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.976604, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.976629, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 20290 >[2012/11/09 16:29:16.976670, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2012/11/09 16:29:16.976693, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.976704, 5] lib/util.c:342(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57280 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2012/11/09 16:29:16.977659, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb4 >[2012/11/09 16:29:16.977691, 3] smbd/process.c:1662(process_smb) > Transaction 146 of length 184 (0 toread) >[2012/11/09 16:29:16.977710, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.977721, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57344 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 96 (0x60) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=113 >[2012/11/09 16:29:16.977927, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:16.977947, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:16.977969, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=96 params=0 setup=2 >[2012/11/09 16:29:16.977989, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:16.978007, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:16.978025, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:16.978043, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:16.978063, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 96 >[2012/11/09 16:29:16.978086, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:16.978107, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x4f - api_rpcTNP: rpc command: SPOOLSS_ENUMPRINTERDATAEX >[2012/11/09 16:29:16.978137, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[79].fn == 0x7fa2ea3dd410 >[2012/11/09 16:29:16.978161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.978200, 4] rpc_server/spoolss/srv_spoolss_nt.c:9603(_spoolss_EnumPrinterDataEx) > _spoolss_EnumPrinterDataEx >[2012/11/09 16:29:16.978219, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.978256, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:16.978277, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:16.978302, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:16.978336, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:16.978365, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.978393, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.978417, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:16.978436, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:16.978454, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:16.978526, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:16.978572, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.978634, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.978679, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:16.978721, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:16.978761, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:16.978800, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:16.978841, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:16.978889, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:16.978937, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:16.978979, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/11/09 16:29:16.979026, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979081, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979340, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979421, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979495, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979567, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979599, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979640, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979713, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979785, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979816, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979857, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.979943, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.979975, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.980048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980090, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.980122, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\PrinterDriverData] >[2012/11/09 16:29:16.980199, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8C 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980285, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.980332, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8B 00 00 00 00 00 00 00 9D 50 4C 21 ........ .....PL! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:16.980476, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:16.980542, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:16.980575, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:16.980601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 20290 >[2012/11/09 16:29:16.980632, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2708] (align 0) >[2012/11/09 16:29:16.980653, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:16.980664, 5] lib/util.c:342(show_msg) > size=2764 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57344 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2708 (0xA94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2708 (0xA94) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2709 >[2012/11/09 16:29:17.048766, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.048852, 3] smbd/process.c:1662(process_smb) > Transaction 147 of length 106 (0 toread) >[2012/11/09 16:29:17.048874, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.048885, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57408 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.049169, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.049192, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.049218, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.049241, 5] smbd/files.c:140(file_new) > allocated file structure 4129, fnum = 8225 (3 used) >[2012/11/09 16:29:17.049270, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.049329, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.049357, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.050545, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.050603, 3] smbd/process.c:1662(process_smb) > Transaction 148 of length 228 (0 toread) >[2012/11/09 16:29:17.050639, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.050661, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57472 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8225 (0x2021) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.050975, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.051009, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.051046, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2021 name: spoolss len: 160 >[2012/11/09 16:29:17.051080, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.051125, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.051162, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.051196, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.051230, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.051313, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.052308, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.052354, 3] smbd/process.c:1662(process_smb) > Transaction 149 of length 63 (0 toread) >[2012/11/09 16:29:17.052387, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.052406, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57536 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8225 (0x2021) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.052733, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.052770, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.052805, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.052843, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.052881, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.052916, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.052947, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.053004, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:17.053047, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.054149, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.054192, 3] smbd/process.c:1662(process_smb) > Transaction 150 of length 296 (0 toread) >[2012/11/09 16:29:17.054227, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.054246, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57600 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8225 (0x2021) > smb_bcc=225 >[2012/11/09 16:29:17.054576, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.054615, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.054659, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:17.064799, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:17.068078, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:17.068128, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.068166, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.068187, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.068206, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.068225, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2021) >[2012/11/09 16:29:17.068246, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.068288, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.068324, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.068360, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.068398, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.068440, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.068517, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.068581, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.068602, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.068641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.068679, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.068701, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.068725, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.068746, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.068772, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.068803, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.068825, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.068854, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.068878, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.068897, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.068915, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.069003, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.069055, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069212, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.069267, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.069309, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.069351, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.069389, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.069439, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.069486, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.069534, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069585, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.069614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069691, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.069718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069759, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.069796, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.069827, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.069858, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.069884, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.069912, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.069933, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.069945, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57600 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.072437, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.072493, 3] smbd/process.c:1662(process_smb) > Transaction 151 of length 132 (0 toread) >[2012/11/09 16:29:17.072514, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.072526, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57664 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8225 (0x2021) > smb_bcc=61 >[2012/11/09 16:29:17.072733, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.072781, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.072810, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.072832, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.072851, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.072869, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.072888, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2021) >[2012/11/09 16:29:17.072907, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.072931, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.072952, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.072972, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.072993, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.073062, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.073104, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 8D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.073141, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.073162, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.073190, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.073215, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.073240, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.073260, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.073271, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57664 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.074366, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.074398, 3] smbd/process.c:1662(process_smb) > Transaction 152 of length 106 (0 toread) >[2012/11/09 16:29:17.074418, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.074429, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57729 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.074706, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.074728, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.074750, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.074772, 5] smbd/files.c:140(file_new) > allocated file structure 4130, fnum = 8226 (4 used) >[2012/11/09 16:29:17.074799, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.074845, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.074873, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.075836, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.075875, 3] smbd/process.c:1662(process_smb) > Transaction 153 of length 45 (0 toread) >[2012/11/09 16:29:17.075894, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.075906, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57793 > smt_wct=3 > smb_vwv[ 0]= 8225 (0x2021) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.076049, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.076072, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.076092, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8225 (numopen=4) >[2012/11/09 16:29:17.076111, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.076155, 5] smbd/files.c:482(file_free) > freed files structure 8225 (3 used) >[2012/11/09 16:29:17.076176, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.076188, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57793 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.077394, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.077429, 3] smbd/process.c:1662(process_smb) > Transaction 154 of length 228 (0 toread) >[2012/11/09 16:29:17.077449, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.077460, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57857 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8226 (0x2022) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.077654, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.077675, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.077695, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2022 name: spoolss len: 160 >[2012/11/09 16:29:17.077715, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.077741, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.077762, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.077781, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.077801, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.077847, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.079105, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.079143, 3] smbd/process.c:1662(process_smb) > Transaction 155 of length 63 (0 toread) >[2012/11/09 16:29:17.079163, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.079174, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=57921 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8226 (0x2022) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.079353, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.079374, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.079395, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.079416, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.079440, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.080631, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.080670, 3] smbd/process.c:1662(process_smb) > Transaction 156 of length 296 (0 toread) >[2012/11/09 16:29:17.080690, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.080702, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57985 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8226 (0x2022) > smb_bcc=225 >[2012/11/09 16:29:17.080962, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.080985, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.081009, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.081031, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.081049, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.081067, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.081086, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2022) >[2012/11/09 16:29:17.081106, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.081131, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.081153, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.081173, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.081208, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.081249, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.081292, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.081352, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.081373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.081439, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.081514, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.081562, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.081612, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.081656, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.081704, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.081753, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.081787, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.081851, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.081893, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.081933, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.081966, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.082100, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.082180, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.082276, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.082359, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.082431, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.082502, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.082574, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.082655, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.082718, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.082798, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.082877, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.082937, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.082988, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.083032, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 92 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.083070, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.083099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.083140, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 91 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.083178, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.083211, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.083245, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.083271, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.083312, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.083348, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.083362, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=57985 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.085233, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.085283, 3] smbd/process.c:1662(process_smb) > Transaction 157 of length 132 (0 toread) >[2012/11/09 16:29:17.085304, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.085315, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58049 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8226 (0x2022) > smb_bcc=61 >[2012/11/09 16:29:17.085566, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.085590, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.085615, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.085653, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.085672, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.085690, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.085708, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2022) >[2012/11/09 16:29:17.085746, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.085814, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.085852, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.085876, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.085898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.085938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.085976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 90 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.086014, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.086034, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.086062, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.086087, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.086112, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.086132, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.086144, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58049 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.087018, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.087053, 3] smbd/process.c:1662(process_smb) > Transaction 158 of length 106 (0 toread) >[2012/11/09 16:29:17.087073, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.087084, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58112 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.087352, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.087372, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.087395, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.087417, 5] smbd/files.c:140(file_new) > allocated file structure 4131, fnum = 8227 (4 used) >[2012/11/09 16:29:17.087445, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.087499, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.087539, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.088368, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.088415, 3] smbd/process.c:1662(process_smb) > Transaction 159 of length 45 (0 toread) >[2012/11/09 16:29:17.088436, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.088447, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58176 > smt_wct=3 > smb_vwv[ 0]= 8226 (0x2022) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.088590, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.088612, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.088641, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8226 (numopen=4) >[2012/11/09 16:29:17.088681, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.088734, 5] smbd/files.c:482(file_free) > freed files structure 8226 (3 used) >[2012/11/09 16:29:17.088758, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.088780, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58176 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.089825, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.089863, 3] smbd/process.c:1662(process_smb) > Transaction 160 of length 228 (0 toread) >[2012/11/09 16:29:17.089898, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.089920, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58240 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8227 (0x2023) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.090113, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.090133, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.090153, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2023 name: spoolss len: 160 >[2012/11/09 16:29:17.090174, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.090200, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.090221, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.090241, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.090261, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.090292, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.091227, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.091274, 3] smbd/process.c:1662(process_smb) > Transaction 161 of length 63 (0 toread) >[2012/11/09 16:29:17.091306, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.091324, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58304 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8227 (0x2023) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.091612, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.091643, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.091676, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.091712, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.091754, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.092690, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.092726, 3] smbd/process.c:1662(process_smb) > Transaction 162 of length 296 (0 toread) >[2012/11/09 16:29:17.092747, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.092759, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8227 (0x2023) > smb_bcc=225 >[2012/11/09 16:29:17.092988, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.093010, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.093034, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.093057, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.093075, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.093094, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.093113, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2023) >[2012/11/09 16:29:17.093132, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.093157, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.093179, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.093200, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.093235, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.093277, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.093304, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.093373, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.093394, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.093432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.093511, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.093552, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.093595, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.093639, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.093685, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.093719, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.093741, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.093775, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.093800, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.093819, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.093837, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.093930, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.094010, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.094091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.094181, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.094255, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.094322, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.094391, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.094454, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.094512, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.094591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.094673, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.094759, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.094804, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.094876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 95 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.094945, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.095006, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.095081, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 94 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.095151, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.095203, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.095251, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.095291, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.095333, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.095367, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.095386, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.096851, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.096900, 3] smbd/process.c:1662(process_smb) > Transaction 163 of length 132 (0 toread) >[2012/11/09 16:29:17.096924, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.096935, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58432 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8227 (0x2023) > smb_bcc=61 >[2012/11/09 16:29:17.097267, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.097311, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.097353, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.097390, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.097420, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.097450, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.097482, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2023) >[2012/11/09 16:29:17.097520, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.097566, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.097608, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.097647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.097688, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.097776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.097873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.097915, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.097936, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.097966, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.097992, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.098018, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.098038, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.098050, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58432 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.099058, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.099098, 3] smbd/process.c:1662(process_smb) > Transaction 164 of length 106 (0 toread) >[2012/11/09 16:29:17.099119, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.099130, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58497 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.099485, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.099515, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.099541, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.099563, 5] smbd/files.c:140(file_new) > allocated file structure 4132, fnum = 8228 (4 used) >[2012/11/09 16:29:17.099590, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.099650, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.099679, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.100507, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.100542, 3] smbd/process.c:1662(process_smb) > Transaction 165 of length 45 (0 toread) >[2012/11/09 16:29:17.100562, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.100573, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58561 > smt_wct=3 > smb_vwv[ 0]= 8227 (0x2023) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.100703, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.100732, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.100772, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8227 (numopen=4) >[2012/11/09 16:29:17.100803, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.100858, 5] smbd/files.c:482(file_free) > freed files structure 8227 (3 used) >[2012/11/09 16:29:17.100886, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.100898, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58561 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.101844, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.101877, 3] smbd/process.c:1662(process_smb) > Transaction 166 of length 228 (0 toread) >[2012/11/09 16:29:17.101897, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.101908, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58625 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8228 (0x2024) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.102100, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.102120, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.102140, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2024 name: spoolss len: 160 >[2012/11/09 16:29:17.102160, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.102185, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.102206, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.102225, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.102245, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.102276, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.103075, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.103108, 3] smbd/process.c:1662(process_smb) > Transaction 167 of length 63 (0 toread) >[2012/11/09 16:29:17.103128, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.103139, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58689 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8228 (0x2024) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.103353, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.103376, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.103407, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.103448, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.103499, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.104385, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.104419, 3] smbd/process.c:1662(process_smb) > Transaction 168 of length 296 (0 toread) >[2012/11/09 16:29:17.104439, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.104450, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58753 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8228 (0x2024) > smb_bcc=225 >[2012/11/09 16:29:17.104715, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.104739, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.104762, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.104783, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.104801, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.104820, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.104838, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2024) >[2012/11/09 16:29:17.104858, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.104882, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.104903, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.104924, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.104958, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.104998, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.105024, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.105081, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.105102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.105140, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.105177, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.105199, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.105225, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.105260, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.105316, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.105350, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.105372, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.105409, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.105433, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.105452, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.105471, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.105565, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.105650, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.105732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.105790, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.105859, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.105913, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.105959, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.105999, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.106036, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.106083, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.106131, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.106182, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.106220, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.106297, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 98 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.106339, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.106368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.106409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 97 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.106447, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.106479, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.106522, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.106549, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.106576, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.106596, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.106607, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58753 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.107643, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.107686, 3] smbd/process.c:1662(process_smb) > Transaction 169 of length 132 (0 toread) >[2012/11/09 16:29:17.107711, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.107722, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58817 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8228 (0x2024) > smb_bcc=61 >[2012/11/09 16:29:17.107952, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.107975, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.107997, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.108018, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.108035, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.108053, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.108071, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2024) >[2012/11/09 16:29:17.108090, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.108113, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.108134, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.108156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.108192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.108253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.108294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 96 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.108355, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.108377, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.108415, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.108446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.108495, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.108517, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.108537, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58817 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.109469, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.109504, 3] smbd/process.c:1662(process_smb) > Transaction 170 of length 106 (0 toread) >[2012/11/09 16:29:17.109539, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.109560, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=58880 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.109854, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.109891, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.109917, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.109938, 5] smbd/files.c:140(file_new) > allocated file structure 4133, fnum = 8229 (4 used) >[2012/11/09 16:29:17.109982, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.110051, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.110091, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.111003, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.111041, 3] smbd/process.c:1662(process_smb) > Transaction 171 of length 45 (0 toread) >[2012/11/09 16:29:17.111079, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.111102, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58944 > smt_wct=3 > smb_vwv[ 0]= 8228 (0x2024) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.111261, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.111290, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.111319, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8228 (numopen=4) >[2012/11/09 16:29:17.111340, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.111379, 5] smbd/files.c:482(file_free) > freed files structure 8228 (3 used) >[2012/11/09 16:29:17.111402, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.111424, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=58944 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.112987, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.113046, 3] smbd/process.c:1662(process_smb) > Transaction 172 of length 228 (0 toread) >[2012/11/09 16:29:17.113078, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.113094, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59008 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8229 (0x2025) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.113343, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.113370, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.113396, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2025 name: spoolss len: 160 >[2012/11/09 16:29:17.113422, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.113474, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.113509, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.113533, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.113558, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.113597, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.114861, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.114902, 3] smbd/process.c:1662(process_smb) > Transaction 173 of length 63 (0 toread) >[2012/11/09 16:29:17.114929, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.114944, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59072 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8229 (0x2025) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.115173, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.115199, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.115226, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.115253, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.115283, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.116191, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.116238, 3] smbd/process.c:1662(process_smb) > Transaction 174 of length 296 (0 toread) >[2012/11/09 16:29:17.116329, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.116354, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59136 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8229 (0x2025) > smb_bcc=225 >[2012/11/09 16:29:17.116769, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.116808, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.116848, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.116887, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.116919, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.116953, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.116984, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2025) >[2012/11/09 16:29:17.117022, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.117061, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.117101, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.117138, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.117194, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.117264, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.117303, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.117383, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.117424, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.117490, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.117555, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.117587, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.117621, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.117653, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.117690, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.117763, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.117797, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.117844, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.117883, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.117913, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.117957, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.118088, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.118161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.118251, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.118322, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.118386, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.118446, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.118506, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.118564, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.118644, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.118721, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.118797, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.118877, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.118919, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.118987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9B 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.119053, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.119093, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.119161, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9A 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.119226, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.119271, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.119314, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.119350, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.119390, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.119421, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.119438, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59136 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.120643, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.120685, 3] smbd/process.c:1662(process_smb) > Transaction 175 of length 132 (0 toread) >[2012/11/09 16:29:17.120714, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.120731, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59200 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8229 (0x2025) > smb_bcc=61 >[2012/11/09 16:29:17.121048, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.121080, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.121112, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.121143, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.121171, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.121199, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.121226, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2025) >[2012/11/09 16:29:17.121255, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.121288, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.121320, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.121350, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.121386, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.121456, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.121522, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 99 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.121586, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.121616, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.121656, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.121699, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.121743, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.121782, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.121806, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59200 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.122915, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.122965, 3] smbd/process.c:1662(process_smb) > Transaction 176 of length 106 (0 toread) >[2012/11/09 16:29:17.123002, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.123024, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59265 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.123491, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.123529, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.123568, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.123607, 5] smbd/files.c:140(file_new) > allocated file structure 4134, fnum = 8230 (4 used) >[2012/11/09 16:29:17.123654, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.123726, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.123771, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.124437, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.124507, 3] smbd/process.c:1662(process_smb) > Transaction 177 of length 45 (0 toread) >[2012/11/09 16:29:17.124544, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.124565, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59329 > smt_wct=3 > smb_vwv[ 0]= 8229 (0x2025) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.124774, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.124812, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.124851, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8229 (numopen=4) >[2012/11/09 16:29:17.124890, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.124960, 5] smbd/files.c:482(file_free) > freed files structure 8229 (3 used) >[2012/11/09 16:29:17.125002, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.125023, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59329 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.126122, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.126168, 3] smbd/process.c:1662(process_smb) > Transaction 178 of length 228 (0 toread) >[2012/11/09 16:29:17.126204, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.126225, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59393 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8230 (0x2026) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.126596, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.126636, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.126676, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2026 name: spoolss len: 160 >[2012/11/09 16:29:17.126715, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.126758, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.126796, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.126830, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.126865, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.126915, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.127780, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.127816, 3] smbd/process.c:1662(process_smb) > Transaction 179 of length 63 (0 toread) >[2012/11/09 16:29:17.127836, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.127854, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59457 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8230 (0x2026) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.128127, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.128156, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.128184, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.128212, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.128244, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.129202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.129254, 3] smbd/process.c:1662(process_smb) > Transaction 180 of length 296 (0 toread) >[2012/11/09 16:29:17.129285, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.129303, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59521 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8230 (0x2026) > smb_bcc=225 >[2012/11/09 16:29:17.129640, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.129675, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.129742, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.129783, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.129816, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.129853, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.129883, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2026) >[2012/11/09 16:29:17.129904, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.129930, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.129952, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.129972, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.130014, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.130069, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.130109, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.130189, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.130218, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.130257, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.130305, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.130329, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.130353, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.130374, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.130400, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.130430, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.130451, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.130485, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.130567, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.130595, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.130613, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.130717, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.130786, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.130855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.130934, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.130988, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.131030, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.131072, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.131119, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.131158, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.131221, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.131277, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.131344, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.131380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.131427, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9E 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.131465, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.131501, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.131558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9D 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.131603, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.131640, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.131672, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.131709, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.131738, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.131759, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.131770, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59521 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.132801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.132848, 3] smbd/process.c:1662(process_smb) > Transaction 181 of length 132 (0 toread) >[2012/11/09 16:29:17.132888, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.132903, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59585 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8230 (0x2026) > smb_bcc=61 >[2012/11/09 16:29:17.133238, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.133269, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.133310, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.133346, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.133383, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.133419, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.133451, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2026) >[2012/11/09 16:29:17.133491, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.133531, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.133572, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.133616, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.133642, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.133681, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.133729, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9C 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.133768, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.133788, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.133815, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.133849, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.133879, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.133910, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.133931, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59585 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.134941, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.134986, 3] smbd/process.c:1662(process_smb) > Transaction 182 of length 106 (0 toread) >[2012/11/09 16:29:17.135018, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.135035, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59648 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.135476, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.135504, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.135532, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.135558, 5] smbd/files.c:140(file_new) > allocated file structure 4135, fnum = 8231 (4 used) >[2012/11/09 16:29:17.135595, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.135681, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.135725, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.136470, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.136504, 3] smbd/process.c:1662(process_smb) > Transaction 183 of length 45 (0 toread) >[2012/11/09 16:29:17.136523, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.136534, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59712 > smt_wct=3 > smb_vwv[ 0]= 8230 (0x2026) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.136648, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.136668, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.136687, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8230 (numopen=4) >[2012/11/09 16:29:17.136706, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.136746, 5] smbd/files.c:482(file_free) > freed files structure 8230 (3 used) >[2012/11/09 16:29:17.136769, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.136780, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59712 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.137774, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.137821, 3] smbd/process.c:1662(process_smb) > Transaction 184 of length 228 (0 toread) >[2012/11/09 16:29:17.137855, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.137875, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59776 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8231 (0x2027) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.138189, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.138227, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.138299, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2027 name: spoolss len: 160 >[2012/11/09 16:29:17.138340, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.138385, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.138421, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.138452, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.138484, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.138530, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.140480, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.140531, 3] smbd/process.c:1662(process_smb) > Transaction 185 of length 63 (0 toread) >[2012/11/09 16:29:17.140573, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.140594, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=59840 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8231 (0x2027) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.140896, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.140928, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.140960, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.140991, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.141027, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.142143, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.142185, 3] smbd/process.c:1662(process_smb) > Transaction 186 of length 296 (0 toread) >[2012/11/09 16:29:17.142215, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.142232, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59904 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8231 (0x2027) > smb_bcc=225 >[2012/11/09 16:29:17.142511, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.142541, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.142572, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.142600, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.142624, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.142648, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.142672, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2027) >[2012/11/09 16:29:17.142703, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.142744, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.142800, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.142838, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.142875, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.142917, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.142952, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.143035, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.143057, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.143096, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.143147, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.143191, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.143233, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.143270, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.143313, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.143347, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.143369, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.143404, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.143429, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.143467, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.143500, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.143614, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.143697, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.143761, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.143805, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.143858, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.143954, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.144034, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.144109, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.144203, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.144319, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.144406, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.144541, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.144587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.144649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.144713, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.144750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.144812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.144879, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.144926, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.144967, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.145001, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.145037, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.145064, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.145080, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59904 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.146514, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.146553, 3] smbd/process.c:1662(process_smb) > Transaction 187 of length 132 (0 toread) >[2012/11/09 16:29:17.146580, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.146594, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59968 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8231 (0x2027) > smb_bcc=61 >[2012/11/09 16:29:17.146850, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.146897, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.146939, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.146964, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.146982, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.147001, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.147019, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2027) >[2012/11/09 16:29:17.147038, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.147062, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.147096, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.147135, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.147174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.147245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.147312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 9F 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.147376, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.147409, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.147451, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.147487, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.147521, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.147551, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.147567, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=59968 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.148799, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.148840, 3] smbd/process.c:1662(process_smb) > Transaction 188 of length 106 (0 toread) >[2012/11/09 16:29:17.148868, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.148885, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60033 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.149297, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.149328, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.149360, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.149391, 5] smbd/files.c:140(file_new) > allocated file structure 4136, fnum = 8232 (4 used) >[2012/11/09 16:29:17.149427, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.149492, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.149530, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.150529, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.150562, 3] smbd/process.c:1662(process_smb) > Transaction 189 of length 45 (0 toread) >[2012/11/09 16:29:17.150582, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.150593, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60097 > smt_wct=3 > smb_vwv[ 0]= 8231 (0x2027) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.150715, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.150735, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.150756, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8231 (numopen=4) >[2012/11/09 16:29:17.150775, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.150834, 5] smbd/files.c:482(file_free) > freed files structure 8231 (3 used) >[2012/11/09 16:29:17.150857, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.150869, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60097 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.152426, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.152484, 3] smbd/process.c:1662(process_smb) > Transaction 190 of length 228 (0 toread) >[2012/11/09 16:29:17.152507, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.152518, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60161 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8232 (0x2028) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.152729, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.152762, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.152784, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2028 name: spoolss len: 160 >[2012/11/09 16:29:17.152804, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.152828, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.152849, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.152868, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.152887, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.152932, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.154137, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.154179, 3] smbd/process.c:1662(process_smb) > Transaction 191 of length 63 (0 toread) >[2012/11/09 16:29:17.154209, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.154222, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60225 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8232 (0x2028) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.154411, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.154433, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.154454, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.154475, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.154509, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.155563, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.155608, 3] smbd/process.c:1662(process_smb) > Transaction 192 of length 296 (0 toread) >[2012/11/09 16:29:17.155655, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.155669, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60289 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8232 (0x2028) > smb_bcc=225 >[2012/11/09 16:29:17.155876, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.155896, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.155918, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.155939, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.155957, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.155977, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.156004, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2028) >[2012/11/09 16:29:17.156025, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.156060, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.156083, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.156102, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.156135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.156174, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.156226, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.156284, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.156304, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.156357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.156400, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.156422, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.156446, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.156493, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.156527, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.156568, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.156592, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.156630, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.156661, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.156684, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.156718, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.156819, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.156886, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.156949, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.156993, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.157036, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.157077, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.157128, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.157169, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.157205, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.157255, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.157314, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.157366, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.157419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.157463, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.157500, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.157527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.157568, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.157606, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.157636, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.157666, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.157691, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.157717, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.157737, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.157748, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60289 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.159163, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.159208, 3] smbd/process.c:1662(process_smb) > Transaction 193 of length 132 (0 toread) >[2012/11/09 16:29:17.159241, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.159260, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60353 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8232 (0x2028) > smb_bcc=61 >[2012/11/09 16:29:17.159599, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.159640, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.159683, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.159722, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.159764, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.159802, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.159825, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2028) >[2012/11/09 16:29:17.159845, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.159884, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.159907, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.159927, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.159947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.159987, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.160024, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.160061, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.160081, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.160108, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.160133, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.160156, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.160176, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.160187, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60353 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.161337, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.161371, 3] smbd/process.c:1662(process_smb) > Transaction 194 of length 106 (0 toread) >[2012/11/09 16:29:17.161390, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.161401, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60416 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.161664, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.161684, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.161707, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.161728, 5] smbd/files.c:140(file_new) > allocated file structure 4137, fnum = 8233 (4 used) >[2012/11/09 16:29:17.161754, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.161805, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.161845, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.162844, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.162879, 3] smbd/process.c:1662(process_smb) > Transaction 195 of length 45 (0 toread) >[2012/11/09 16:29:17.162899, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.162910, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60480 > smt_wct=3 > smb_vwv[ 0]= 8232 (0x2028) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.163023, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.163043, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.163062, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8232 (numopen=4) >[2012/11/09 16:29:17.163082, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.163122, 5] smbd/files.c:482(file_free) > freed files structure 8232 (3 used) >[2012/11/09 16:29:17.163144, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.163155, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60480 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.164360, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.164397, 3] smbd/process.c:1662(process_smb) > Transaction 196 of length 228 (0 toread) >[2012/11/09 16:29:17.164417, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.164428, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60544 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8233 (0x2029) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.164641, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.164663, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.164682, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2029 name: spoolss len: 160 >[2012/11/09 16:29:17.164702, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.164727, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.164747, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.164766, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.164786, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.164815, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.170110, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.170150, 3] smbd/process.c:1662(process_smb) > Transaction 197 of length 63 (0 toread) >[2012/11/09 16:29:17.170170, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.170181, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60608 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8233 (0x2029) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.170376, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.170397, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.170419, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.170440, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.170465, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.171420, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.171451, 3] smbd/process.c:1662(process_smb) > Transaction 198 of length 296 (0 toread) >[2012/11/09 16:29:17.171470, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.171481, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60672 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8233 (0x2029) > smb_bcc=225 >[2012/11/09 16:29:17.171686, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.171706, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.171729, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.171750, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.171768, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.171786, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.171804, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2029) >[2012/11/09 16:29:17.171823, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.171847, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.171868, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.171888, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.171922, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.171988, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.172016, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.172074, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.172095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.172132, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.172181, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.172204, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.172228, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.172249, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.172274, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.172308, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.172346, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.172383, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.172407, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.172426, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.172444, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.172558, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.172610, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.172668, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.172712, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.172754, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.172794, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.172834, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.172872, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.172908, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.172954, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.173002, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.173061, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.173092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.173132, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.173169, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.173208, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.173250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.173287, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.173317, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.173347, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.173372, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.173399, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.173419, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.173430, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60672 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.174535, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.174573, 3] smbd/process.c:1662(process_smb) > Transaction 199 of length 132 (0 toread) >[2012/11/09 16:29:17.174606, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.174634, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60736 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8233 (0x2029) > smb_bcc=61 >[2012/11/09 16:29:17.174844, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.174864, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.174886, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.174907, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.174925, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.174942, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.174960, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2029) >[2012/11/09 16:29:17.174980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.175003, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.175024, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.175044, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.175064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.175102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.175163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.175233, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.175277, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.175329, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.175370, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.175409, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.175466, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:17.175514, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.175555, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.175602, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.175650, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.175665, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60736 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.176673, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.176706, 3] smbd/process.c:1662(process_smb) > Transaction 200 of length 106 (0 toread) >[2012/11/09 16:29:17.176725, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.176735, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=60801 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.176995, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.177017, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.177038, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:17.183988, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:17.186965, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:17.186999, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.187022, 5] smbd/files.c:140(file_new) > allocated file structure 4138, fnum = 8234 (4 used) >[2012/11/09 16:29:17.187050, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.187100, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.187128, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.187983, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.188014, 3] smbd/process.c:1662(process_smb) > Transaction 201 of length 45 (0 toread) >[2012/11/09 16:29:17.188033, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.188045, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60865 > smt_wct=3 > smb_vwv[ 0]= 8233 (0x2029) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.188159, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.188179, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.188198, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8233 (numopen=4) >[2012/11/09 16:29:17.188217, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.188273, 5] smbd/files.c:482(file_free) > freed files structure 8233 (3 used) >[2012/11/09 16:29:17.188305, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.188318, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60865 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.189316, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.189349, 3] smbd/process.c:1662(process_smb) > Transaction 202 of length 228 (0 toread) >[2012/11/09 16:29:17.189368, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.189379, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60929 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8234 (0x202A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.189571, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.189591, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.189610, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202a name: spoolss len: 160 >[2012/11/09 16:29:17.189630, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.189656, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.189676, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.189695, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.189714, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.189744, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.190928, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.190978, 3] smbd/process.c:1662(process_smb) > Transaction 203 of length 63 (0 toread) >[2012/11/09 16:29:17.191022, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.191047, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=60993 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8234 (0x202A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.191377, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.191419, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.191459, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.191499, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.191546, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.192650, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.192685, 3] smbd/process.c:1662(process_smb) > Transaction 204 of length 296 (0 toread) >[2012/11/09 16:29:17.192705, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.192716, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61057 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8234 (0x202A) > smb_bcc=225 >[2012/11/09 16:29:17.192922, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.192942, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.192964, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.192986, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.193003, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.193021, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.193039, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202a) >[2012/11/09 16:29:17.193058, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.193083, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.193104, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.193133, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.193178, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.193221, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.193246, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.193303, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.193323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.193371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.193411, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.193433, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.193458, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.193478, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.193503, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.193533, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.193554, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.193586, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.193610, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.193628, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.193646, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.193736, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.193788, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.193845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.193888, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.193931, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.193971, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.194012, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.194050, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.194086, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.194148, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.194199, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.194250, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.194278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.194318, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.194355, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.194393, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.194434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.194471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.194502, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.194531, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.194556, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.194583, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.194602, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.194613, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61057 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.195876, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.195908, 3] smbd/process.c:1662(process_smb) > Transaction 205 of length 132 (0 toread) >[2012/11/09 16:29:17.195928, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.195938, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61121 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8234 (0x202A) > smb_bcc=61 >[2012/11/09 16:29:17.196180, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.196202, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.196223, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.196244, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.196261, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.196279, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.196299, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202a) >[2012/11/09 16:29:17.196328, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.196353, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.196374, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.196394, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.196414, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.196485, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.196528, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 A8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.196565, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.196585, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.196612, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.196636, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.196659, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.196678, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.196689, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61121 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.198428, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.198459, 3] smbd/process.c:1662(process_smb) > Transaction 206 of length 45 (0 toread) >[2012/11/09 16:29:17.198478, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.198489, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61185 > smt_wct=3 > smb_vwv[ 0]= 8234 (0x202A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.198603, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.198629, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.198649, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8234 (numopen=3) >[2012/11/09 16:29:17.198668, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.198707, 5] smbd/files.c:482(file_free) > freed files structure 8234 (2 used) >[2012/11/09 16:29:17.198729, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.198740, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61185 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.199879, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.199910, 3] smbd/process.c:1662(process_smb) > Transaction 207 of length 106 (0 toread) >[2012/11/09 16:29:17.199929, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.199940, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61249 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.200237, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.200259, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.200281, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.200302, 5] smbd/files.c:140(file_new) > allocated file structure 4139, fnum = 8235 (3 used) >[2012/11/09 16:29:17.200326, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.200369, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.200396, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.201593, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.201626, 3] smbd/process.c:1662(process_smb) > Transaction 208 of length 228 (0 toread) >[2012/11/09 16:29:17.201645, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.201656, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61313 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8235 (0x202B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.201845, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.201865, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.201885, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202b name: spoolss len: 160 >[2012/11/09 16:29:17.201906, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.201945, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.201976, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.201997, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.202016, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.202045, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.203143, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.203174, 3] smbd/process.c:1662(process_smb) > Transaction 209 of length 63 (0 toread) >[2012/11/09 16:29:17.203193, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.203203, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61377 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8235 (0x202B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.203380, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.203400, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.203420, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.203450, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.203476, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.204518, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.204549, 3] smbd/process.c:1662(process_smb) > Transaction 210 of length 296 (0 toread) >[2012/11/09 16:29:17.204568, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.204578, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61441 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8235 (0x202B) > smb_bcc=225 >[2012/11/09 16:29:17.204781, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.204801, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.204822, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.204853, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.204883, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.204909, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.204928, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202b) >[2012/11/09 16:29:17.204948, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.204971, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.204992, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.205012, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.205043, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.205082, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.205107, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.205156, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.205176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.205214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.205251, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.205271, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.205293, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.205313, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.205348, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.205375, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.205396, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.205426, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.205449, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.205468, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.205486, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.205556, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.205603, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.205672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.205716, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.205758, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.205798, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.205857, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.205906, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.205943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.205988, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.206035, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.206085, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.206113, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.206152, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.206189, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.206215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.206255, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.206292, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.206332, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.206363, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.206388, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.206428, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.206456, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.206468, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61441 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.207969, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.208021, 3] smbd/process.c:1662(process_smb) > Transaction 211 of length 132 (0 toread) >[2012/11/09 16:29:17.208052, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.208071, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61505 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8235 (0x202B) > smb_bcc=61 >[2012/11/09 16:29:17.208434, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.208486, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.208527, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.208565, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.208593, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.208619, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.208647, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202b) >[2012/11/09 16:29:17.208675, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.208709, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.208738, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.208766, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.208794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.208857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.208926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.208997, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.209037, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.209107, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.209147, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.209180, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.209208, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.209223, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61505 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.210385, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.210425, 3] smbd/process.c:1662(process_smb) > Transaction 212 of length 106 (0 toread) >[2012/11/09 16:29:17.210453, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.210467, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61568 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.210828, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.210852, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.210875, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.210898, 5] smbd/files.c:140(file_new) > allocated file structure 4140, fnum = 8236 (4 used) >[2012/11/09 16:29:17.210925, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.210985, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.211028, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.212120, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.212153, 3] smbd/process.c:1662(process_smb) > Transaction 213 of length 45 (0 toread) >[2012/11/09 16:29:17.212173, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.212185, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61632 > smt_wct=3 > smb_vwv[ 0]= 8235 (0x202B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.212304, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.212325, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.212345, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8235 (numopen=4) >[2012/11/09 16:29:17.212365, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.212427, 5] smbd/files.c:482(file_free) > freed files structure 8235 (3 used) >[2012/11/09 16:29:17.212500, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.212522, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61632 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.213732, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.213770, 3] smbd/process.c:1662(process_smb) > Transaction 214 of length 228 (0 toread) >[2012/11/09 16:29:17.213792, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.213804, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61696 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8236 (0x202C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.214050, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.214073, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.214094, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202c name: spoolss len: 160 >[2012/11/09 16:29:17.214115, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.214147, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.214169, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.214189, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.214210, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.214241, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.215324, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.215361, 3] smbd/process.c:1662(process_smb) > Transaction 215 of length 63 (0 toread) >[2012/11/09 16:29:17.215383, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.215394, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61760 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8236 (0x202C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.215597, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.215621, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.215647, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.215669, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.215707, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.216706, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.216742, 3] smbd/process.c:1662(process_smb) > Transaction 216 of length 296 (0 toread) >[2012/11/09 16:29:17.216771, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.216792, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61824 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8236 (0x202C) > smb_bcc=225 >[2012/11/09 16:29:17.217025, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.217047, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.217071, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.217094, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.217112, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.217134, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.217160, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202c) >[2012/11/09 16:29:17.217181, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.217217, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.217241, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.217262, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.217296, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.217337, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.217364, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.217422, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.217443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.217482, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.217520, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.217542, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.217581, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.217604, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.217634, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.217672, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.217695, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.217737, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.217766, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.217797, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.217819, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.217911, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.217964, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218066, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.218110, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.218159, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.218205, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.218245, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.218282, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.218329, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.218377, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218428, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.218458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218499, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218537, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.218575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218624, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.218664, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.218697, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.218727, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.218753, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.218780, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.218801, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.218812, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61824 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.220208, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.220239, 3] smbd/process.c:1662(process_smb) > Transaction 217 of length 132 (0 toread) >[2012/11/09 16:29:17.220259, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.220271, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61888 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8236 (0x202C) > smb_bcc=61 >[2012/11/09 16:29:17.220546, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.220569, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.220592, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.220613, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.220631, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.220650, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.220668, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202c) >[2012/11/09 16:29:17.220688, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.220711, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.220733, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.220753, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.220774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.220813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.220851, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 AE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.220889, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.220910, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.220936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.220961, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.220985, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.221005, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.221016, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=61888 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.222521, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.222561, 3] smbd/process.c:1662(process_smb) > Transaction 218 of length 45 (0 toread) >[2012/11/09 16:29:17.222583, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.222595, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61952 > smt_wct=3 > smb_vwv[ 0]= 8236 (0x202C) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.222715, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.222736, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.222756, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8236 (numopen=3) >[2012/11/09 16:29:17.222776, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.222819, 5] smbd/files.c:482(file_free) > freed files structure 8236 (2 used) >[2012/11/09 16:29:17.222843, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.222855, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=61952 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.224086, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.224119, 3] smbd/process.c:1662(process_smb) > Transaction 219 of length 106 (0 toread) >[2012/11/09 16:29:17.224140, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.224152, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62016 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.224496, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.224520, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.224543, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.224565, 5] smbd/files.c:140(file_new) > allocated file structure 4141, fnum = 8237 (3 used) >[2012/11/09 16:29:17.224592, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.224642, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.224670, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.225930, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.225962, 3] smbd/process.c:1662(process_smb) > Transaction 220 of length 228 (0 toread) >[2012/11/09 16:29:17.225982, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.225994, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62080 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8237 (0x202D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.226211, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.226233, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.226253, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202d name: spoolss len: 160 >[2012/11/09 16:29:17.226274, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.226300, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.226325, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.226360, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.226391, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.226424, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.227554, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.227587, 3] smbd/process.c:1662(process_smb) > Transaction 221 of length 63 (0 toread) >[2012/11/09 16:29:17.227607, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.227619, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62144 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8237 (0x202D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.227803, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.227824, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.227846, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.227867, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.227892, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.229049, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.229082, 3] smbd/process.c:1662(process_smb) > Transaction 222 of length 296 (0 toread) >[2012/11/09 16:29:17.229102, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.229114, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62208 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8237 (0x202D) > smb_bcc=225 >[2012/11/09 16:29:17.229358, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.229382, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.229417, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.229441, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.229459, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.229479, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.229497, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202d) >[2012/11/09 16:29:17.229518, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.229542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.229564, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.229585, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.229619, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.229661, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.229688, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.229743, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.229764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.229803, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.229841, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.229864, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.229888, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.229909, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.229935, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.229965, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.229987, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.230020, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.230045, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.230064, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.230083, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.230169, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.230220, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230299, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230362, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.230409, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.230451, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.230493, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.230533, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.230570, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.230617, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.230665, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230716, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.230746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230787, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230825, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.230853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.230955, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.230995, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.231026, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.231052, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.231079, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.231100, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.231112, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62208 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.232202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.232242, 3] smbd/process.c:1662(process_smb) > Transaction 223 of length 132 (0 toread) >[2012/11/09 16:29:17.232264, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.232276, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62272 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8237 (0x202D) > smb_bcc=61 >[2012/11/09 16:29:17.232567, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.232591, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.232614, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.232635, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.232654, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.232673, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.232692, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202d) >[2012/11/09 16:29:17.232713, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.232736, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.232759, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.232779, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.232800, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.232840, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.232879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.232918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.232939, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.232966, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.232991, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.233016, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.233037, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.233049, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62272 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.234357, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.234392, 3] smbd/process.c:1662(process_smb) > Transaction 224 of length 45 (0 toread) >[2012/11/09 16:29:17.234412, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.234424, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62336 > smt_wct=3 > smb_vwv[ 0]= 8237 (0x202D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.234556, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.234578, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.234598, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8237 (numopen=3) >[2012/11/09 16:29:17.234623, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.234665, 5] smbd/files.c:482(file_free) > freed files structure 8237 (2 used) >[2012/11/09 16:29:17.234688, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.234700, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62336 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.237233, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.237269, 3] smbd/process.c:1662(process_smb) > Transaction 225 of length 106 (0 toread) >[2012/11/09 16:29:17.237290, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.237301, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62400 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.237575, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.237596, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.237618, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.237642, 5] smbd/files.c:140(file_new) > allocated file structure 4142, fnum = 8238 (3 used) >[2012/11/09 16:29:17.237689, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.237780, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.237826, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.239224, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.239264, 3] smbd/process.c:1662(process_smb) > Transaction 226 of length 228 (0 toread) >[2012/11/09 16:29:17.239284, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.239302, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62464 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8238 (0x202E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.239522, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.239545, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.239584, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202e name: spoolss len: 160 >[2012/11/09 16:29:17.239613, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.239648, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.239671, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.239691, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.239711, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.239742, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.240527, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x890 >[2012/11/09 16:29:17.240568, 3] smbd/process.c:1662(process_smb) > Transaction 227 of length 2196 (0 toread) >[2012/11/09 16:29:17.240590, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.240601, 5] lib/util.c:342(show_msg) > size=2192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62529 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2108 (0x83C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2108 (0x83C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2125 >[2012/11/09 16:29:17.240823, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.240846, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.240879, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2108 params=0 setup=2 >[2012/11/09 16:29:17.240908, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.240927, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.240946, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.240965, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:17.240986, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2108 >[2012/11/09 16:29:17.241032, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.241061, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:17.241083, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:17.241105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.241147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.241200, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.241229, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.241256, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.241287, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.241310, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.241362, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.241390, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.241409, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.241428, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.241530, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.241585, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.241657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.241706, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.241751, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.241807, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.241852, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.241892, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.241935, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.241991, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.242057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242227, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242281, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242380, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242463, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242496, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242670, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242767, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242844, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.242920, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.242955, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243010, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243091, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243167, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243317, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243381, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243461, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243547, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243639, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243721, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.243896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.243950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244036, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.244074, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.244120, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.244202, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.244243, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.244299, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.244506, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.244549, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.244589, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.244627, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.244664, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.244709, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.244760, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244827, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.244872, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.244891, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.244951, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245003, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.245024, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.245059, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245103, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245142, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.245171, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245224, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245265, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.245294, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245375, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.245404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245485, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.245530, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.245560, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.245590, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.245612, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.245671, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.245699, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.245719, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.245739, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.245810, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.245857, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.245977, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.246020, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.246062, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.246103, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.246143, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.246184, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.246263, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.246341, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.246451, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.246526, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.246561, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.246641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.246716, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.246749, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.246794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.246876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.246955, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.247004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.247079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 B8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.247147, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.247211, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.247263, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:17.247304, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 7481 >[2012/11/09 16:29:17.247356, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) >[2012/11/09 16:29:17.247392, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.247411, 5] lib/util.c:342(show_msg) > size=2144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62529 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2088 (0x828) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2088 (0x828) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2089 >[2012/11/09 16:29:17.247703, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.247741, 3] smbd/process.c:1662(process_smb) > Transaction 228 of length 63 (0 toread) >[2012/11/09 16:29:17.247772, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.247791, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62592 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8238 (0x202E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.248086, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.248120, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.248154, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.248187, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.248226, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.248958, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.249008, 3] smbd/process.c:1662(process_smb) > Transaction 229 of length 106 (0 toread) >[2012/11/09 16:29:17.249046, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.249097, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62658 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.249570, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.249611, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.249653, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.249695, 5] smbd/files.c:140(file_new) > allocated file structure 4143, fnum = 8239 (4 used) >[2012/11/09 16:29:17.249744, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.249819, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.249865, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.249944, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x13c >[2012/11/09 16:29:17.249987, 3] smbd/process.c:1662(process_smb) > Transaction 230 of length 320 (0 toread) >[2012/11/09 16:29:17.250024, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.250046, 5] lib/util.c:342(show_msg) > size=316 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62720 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 232 (0xE8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 232 (0xE8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8238 (0x202E) > smb_bcc=249 >[2012/11/09 16:29:17.250400, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.250439, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.250498, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=232 params=0 setup=2 >[2012/11/09 16:29:17.250540, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.250575, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.250611, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.250648, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202e) >[2012/11/09 16:29:17.250690, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 232 >[2012/11/09 16:29:17.250729, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.250765, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.250797, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708, LocalOnly >[2012/11/09 16:29:17.250846, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.250914, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708, LocalOnly > Printer is a printer >[2012/11/09 16:29:17.250952, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708, LocalOnly (len=30) > searching for [yyyp0708, LocalOnly] > stripped handlename: [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.251054, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.251091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.251163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.251238, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.251277, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.251315, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.251346, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.251384, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.251433, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.251472, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.251525, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.251565, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.251600, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.251668, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.251792, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.251870, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.251986, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252071, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.252147, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.252215, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.252290, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.252370, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.252434, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.252545, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.252620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252678, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.252708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252788, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.252815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.252895, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.252927, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.252958, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.252984, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.253012, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.253034, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.253046, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62720 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.254052, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.254090, 3] smbd/process.c:1662(process_smb) > Transaction 231 of length 106 (0 toread) >[2012/11/09 16:29:17.254123, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.254136, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62786 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.254407, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.254427, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.254450, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.254486, 5] smbd/files.c:140(file_new) > allocated file structure 4144, fnum = 8240 (5 used) >[2012/11/09 16:29:17.254517, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.254568, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.254597, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.254639, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.254666, 3] smbd/process.c:1662(process_smb) > Transaction 232 of length 132 (0 toread) >[2012/11/09 16:29:17.254685, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.254696, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62848 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8238 (0x202E) > smb_bcc=61 >[2012/11/09 16:29:17.254908, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.254928, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.254950, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.254971, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.254989, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.255008, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.255027, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202e) >[2012/11/09 16:29:17.255047, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.255072, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.255094, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.255114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.255135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.255186, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.255226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.255264, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.255285, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.255313, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.255339, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.255365, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.255386, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.255397, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=62848 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.256645, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.256677, 3] smbd/process.c:1662(process_smb) > Transaction 233 of length 228 (0 toread) >[2012/11/09 16:29:17.256697, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.256708, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62914 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8239 (0x202F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.256938, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.256960, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.256981, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 202f name: spoolss len: 160 >[2012/11/09 16:29:17.257002, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.257026, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.257047, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.257067, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.257087, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.257116, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.257155, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.257180, 3] smbd/process.c:1662(process_smb) > Transaction 234 of length 228 (0 toread) >[2012/11/09 16:29:17.257199, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.257211, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=62977 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8240 (0x2030) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.257419, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.257440, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.257460, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2030 name: spoolss len: 160 >[2012/11/09 16:29:17.257480, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.257504, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.257524, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.257543, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.257563, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.257591, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.257628, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.257654, 3] smbd/process.c:1662(process_smb) > Transaction 235 of length 45 (0 toread) >[2012/11/09 16:29:17.257674, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.257685, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63040 > smt_wct=3 > smb_vwv[ 0]= 8238 (0x202E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.257812, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.257833, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.257854, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8238 (numopen=5) >[2012/11/09 16:29:17.257874, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.257916, 5] smbd/files.c:482(file_free) > freed files structure 8238 (4 used) >[2012/11/09 16:29:17.257939, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.257950, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63040 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.259306, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.259351, 3] smbd/process.c:1662(process_smb) > Transaction 236 of length 63 (0 toread) >[2012/11/09 16:29:17.259376, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.259388, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63104 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8240 (0x2030) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.259569, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.259590, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.259611, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.259641, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.259668, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.259705, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.259730, 3] smbd/process.c:1662(process_smb) > Transaction 237 of length 63 (0 toread) >[2012/11/09 16:29:17.259750, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.259761, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63169 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8239 (0x202F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.259943, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.259963, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.259984, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.260005, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.260028, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.260958, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.260994, 3] smbd/process.c:1662(process_smb) > Transaction 238 of length 296 (0 toread) >[2012/11/09 16:29:17.261016, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.261028, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63233 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8240 (0x2030) > smb_bcc=225 >[2012/11/09 16:29:17.261242, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.261263, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.261286, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.261308, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.261327, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.261346, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.261365, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2030) >[2012/11/09 16:29:17.261385, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.261409, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.261431, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.261452, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.261496, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.261561, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.261604, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.261690, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.261718, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.261758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.261797, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.261819, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.261843, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.261865, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.261890, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.261919, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.261942, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.261973, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.261998, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.262017, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.262035, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.262114, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.262164, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262267, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.262309, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.262350, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.262391, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.262431, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.262477, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.262557, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.262623, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262687, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.262719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262761, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262799, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.262827, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262869, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 BE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.262907, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.262938, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.262969, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.262995, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.263022, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.263042, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.263054, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63233 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.264029, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x114 >[2012/11/09 16:29:17.264062, 3] smbd/process.c:1662(process_smb) > Transaction 239 of length 280 (0 toread) >[2012/11/09 16:29:17.264083, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.264094, 5] lib/util.c:342(show_msg) > size=276 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63296 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 192 (0xC0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8239 (0x202F) > smb_bcc=209 >[2012/11/09 16:29:17.264317, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.264354, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.264382, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=192 params=0 setup=2 >[2012/11/09 16:29:17.264405, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.264433, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.264489, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.264522, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202f) >[2012/11/09 16:29:17.264557, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 192 >[2012/11/09 16:29:17.264584, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.264606, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.264627, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031 >[2012/11/09 16:29:17.264659, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.264700, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031 > Printer is a print server >[2012/11/09 16:29:17.264726, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031 (len=10) >[2012/11/09 16:29:17.264747, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 4 printer handles active >[2012/11/09 16:29:17.264766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.264805, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2012/11/09 16:29:17.264826, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.264853, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.264877, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.264902, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.264923, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.264934, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63296 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.265940, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.265974, 3] smbd/process.c:1662(process_smb) > Transaction 240 of length 132 (0 toread) >[2012/11/09 16:29:17.265995, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.266006, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63361 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8240 (0x2030) > smb_bcc=61 >[2012/11/09 16:29:17.266218, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.266239, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.266261, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.266283, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.266301, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.266333, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.266356, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2030) >[2012/11/09 16:29:17.266376, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.266400, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.266422, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.266443, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.266478, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.266537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.266578, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 BD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.266616, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.266637, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.266664, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.266690, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.266714, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.266735, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.266746, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63361 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.267686, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.267718, 3] smbd/process.c:1662(process_smb) > Transaction 241 of length 132 (0 toread) >[2012/11/09 16:29:17.267738, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.267750, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63424 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8239 (0x202F) > smb_bcc=61 >[2012/11/09 16:29:17.267962, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.267983, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.268005, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.268027, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.268046, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.268065, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.268098, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 202f) >[2012/11/09 16:29:17.268120, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.268144, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.268166, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.268187, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.268207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.268247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.268286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.268344, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.268368, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.268396, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.268421, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.268445, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.268488, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.268502, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63424 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.269631, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x890 >[2012/11/09 16:29:17.269674, 3] smbd/process.c:1662(process_smb) > Transaction 242 of length 2196 (0 toread) >[2012/11/09 16:29:17.269696, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.269707, 5] lib/util.c:342(show_msg) > size=2192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63490 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2108 (0x83C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2108 (0x83C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=2125 >[2012/11/09 16:29:17.269925, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.269946, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.269969, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2108 params=0 setup=2 >[2012/11/09 16:29:17.269992, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.270011, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.270030, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.270049, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:17.270084, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2108 >[2012/11/09 16:29:17.270112, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.270135, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:17.270156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:17.270179, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.270221, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.270259, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.270283, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.270313, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.270367, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.270398, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.270429, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.270453, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.270473, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.270492, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.270574, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.270660, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.270726, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.270771, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.270816, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.270858, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.270899, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.270938, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.270975, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.271023, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.271073, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271256, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271317, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271409, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271443, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271486, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271520, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271563, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271596, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271644, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271721, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271797, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.271949, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.271994, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272039, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272115, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272190, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272223, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272334, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272419, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272499, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272537, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272582, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272660, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272754, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272791, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272843, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.272941, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.272961, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.272994, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273038, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.273057, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.273096, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.273140, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273258, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.273301, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.273357, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.273404, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.273444, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.273481, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.273527, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.273577, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273680, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.273710, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.273766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273812, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.273833, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.273868, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273911, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.273950, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.273979, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274061, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.274089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274169, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.274199, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274299, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.274347, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.274376, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.274406, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.274429, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.274477, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.274504, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.274524, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.274542, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.274632, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.274681, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.274782, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.274824, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.274865, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.274906, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.274945, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.274982, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.275029, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.275078, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275191, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.275217, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.275271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275318, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:17.275338, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:17.275368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275411, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275449, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.275479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.275574, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.275640, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.275682, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:17.275710, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 7481 >[2012/11/09 16:29:17.275745, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2088] (align 0) >[2012/11/09 16:29:17.275768, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.275780, 5] lib/util.c:342(show_msg) > size=2144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63490 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2088 (0x828) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2088 (0x828) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2089 >[2012/11/09 16:29:17.275980, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.276006, 3] smbd/process.c:1662(process_smb) > Transaction 243 of length 106 (0 toread) >[2012/11/09 16:29:17.276026, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.276037, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63555 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.276353, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.276377, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.276399, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.276422, 5] smbd/files.c:140(file_new) > allocated file structure 4145, fnum = 8241 (5 used) >[2012/11/09 16:29:17.276448, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.276517, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.276546, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.276585, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x64 >[2012/11/09 16:29:17.276611, 3] smbd/process.c:1662(process_smb) > Transaction 244 of length 104 (0 toread) >[2012/11/09 16:29:17.276631, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.276642, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=1240 > smb_uid=101 > smb_mid=63616 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2012/11/09 16:29:17.276922, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.276973, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.276996, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2012/11/09 16:29:17.277017, 5] smbd/files.c:140(file_new) > allocated file structure 4146, fnum = 8242 (6 used) >[2012/11/09 16:29:17.277041, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2012/11/09 16:29:17.277081, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2012/11/09 16:29:17.277110, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2012/11/09 16:29:17.277684, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.277716, 3] smbd/process.c:1662(process_smb) > Transaction 245 of length 45 (0 toread) >[2012/11/09 16:29:17.277736, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.277747, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63683 > smt_wct=3 > smb_vwv[ 0]= 8240 (0x2030) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.277865, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.277885, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.277905, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8240 (numopen=6) >[2012/11/09 16:29:17.277925, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.277966, 5] smbd/files.c:482(file_free) > freed files structure 8240 (5 used) >[2012/11/09 16:29:17.277988, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.278000, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63683 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.278149, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/11/09 16:29:17.278176, 3] smbd/process.c:1662(process_smb) > Transaction 246 of length 76 (0 toread) >[2012/11/09 16:29:17.278196, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.278207, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=1240 > smb_uid=101 > smb_mid=63744 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/11/09 16:29:17.278410, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.278430, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.278453, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/11/09 16:29:17.278474, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/11/09 16:29:17.278493, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.278504, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1240 > smb_uid=101 > smb_mid=63744 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:17.279418, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.279450, 3] smbd/process.c:1662(process_smb) > Transaction 247 of length 45 (0 toread) >[2012/11/09 16:29:17.279469, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.279481, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63808 > smt_wct=3 > smb_vwv[ 0]= 8239 (0x202F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.279598, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.279632, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.279657, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8239 (numopen=5) >[2012/11/09 16:29:17.279677, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.279713, 5] smbd/files.c:482(file_free) > freed files structure 8239 (4 used) >[2012/11/09 16:29:17.279736, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.279748, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63808 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.279861, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.279887, 3] smbd/process.c:1662(process_smb) > Transaction 248 of length 228 (0 toread) >[2012/11/09 16:29:17.279907, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.279918, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=63875 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8242 (0x2032) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.280129, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.280151, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.280172, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2032 name: lsarpc len: 160 >[2012/11/09 16:29:17.280192, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.280218, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\dssetup -> \PIPE\dssetup >[2012/11/09 16:29:17.280239, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.280259, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \lsarpc >[2012/11/09 16:29:17.280279, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\dssetup -> \PIPE\dssetup >[2012/11/09 16:29:17.280309, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.281171, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.281204, 3] smbd/process.c:1662(process_smb) > Transaction 249 of length 106 (0 toread) >[2012/11/09 16:29:17.281224, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.281236, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=63939 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.281537, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.281560, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.281582, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.281603, 5] smbd/files.c:140(file_new) > allocated file structure 4147, fnum = 8243 (5 used) >[2012/11/09 16:29:17.281632, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.281676, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.281704, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.281736, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.281760, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.281779, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.281810, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:17.281841, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.281863, 3] smbd/process.c:1662(process_smb) > Transaction 250 of length 63 (0 toread) >[2012/11/09 16:29:17.281881, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.281892, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64000 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8242 (0x2032) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.282089, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.282113, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.282134, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:17.289720, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:17.293057, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:17.293095, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2012/11/09 16:29:17.293119, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 28 >[2012/11/09 16:29:17.293146, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.293204, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.293231, 3] smbd/process.c:1662(process_smb) > Transaction 251 of length 228 (0 toread) >[2012/11/09 16:29:17.293250, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.293262, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64067 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8241 (0x2031) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.293498, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.293521, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.293542, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2031 name: spoolss len: 160 >[2012/11/09 16:29:17.293564, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.293591, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.293613, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.293633, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.293653, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.293685, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.293736, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.293768, 3] smbd/process.c:1662(process_smb) > Transaction 252 of length 228 (0 toread) >[2012/11/09 16:29:17.293788, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.293799, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64130 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8243 (0x2033) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.293997, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.294017, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.294038, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2033 name: spoolss len: 160 >[2012/11/09 16:29:17.294058, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.294082, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.294103, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.294123, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.294142, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.294171, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.295222, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x6e >[2012/11/09 16:29:17.295257, 3] smbd/process.c:1662(process_smb) > Transaction 253 of length 114 (0 toread) >[2012/11/09 16:29:17.295283, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.295307, 5] lib/util.c:342(show_msg) > size=110 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=1240 > smb_uid=101 > smb_mid=64194 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8242 (0x2032) > smb_bcc=43 >[2012/11/09 16:29:17.295541, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.295563, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.295588, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=26 params=0 setup=2 >[2012/11/09 16:29:17.295610, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.295661, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.295696, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.295727, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2032) >[2012/11/09 16:29:17.295763, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 26 >[2012/11/09 16:29:17.295807, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\lsarpc >[2012/11/09 16:29:17.295833, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION >[2012/11/09 16:29:17.295862, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[0].fn == 0x7fa2ea38bf30 >[2012/11/09 16:29:17.295917, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2012/11/09 16:29:17.295949, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2012/11/09 16:29:17.295975, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 86 >[2012/11/09 16:29:17.296002, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..160] (align 0) >[2012/11/09 16:29:17.296023, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.296035, 5] lib/util.c:342(show_msg) > size=216 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1240 > smb_uid=101 > smb_mid=64194 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 160 (0xA0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 160 (0xA0) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.296960, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.296993, 3] smbd/process.c:1662(process_smb) > Transaction 254 of length 63 (0 toread) >[2012/11/09 16:29:17.297014, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.297026, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64259 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8241 (0x2031) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.297246, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.297268, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.297290, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.297312, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.297336, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.297375, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.297416, 3] smbd/process.c:1662(process_smb) > Transaction 255 of length 63 (0 toread) >[2012/11/09 16:29:17.297437, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.297449, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64320 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8243 (0x2033) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.297649, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.297676, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.297698, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.297720, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.297745, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.297783, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.297809, 3] smbd/process.c:1662(process_smb) > Transaction 256 of length 45 (0 toread) >[2012/11/09 16:29:17.297829, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.297840, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64386 > smt_wct=3 > smb_vwv[ 0]= 8242 (0x2032) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.297959, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.297979, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.297999, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8242 (numopen=5) >[2012/11/09 16:29:17.298019, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.298060, 5] smbd/files.c:482(file_free) > freed files structure 8242 (4 used) >[2012/11/09 16:29:17.298082, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.298094, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64386 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.299107, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.299140, 3] smbd/process.c:1662(process_smb) > Transaction 257 of length 296 (0 toread) >[2012/11/09 16:29:17.299161, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.299172, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64450 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8243 (0x2033) > smb_bcc=225 >[2012/11/09 16:29:17.299387, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.299408, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.299430, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.299452, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.299483, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.299503, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.299522, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2033) >[2012/11/09 16:29:17.299543, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.299571, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.299606, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.299647, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.299687, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.299730, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.299756, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.299812, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.299833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.299873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.299912, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.299934, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.299959, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.299981, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.300008, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.300039, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.300061, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.300090, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.300114, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.300134, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.300162, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.300294, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.300378, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.300530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.300639, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.300725, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.300800, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.300850, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.300892, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.300930, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.300981, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.301034, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.301089, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.301121, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.301163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.301202, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.301231, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.301273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 C8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.301312, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.301347, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.301440, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.301470, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.301499, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.301521, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.301533, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64450 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.302545, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x114 >[2012/11/09 16:29:17.302580, 3] smbd/process.c:1662(process_smb) > Transaction 258 of length 280 (0 toread) >[2012/11/09 16:29:17.302601, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.302612, 5] lib/util.c:342(show_msg) > size=276 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 192 (0xC0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8241 (0x2031) > smb_bcc=209 >[2012/11/09 16:29:17.302844, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.302867, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.302891, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=192 params=0 setup=2 >[2012/11/09 16:29:17.302914, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.302933, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.302952, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.302971, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2031) >[2012/11/09 16:29:17.302992, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 192 >[2012/11/09 16:29:17.303018, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.303040, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.303062, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031 >[2012/11/09 16:29:17.303096, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.303137, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031 > Printer is a print server >[2012/11/09 16:29:17.303164, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031 (len=10) >[2012/11/09 16:29:17.303186, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 4 printer handles active >[2012/11/09 16:29:17.303205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.303245, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) > Setting print server access = SERVER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.303266, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.303294, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.303319, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.303345, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.303365, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.303377, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.304386, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.304419, 3] smbd/process.c:1662(process_smb) > Transaction 259 of length 132 (0 toread) >[2012/11/09 16:29:17.304440, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.304451, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64578 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8243 (0x2033) > smb_bcc=61 >[2012/11/09 16:29:17.304698, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.304722, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.304744, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.304766, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.304785, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.304804, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.304823, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2033) >[2012/11/09 16:29:17.304843, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.304868, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.304890, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.304911, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.304933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.304973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.305011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 C7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.305050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.305071, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.305098, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.305123, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.305148, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.305169, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.305181, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64578 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.306200, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.306248, 3] smbd/process.c:1662(process_smb) > Transaction 260 of length 106 (0 toread) >[2012/11/09 16:29:17.306270, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.306281, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64643 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.306566, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.306588, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.306612, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.306635, 5] smbd/files.c:140(file_new) > allocated file structure 4148, fnum = 8244 (5 used) >[2012/11/09 16:29:17.306662, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.306716, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.306745, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.306784, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.306810, 3] smbd/process.c:1662(process_smb) > Transaction 261 of length 132 (0 toread) >[2012/11/09 16:29:17.306830, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.306842, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64704 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8241 (0x2031) > smb_bcc=61 >[2012/11/09 16:29:17.307056, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.307077, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.307099, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.307120, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.307139, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.307158, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.307177, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2031) >[2012/11/09 16:29:17.307197, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.307220, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.307242, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.307263, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.307284, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.307323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.307377, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CA 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.307417, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.307438, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.307465, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.307491, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.307516, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.307536, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.307548, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=64704 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.310834, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.310870, 3] smbd/process.c:1662(process_smb) > Transaction 262 of length 45 (0 toread) >[2012/11/09 16:29:17.310891, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.310902, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64768 > smt_wct=3 > smb_vwv[ 0]= 8243 (0x2033) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.311023, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.311044, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.311064, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8243 (numopen=5) >[2012/11/09 16:29:17.311085, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.311127, 5] smbd/files.c:482(file_free) > freed files structure 8243 (4 used) >[2012/11/09 16:29:17.311150, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.311162, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64768 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.312059, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.312091, 3] smbd/process.c:1662(process_smb) > Transaction 263 of length 45 (0 toread) >[2012/11/09 16:29:17.312112, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.312123, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64832 > smt_wct=3 > smb_vwv[ 0]= 8241 (0x2031) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.312243, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.312263, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.312284, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8241 (numopen=4) >[2012/11/09 16:29:17.312312, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.312372, 5] smbd/files.c:482(file_free) > freed files structure 8241 (3 used) >[2012/11/09 16:29:17.312415, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.312431, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64832 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.313417, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.313461, 3] smbd/process.c:1662(process_smb) > Transaction 264 of length 228 (0 toread) >[2012/11/09 16:29:17.313492, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.313506, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64896 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8244 (0x2034) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.313705, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.313727, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.313748, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2034 name: spoolss len: 160 >[2012/11/09 16:29:17.313769, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.313796, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.313819, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.313839, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.313860, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.313892, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.315382, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.315415, 3] smbd/process.c:1662(process_smb) > Transaction 265 of length 63 (0 toread) >[2012/11/09 16:29:17.315435, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.315447, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64960 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8244 (0x2034) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.315663, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.315686, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.315709, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.315731, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.315755, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.316948, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.317016, 3] smbd/process.c:1662(process_smb) > Transaction 266 of length 296 (0 toread) >[2012/11/09 16:29:17.317051, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.317071, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8244 (0x2034) > smb_bcc=225 >[2012/11/09 16:29:17.317460, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.317497, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.317543, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.317585, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.317615, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.317651, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.317687, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2034) >[2012/11/09 16:29:17.317721, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.317767, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.317804, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.317842, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.317903, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.317969, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.317998, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.318057, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.318077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.318115, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.318153, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.318176, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.318200, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.318222, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.318249, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.318280, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.318302, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.318338, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.318363, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.318382, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.318412, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.318513, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.318594, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.318698, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.318781, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.318852, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.318921, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.318990, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.319050, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.319104, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.319177, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.319253, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.319334, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.319373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.319441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CD 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.319507, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.319552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.319625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CC 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.319689, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.319734, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.319776, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.319813, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.319852, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.319882, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.319899, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.321380, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.321423, 3] smbd/process.c:1662(process_smb) > Transaction 267 of length 132 (0 toread) >[2012/11/09 16:29:17.321452, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.321469, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8244 (0x2034) > smb_bcc=61 >[2012/11/09 16:29:17.321776, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.321807, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.321840, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.321871, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.321898, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.321925, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.321953, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2034) >[2012/11/09 16:29:17.321982, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.322015, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.322046, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.322075, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.322106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.322174, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.322240, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CB 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.322305, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.322335, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.322373, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.322408, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.322443, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.322472, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.322489, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.323465, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.323512, 3] smbd/process.c:1662(process_smb) > Transaction 268 of length 106 (0 toread) >[2012/11/09 16:29:17.323548, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.323570, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65155 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.324031, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.324067, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.324107, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.324145, 5] smbd/files.c:140(file_new) > allocated file structure 4149, fnum = 8245 (4 used) >[2012/11/09 16:29:17.324189, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.324266, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.324307, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.325236, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.325277, 3] smbd/process.c:1662(process_smb) > Transaction 269 of length 45 (0 toread) >[2012/11/09 16:29:17.325306, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.325322, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=65219 > smt_wct=3 > smb_vwv[ 0]= 8244 (0x2034) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.325493, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.325524, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.325552, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8244 (numopen=4) >[2012/11/09 16:29:17.325580, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.325660, 5] smbd/files.c:482(file_free) > freed files structure 8244 (3 used) >[2012/11/09 16:29:17.325696, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.325713, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=65219 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.326935, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.326975, 3] smbd/process.c:1662(process_smb) > Transaction 270 of length 228 (0 toread) >[2012/11/09 16:29:17.327002, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.327018, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=65283 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8245 (0x2035) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.327359, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.327392, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.327424, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2035 name: spoolss len: 160 >[2012/11/09 16:29:17.327452, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.327491, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.327529, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.327561, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.327599, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.327647, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.328520, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.328569, 3] smbd/process.c:1662(process_smb) > Transaction 271 of length 63 (0 toread) >[2012/11/09 16:29:17.328605, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.328628, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=65347 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8245 (0x2035) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.328893, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.328923, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.328954, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.328984, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.329018, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.329887, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.329927, 3] smbd/process.c:1662(process_smb) > Transaction 272 of length 296 (0 toread) >[2012/11/09 16:29:17.329956, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.329972, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65411 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8245 (0x2035) > smb_bcc=225 >[2012/11/09 16:29:17.330273, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.330302, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.330351, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.330385, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.330412, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.330439, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.330467, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2035) >[2012/11/09 16:29:17.330495, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.330529, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.330560, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.330593, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.330648, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.330717, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.330754, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.330833, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.330862, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.330927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.330990, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.331021, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.331055, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.331085, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.331122, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.331164, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.331195, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.331239, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.331273, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.331300, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.331326, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.331493, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.331571, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.331666, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.331765, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.331839, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.331904, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.331965, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.332023, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.332076, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.332147, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.332221, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.332301, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.332341, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.332408, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D0 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.332505, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.332549, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.332617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CF 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.332682, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.332728, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.332770, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.332806, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.332844, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.332874, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.332890, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65411 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.334250, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.334294, 3] smbd/process.c:1662(process_smb) > Transaction 273 of length 132 (0 toread) >[2012/11/09 16:29:17.334327, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.334369, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65475 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8245 (0x2035) > smb_bcc=61 >[2012/11/09 16:29:17.334806, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.334865, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.334909, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.334975, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.335009, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.335054, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.335090, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2035) >[2012/11/09 16:29:17.335121, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.335176, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.335212, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.335243, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.335272, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.335337, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.335401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 CE 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.335464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.335493, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.335529, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.335563, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.335598, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.335664, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.335682, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=65475 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.336628, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.336669, 3] smbd/process.c:1662(process_smb) > Transaction 274 of length 106 (0 toread) >[2012/11/09 16:29:17.336697, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.336713, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=0 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.337112, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.337143, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.337174, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.337205, 5] smbd/files.c:140(file_new) > allocated file structure 4150, fnum = 8246 (4 used) >[2012/11/09 16:29:17.337242, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.337308, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.337345, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.338224, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.338270, 3] smbd/process.c:1662(process_smb) > Transaction 275 of length 45 (0 toread) >[2012/11/09 16:29:17.338306, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.338327, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64 > smt_wct=3 > smb_vwv[ 0]= 8245 (0x2035) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.338527, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.338564, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.338600, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8245 (numopen=4) >[2012/11/09 16:29:17.338648, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.338725, 5] smbd/files.c:482(file_free) > freed files structure 8245 (3 used) >[2012/11/09 16:29:17.338766, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.338788, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=64 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.339806, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.339848, 3] smbd/process.c:1662(process_smb) > Transaction 276 of length 228 (0 toread) >[2012/11/09 16:29:17.339876, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.339893, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8246 (0x2036) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.340173, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.340202, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.340245, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2036 name: spoolss len: 160 >[2012/11/09 16:29:17.340275, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.340309, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.340339, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.340366, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.340395, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.340436, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.341297, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.341337, 3] smbd/process.c:1662(process_smb) > Transaction 277 of length 63 (0 toread) >[2012/11/09 16:29:17.341363, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.341381, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8246 (0x2036) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.341644, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.341675, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.341706, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.341741, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.341775, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.342667, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.342706, 3] smbd/process.c:1662(process_smb) > Transaction 278 of length 296 (0 toread) >[2012/11/09 16:29:17.342734, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.342750, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=256 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8246 (0x2036) > smb_bcc=225 >[2012/11/09 16:29:17.343049, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.343078, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.343108, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.343138, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.343164, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.343190, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.343216, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2036) >[2012/11/09 16:29:17.343244, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.343277, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.343319, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.343352, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.343402, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.343475, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.343524, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.343613, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.343650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.343725, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.343800, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.343839, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.343878, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.343915, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.343958, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.344005, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.344043, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.344094, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.344133, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.344167, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.344200, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.344321, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.344396, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.344515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.344590, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.344653, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.344714, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.344773, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.344844, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.344898, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.344968, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.345041, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.345121, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.345160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.345228, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D3 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.345291, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.345330, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.345398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D2 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.345462, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.345506, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.345547, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.345583, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.345633, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.345670, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.345687, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=256 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.346796, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.346835, 3] smbd/process.c:1662(process_smb) > Transaction 279 of length 132 (0 toread) >[2012/11/09 16:29:17.346863, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.346879, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=320 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8246 (0x2036) > smb_bcc=61 >[2012/11/09 16:29:17.347183, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.347235, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.347269, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.347300, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.347327, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.347354, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.347380, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2036) >[2012/11/09 16:29:17.347409, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.347442, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.347473, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.347502, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.347530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.347595, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.347666, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D1 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.347738, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.347774, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.347819, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.347861, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.347904, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.347941, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.347962, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=320 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.349014, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.349051, 3] smbd/process.c:1662(process_smb) > Transaction 280 of length 106 (0 toread) >[2012/11/09 16:29:17.349072, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.349084, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=387 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.349376, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.349417, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.349442, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.349464, 5] smbd/files.c:140(file_new) > allocated file structure 4151, fnum = 8247 (4 used) >[2012/11/09 16:29:17.349489, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.349535, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.349563, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.350492, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.350525, 3] smbd/process.c:1662(process_smb) > Transaction 281 of length 45 (0 toread) >[2012/11/09 16:29:17.350545, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.350557, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=451 > smt_wct=3 > smb_vwv[ 0]= 8246 (0x2036) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.350676, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.350697, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.350717, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8246 (numopen=4) >[2012/11/09 16:29:17.350737, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.350775, 5] smbd/files.c:482(file_free) > freed files structure 8246 (3 used) >[2012/11/09 16:29:17.350798, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.350810, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=451 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.351814, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.351846, 3] smbd/process.c:1662(process_smb) > Transaction 282 of length 228 (0 toread) >[2012/11/09 16:29:17.351866, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.351878, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=515 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8247 (0x2037) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.352076, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.352096, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.352118, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2037 name: spoolss len: 160 >[2012/11/09 16:29:17.352138, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.352163, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.352184, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.352203, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.352223, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.352266, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.353159, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.353193, 3] smbd/process.c:1662(process_smb) > Transaction 283 of length 63 (0 toread) >[2012/11/09 16:29:17.353213, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.353225, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=579 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8247 (0x2037) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.353430, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.353453, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.353475, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.353497, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.353522, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.354347, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.354380, 3] smbd/process.c:1662(process_smb) > Transaction 284 of length 296 (0 toread) >[2012/11/09 16:29:17.354400, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.354412, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=643 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8247 (0x2037) > smb_bcc=225 >[2012/11/09 16:29:17.354626, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.354647, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.354669, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.354691, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.354710, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.354728, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.354747, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2037) >[2012/11/09 16:29:17.354767, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.354791, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.354813, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.354834, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.354867, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.354908, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.354949, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.355005, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.355026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.355065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.355103, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.355125, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.355149, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/11/09 16:29:17.355170, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.355196, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.355225, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.355266, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.355318, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.355348, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.355368, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.355387, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.355468, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.355517, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.355574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.355640, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.355692, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.355735, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.355777, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.355817, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.355853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.355901, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.355951, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.356002, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.356049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.356092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D6 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.356130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.356159, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.356201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D5 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.356269, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.356306, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.356337, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.356363, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.356390, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.356410, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.356422, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=643 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.357562, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.357594, 3] smbd/process.c:1662(process_smb) > Transaction 285 of length 132 (0 toread) >[2012/11/09 16:29:17.357614, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.357625, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=707 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8247 (0x2037) > smb_bcc=61 >[2012/11/09 16:29:17.357837, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.357857, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.357879, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.357901, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.357919, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.357937, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.357956, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2037) >[2012/11/09 16:29:17.357976, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.358015, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.358039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.358059, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.358080, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.358119, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.358162, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D4 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.358223, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.358246, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.358274, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.358299, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.358323, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.358343, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.358355, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=707 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.359166, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:17.359215, 3] smbd/process.c:1662(process_smb) > Transaction 286 of length 106 (0 toread) >[2012/11/09 16:29:17.359253, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.359277, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=768 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:17.359678, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.359710, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.359741, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:17.359772, 5] smbd/files.c:140(file_new) > allocated file structure 4152, fnum = 8248 (4 used) >[2012/11/09 16:29:17.359808, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:17.359866, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:17.359921, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:17.360951, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.360993, 3] smbd/process.c:1662(process_smb) > Transaction 287 of length 45 (0 toread) >[2012/11/09 16:29:17.361022, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.361038, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=832 > smt_wct=3 > smb_vwv[ 0]= 8247 (0x2037) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.361229, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.361260, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.361289, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8247 (numopen=4) >[2012/11/09 16:29:17.361317, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.361371, 5] smbd/files.c:482(file_free) > freed files structure 8247 (3 used) >[2012/11/09 16:29:17.361403, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.361421, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=832 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:17.362569, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:17.362612, 3] smbd/process.c:1662(process_smb) > Transaction 288 of length 228 (0 toread) >[2012/11/09 16:29:17.362653, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.362675, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=896 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8248 (0x2038) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:17.363100, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.363147, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.363192, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2038 name: spoolss len: 160 >[2012/11/09 16:29:17.363233, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:17.363292, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.363342, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:17.363379, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:17.363423, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:17.363483, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:17.364344, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:17.364378, 3] smbd/process.c:1662(process_smb) > Transaction 289 of length 63 (0 toread) >[2012/11/09 16:29:17.364399, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.364410, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=960 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8248 (0x2038) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:17.364641, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.364664, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.364686, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.364707, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.364732, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:17.365572, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/11/09 16:29:17.365604, 3] smbd/process.c:1662(process_smb) > Transaction 290 of length 296 (0 toread) >[2012/11/09 16:29:17.365641, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.365662, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8248 (0x2038) > smb_bcc=225 >[2012/11/09 16:29:17.365991, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.366025, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.366060, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/11/09 16:29:17.366092, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.366120, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.366149, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.366177, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2038) >[2012/11/09 16:29:17.366208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/11/09 16:29:17.366243, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.366276, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:17.366307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031\yyyp0708 >[2012/11/09 16:29:17.366356, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.366425, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031\yyyp0708 > Printer is a printer >[2012/11/09 16:29:17.366465, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031\yyyp0708 (len=19) > searching for [yyyp0708] > set_printer_hnd_name: Printer found: yyyp0708 -> yyyp0708 >[2012/11/09 16:29:17.366547, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:17.366577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.366644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.366725, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:17.366759, 3] lib/access.c:338(allow_access) > Allowed connection from yyyc27002.xxxxx.xxx (10.129.108.68) >[2012/11/09 16:29:17.366794, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_ADMINISTER >[2012/11/09 16:29:17.366826, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:17.366865, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:17.366907, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:17.366939, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.366984, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.367019, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:17.367049, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:17.367077, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:17.367199, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:17.367275, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.367367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.367440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:17.367506, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:17.367568, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:17.367631, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:17.367693, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:17.367748, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:17.367821, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:17.367897, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.367980, 2] rpc_client/cli_winreg_spoolss.c:896(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 already exists >[2012/11/09 16:29:17.368022, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.368091, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D9 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.368157, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.368213, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.368285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D8 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.368351, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.368398, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.368442, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.368530, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:17.368573, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.368606, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.368624, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.370213, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:17.370256, 3] smbd/process.c:1662(process_smb) > Transaction 291 of length 132 (0 toread) >[2012/11/09 16:29:17.370287, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.370304, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8248 (0x2038) > smb_bcc=61 >[2012/11/09 16:29:17.370631, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.370665, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.370697, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:17.370730, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:17.370757, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:17.370786, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:17.370814, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2038) >[2012/11/09 16:29:17.370845, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:17.370880, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:17.370911, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:17.370942, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:17.370972, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.371038, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.371120, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 D7 00 00 00 00 00 00 00 9D 50 4D 21 ........ .....PM! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:17.371186, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:17.371217, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:17.371256, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:17.371293, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:17.371330, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:17.371361, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.371379, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:17.372482, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:17.372521, 3] smbd/process.c:1662(process_smb) > Transaction 292 of length 45 (0 toread) >[2012/11/09 16:29:17.372548, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.372563, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]= 8248 (0x2038) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:17.372715, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:17.372742, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:17.372768, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8248 (numopen=3) >[2012/11/09 16:29:17.372797, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:17.372865, 5] smbd/files.c:482(file_free) > freed files structure 8248 (2 used) >[2012/11/09 16:29:17.372911, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:17.372930, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:18.778744, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/11/09 16:29:18.778831, 3] smbd/process.c:1662(process_smb) > Transaction 293 of length 106 (0 toread) >[2012/11/09 16:29:18.778853, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.778865, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/11/09 16:29:18.779186, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.779211, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.779237, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/11/09 16:29:18.779261, 5] smbd/files.c:140(file_new) > allocated file structure 4153, fnum = 8249 (3 used) >[2012/11/09 16:29:18.779291, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/11/09 16:29:18.779351, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/11/09 16:29:18.779379, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/11/09 16:29:18.780622, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/11/09 16:29:18.780656, 3] smbd/process.c:1662(process_smb) > Transaction 294 of length 228 (0 toread) >[2012/11/09 16:29:18.780677, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.780689, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8249 (0x2039) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/11/09 16:29:18.780931, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.780954, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.780976, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2039 name: spoolss len: 160 >[2012/11/09 16:29:18.780997, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/11/09 16:29:18.781033, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:18.781075, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/11/09 16:29:18.781100, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/11/09 16:29:18.781121, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/11/09 16:29:18.781155, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/11/09 16:29:18.782159, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:18.782195, 3] smbd/process.c:1662(process_smb) > Transaction 295 of length 63 (0 toread) >[2012/11/09 16:29:18.782215, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.782227, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8249 (0x2039) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:18.782413, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.782434, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.782456, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:18.782479, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:18.782520, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/11/09 16:29:18.783427, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x114 >[2012/11/09 16:29:18.783462, 3] smbd/process.c:1662(process_smb) > Transaction 296 of length 280 (0 toread) >[2012/11/09 16:29:18.783483, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.783494, 5] lib/util.c:342(show_msg) > size=276 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 192 (0xC0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8249 (0x2039) > smb_bcc=209 >[2012/11/09 16:29:18.783715, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.783737, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.783761, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=192 params=0 setup=2 >[2012/11/09 16:29:18.783784, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:18.783803, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:18.783822, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:18.783841, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2039) >[2012/11/09 16:29:18.783862, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 192 >[2012/11/09 16:29:18.783887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:18.783909, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/11/09 16:29:18.783930, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fa2ea3def70 > checking name: \\yyyu0031 >[2012/11/09 16:29:18.783965, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:18.784029, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\yyyu0031 > Printer is a print server >[2012/11/09 16:29:18.784063, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\yyyu0031 (len=10) >[2012/11/09 16:29:18.784085, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/11/09 16:29:18.784105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:18.784144, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2012/11/09 16:29:18.784167, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:18.784195, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:18.784221, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:18.784246, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:18.784267, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.784279, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:18.785725, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:18.785777, 3] smbd/process.c:1662(process_smb) > Transaction 297 of length 132 (0 toread) >[2012/11/09 16:29:18.785804, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.785822, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1472 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8249 (0x2039) > smb_bcc=61 >[2012/11/09 16:29:18.786041, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.786063, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.786086, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:18.786107, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:18.786125, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:18.786144, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:18.786162, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2039) >[2012/11/09 16:29:18.786182, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:18.786207, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:18.786229, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:18.786250, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:18.786270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:18.786310, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:18.786348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DA 00 00 00 00 00 00 00 9D 50 4E 21 ........ .....PN! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:18.786385, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:18.786405, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:18.786432, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/11/09 16:29:18.786458, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:18.786482, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:18.786502, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.786513, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1472 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:18.787644, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:18.787680, 3] smbd/process.c:1662(process_smb) > Transaction 298 of length 45 (0 toread) >[2012/11/09 16:29:18.787700, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.787711, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1536 > smt_wct=3 > smb_vwv[ 0]= 8249 (0x2039) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:18.787827, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:18.787847, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:18.787867, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8249 (numopen=3) >[2012/11/09 16:29:18.787888, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:18.787936, 5] smbd/files.c:482(file_free) > freed files structure 8249 (2 used) >[2012/11/09 16:29:18.787961, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:18.787973, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1536 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:20.971202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xb8 >[2012/11/09 16:29:20.971301, 3] smbd/process.c:1662(process_smb) > Transaction 299 of length 188 (0 toread) >[2012/11/09 16:29:20.971325, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:20.971337, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1600 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=117 >[2012/11/09 16:29:20.971648, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:20.971690, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:20.971740, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=100 params=0 setup=2 >[2012/11/09 16:29:20.971782, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:20.971819, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:20.971858, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:20.971898, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:20.971934, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 100 >[2012/11/09 16:29:20.971966, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:20.972006, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x7 - api_rpcTNP: rpc command: SPOOLSS_SETPRINTER >[2012/11/09 16:29:20.972101, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[7].fn == 0x7fa2ea3e9160 >[2012/11/09 16:29:20.972162, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.972243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.972370, 5] rpc_server/spoolss/srv_spoolss_nt.c:6601(publish_or_unpublish_printer) > publish_or_unpublish_printer, action = 1 >[2012/11/09 16:29:20.972410, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.972548, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:20.972597, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:20.972660, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:20.972720, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:20.972766, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:20.972831, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:20.972872, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:20.972909, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:20.972946, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:20.973091, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:20.973175, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.973279, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.973362, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:20.973438, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:20.973550, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:20.973624, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:20.973693, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:20.973760, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:20.973849, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:20.973936, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974035, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974190, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974433, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974492, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974567, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974712, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974909, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.974961, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.974996, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975075, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975135, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975215, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975342, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975403, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975700, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975880, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.975938, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.975978, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976034, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976142, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976238, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976338, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976400, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976531, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976686, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976744, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.976842, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.976922, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977001, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.977031, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:20.977079, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977156, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.977192, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:20.977257, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:20.977324, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977384, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977430, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:20.977471, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:20.977512, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:20.977552, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:20.977591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:20.977628, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:20.977674, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:20.977724, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977825, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.977846, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:20.977898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.977955, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:20.977977, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:20.978013, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978057, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DE 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978097, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.978126, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DD 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978208, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.978237, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978278, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DC 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978317, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.978346, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DB 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.978427, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.978465, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:20.978496, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:20.978528, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:20.978551, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:20.978582, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:20.978607, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:20.978627, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:20.978711, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:20.978791, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:20.978895, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.979031, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.979135, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979179, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:20.979231, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979257, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:20.979292, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979382, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:20.979449, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979485, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:20.979582, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979655, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:20.979699, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.979741, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:20.979798, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:20.979892, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.979988, 8] rpc_client/cli_winreg_spoolss.c:285(winreg_printer_openkey) > winreg_printer_openkey: createkey opened existing SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708 >[2012/11/09 16:29:20.980048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.980109, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708:Attributes] >[2012/11/09 16:29:20.980182, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.980231, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) > _winreg_SetValue: Setting value for [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708:ChangeID] >[2012/11/09 16:29:20.980282, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/11/09 16:29:20.981689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.981746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E0 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.981798, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.981833, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.981876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 DF 00 00 00 00 00 00 00 9D 50 50 21 ........ .....PP! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:20.981915, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:20.981963, 6] libads/ldap.c:365(ads_find_dc) > ads_find_dc: (ldap) looking for realm 'XXXXX.XXX' >[2012/11/09 16:29:20.982011, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.982040, 4] libsmb/namequery_dc.c:76(ads_dc_name) > ads_dc_name: domain=BROSE >[2012/11/09 16:29:20.982067, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.982088, 6] libads/ldap.c:385(ads_find_dc) > ads_find_dc: (cldap) looking for realm 'XXXXX.XXX' >[2012/11/09 16:29:20.982110, 8] libsmb/namequery.c:2721(get_sorted_dc_list) > get_sorted_dc_list: attempting lookup for name XXXXX.XXX (sitename YYY) using [ads] >[2012/11/09 16:29:20.982159, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain >[2012/11/09 16:29:20.982186, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" >[2012/11/09 16:29:20.982226, 5] libsmb/namecache.c:165(namecache_fetch) > name XXXXX.XXX#1C found. >[2012/11/09 16:29:20.982345, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 4 DC's from auto lookup >[2012/11/09 16:29:20.982389, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.982440, 5] libsmb/namecache.c:165(namecache_fetch) > name YYYS8002.xxxxx.xxx#20 found. >[2012/11/09 16:29:20.982503, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.982541, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.982569, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 >[2012/11/09 16:29:20.982601, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 >[2012/11/09 16:29:20.982630, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 >[2012/11/09 16:29:20.982653, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 4 ip addresses in an ordered list >[2012/11/09 16:29:20.982673, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 >[2012/11/09 16:29:20.982702, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.982726, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 172.31.58.11 (realm: XXXXX.XXX) >[2012/11/09 16:29:20.983427, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 172.31.58.11 >[2012/11/09 16:29:20.983480, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.983552, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain >[2012/11/09 16:29:20.983591, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" >[2012/11/09 16:29:20.983649, 5] libsmb/namecache.c:165(namecache_fetch) > name XXXXX.XXX#1C found. >[2012/11/09 16:29:20.983749, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 4 DC's from auto lookup >[2012/11/09 16:29:20.983798, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.983844, 5] libsmb/namecache.c:165(namecache_fetch) > name YYYS8002.xxxxx.xxx#20 found. >[2012/11/09 16:29:20.983910, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.983957, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.984000, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 >[2012/11/09 16:29:20.984042, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 >[2012/11/09 16:29:20.984085, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 >[2012/11/09 16:29:20.984114, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 4 ip addresses in an ordered list >[2012/11/09 16:29:20.984134, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 >[2012/11/09 16:29:20.984177, 5] libsmb/namequery.c:194(saf_fetch) > saf_fetch: Returning "YYYS8002.xxxxx.xxx" for "XXXXX.XXX" domain >[2012/11/09 16:29:20.984216, 3] libsmb/namequery.c:2533(get_dc_list) > get_dc_list: preferred server list: "YYYS8002.xxxxx.xxx, *" >[2012/11/09 16:29:20.984250, 5] libsmb/namecache.c:165(namecache_fetch) > name XXXXX.XXX#1C found. >[2012/11/09 16:29:20.984316, 8] libsmb/namequery.c:2554(get_dc_list) > Adding 4 DC's from auto lookup >[2012/11/09 16:29:20.984354, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.984403, 5] libsmb/namecache.c:165(namecache_fetch) > name YYYS8002.xxxxx.xxx#20 found. >[2012/11/09 16:29:20.984456, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.984519, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.11 >[2012/11/09 16:29:20.984547, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.58.21 >[2012/11/09 16:29:20.984573, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 172.31.58.12 >[2012/11/09 16:29:20.984599, 9] libsmb/conncache.c:150(check_negative_conn_cache) > check_negative_conn_cache returning result 0 for domain XXXXX.XXX server 10.128.59.21 >[2012/11/09 16:29:20.984623, 4] libsmb/namequery.c:2670(get_dc_list) > get_dc_list: returning 4 ip addresses in an ordered list >[2012/11/09 16:29:20.984648, 4] libsmb/namequery.c:2671(get_dc_list) > get_dc_list: 172.31.58.11:389 10.128.58.21:389 172.31.58.12:389 10.128.59.21:389 >[2012/11/09 16:29:20.984697, 0] libads/kerberos.c:909(create_local_private_krb5_conf_for_domain) > create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.PYuGbi. Errno Keine Berechtigung >[2012/11/09 16:29:20.984729, 4] libsmb/namequery_dc.c:148(ads_dc_name) > ads_dc_name: using server='YYYS8002.XXXXX.XXX' IP=172.31.58.11 >[2012/11/09 16:29:20.984757, 5] libads/sitename_cache.c:105(sitename_fetch) > sitename_fetch: Returning sitename for XXXXX.XXX: "YYY" >[2012/11/09 16:29:20.984785, 5] libsmb/namecache.c:165(namecache_fetch) > name YYYS8002.XXXXX.XXX#20 found. >[2012/11/09 16:29:20.984838, 5] libads/ldap.c:232(ads_try_connect) > ads_try_connect: sending CLDAP request to 172.31.58.11 (realm: XXXXX.XXX) >[2012/11/09 16:29:20.985337, 3] libads/ldap.c:640(ads_connect) > Successfully contacted LDAP server 172.31.58.11 >[2012/11/09 16:29:20.985700, 3] libads/ldap.c:694(ads_connect) > Connected to LDAP server YYYS8002.xxxxx.xxx >[2012/11/09 16:29:20.986304, 4] libads/ldap.c:2857(ads_current_time) > time offset is 0 seconds >[2012/11/09 16:29:20.986671, 4] libads/sasl.c:1211(ads_sasl_bind) > Found SASL mechanism GSS-SPNEGO >[2012/11/09 16:29:20.987051, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 >[2012/11/09 16:29:20.987081, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >[2012/11/09 16:29:20.987103, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >[2012/11/09 16:29:20.987136, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >[2012/11/09 16:29:20.987157, 3] libads/sasl.c:869(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >[2012/11/09 16:29:20.987176, 3] libads/sasl.c:878(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore >[2012/11/09 16:29:20.987290, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2012/11/09 16:29:20.992381, 3] libsmb/clikrb5.c:543(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Sat, 10 Nov 2012 02:29:20 CET >[2012/11/09 16:29:20.992450, 3] libsmb/clikrb5.c:751(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT >[2012/11/09 16:29:20.994869, 5] printing/nt_printing_ads.c:112(nt_printer_publish_ads) > publishing printer yyyp0708 >[2012/11/09 16:29:20.998229, 3] printing/nt_printing_ads.c:189(nt_printer_publish_ads) > error publishing yyyp0708: Object class violation >[2012/11/09 16:29:20.999288, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:20.999331, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:20.999353, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:20.999373, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:20.999407, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:20.999437, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:20.999464, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1741 >[2012/11/09 16:29:20.999492, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..28] (align 0) >[2012/11/09 16:29:20.999513, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:20.999525, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=1600 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/11/09 16:29:21.001340, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.001372, 3] smbd/process.c:1662(process_smb) > Transaction 300 of length 4348 (0 toread) >[2012/11/09 16:29:21.001392, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.001403, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1664 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.001655, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.001681, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.001703, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:21.009415, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:21.012540, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:21.012587, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.012626, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.012677, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.021481, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.021560, 3] smbd/process.c:1662(process_smb) > Transaction 301 of length 4348 (0 toread) >[2012/11/09 16:29:21.021581, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.021593, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1728 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.021809, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.021832, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.021855, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.021876, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.021917, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.023469, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.023524, 3] smbd/process.c:1662(process_smb) > Transaction 302 of length 4348 (0 toread) >[2012/11/09 16:29:21.023564, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.023588, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1792 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.023911, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.023945, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.023980, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.024012, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.024061, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.025684, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.025737, 3] smbd/process.c:1662(process_smb) > Transaction 303 of length 4348 (0 toread) >[2012/11/09 16:29:21.025778, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.025802, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1856 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.026030, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.026054, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.026075, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.026096, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.026129, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.027654, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.027689, 3] smbd/process.c:1662(process_smb) > Transaction 304 of length 4348 (0 toread) >[2012/11/09 16:29:21.027709, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.027721, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1920 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.027922, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.027943, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.027963, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.027984, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.028013, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.029708, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.029741, 3] smbd/process.c:1662(process_smb) > Transaction 305 of length 4348 (0 toread) >[2012/11/09 16:29:21.029762, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.029773, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=1984 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.029973, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.029994, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.030014, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.030049, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.030080, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.031619, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/11/09 16:29:21.031659, 3] smbd/process.c:1662(process_smb) > Transaction 306 of length 4348 (0 toread) >[2012/11/09 16:29:21.031680, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.031691, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2048 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.031893, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.031914, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.031935, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2012 name: spoolss len: 4280 >[2012/11/09 16:29:21.031955, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/11/09 16:29:21.031984, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/11/09 16:29:21.033348, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xc30 >[2012/11/09 16:29:21.033381, 3] smbd/process.c:1662(process_smb) > Transaction 307 of length 3124 (0 toread) >[2012/11/09 16:29:21.033401, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.033412, 5] lib/util.c:342(show_msg) > size=3120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2112 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 3036 (0xBDC) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 3036 (0xBDC) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=3053 >[2012/11/09 16:29:21.033628, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.033648, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.033674, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=3036 params=0 setup=2 >[2012/11/09 16:29:21.033697, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:21.033716, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:21.033736, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:21.033755, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:21.033776, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 3036 >[2012/11/09 16:29:21.033802, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:21.033826, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/11/09 16:29:21.033847, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fa2ea3e8e50 >[2012/11/09 16:29:21.033875, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.033930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[1] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.033972, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:yyyp0708 >[2012/11/09 16:29:21.033997, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:21.034026, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:21.034060, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:21.034084, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.034126, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.034155, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.034175, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:21.034194, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:21.034300, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.034354, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.034413, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.034457, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:21.034501, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:21.034551, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:21.034640, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:21.034741, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:21.034816, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:21.034911, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:21.035004, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035254, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035303, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035339, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035397, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035434, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035478, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035511, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035554, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035630, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035715, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035760, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035914, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.035947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.035990, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036024, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036066, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036099, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036153, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036232, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036265, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036309, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036349, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036398, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036515, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036596, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036672, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036750, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036782, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036825, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.036938, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.036958, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.036991, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037035, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.037054, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.037093, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:21.037137, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037191, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037235, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:21.037275, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:21.037315, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:21.037354, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:21.037393, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:21.037429, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:21.037474, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:21.037523, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037623, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.037643, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.037694, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037740, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.037760, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.037814, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037859, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E4 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037898, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.037927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.037970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E3 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038008, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.038035, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E2 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038115, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.038144, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038185, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E1 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038223, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.038262, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/11/09 16:29:21.038292, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/11/09 16:29:21.038322, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:21.038345, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.038387, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.038413, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.038433, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:21.038452, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:21.038528, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.038573, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.038692, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:21.038738, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:21.038779, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:21.038819, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:21.038858, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:21.038895, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:21.038941, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:21.038991, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039179, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039213, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039256, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039289, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039365, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039408, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039440, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039483, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039515, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039558, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039600, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039645, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039722, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039797, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039829, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039872, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.039947, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.039980, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040023, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040098, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040130, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040173, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040248, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040291, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040336, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040369, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040412, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040512, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040548, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040592, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040639, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040685, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040705, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.040737, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040781, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.040800, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.040837, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:21.040880, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.040977, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:21.041016, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:21.041068, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:21.041108, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:21.041147, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:21.041194, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:21.041241, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:21.041291, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041391, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.041411, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.041462, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041508, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708] >[2012/11/09 16:29:21.041528, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.041561, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041604, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E8 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041642, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.041671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E7 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041752, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.041779, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E6 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041859, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.041887, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041939, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E5 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.041979, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.042018, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/11/09 16:29:21.042043, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 10006) : sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.042073, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.042097, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/11/09 16:29:21.042115, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:21.042134, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:21.042201, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:21.042247, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042303, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042347, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/11/09 16:29:21.042389, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/11/09 16:29:21.042429, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/11/09 16:29:21.042469, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/11/09 16:29:21.042508, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/11/09 16:29:21.042544, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/11/09 16:29:21.042591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [yyyp0708] >[2012/11/09 16:29:21.042639, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [DsSpooler] >[2012/11/09 16:29:21.042687, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042789, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\yyyp0708\DsSpooler] >[2012/11/09 16:29:21.042809, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/11/09 16:29:21.042853, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042898, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 EA 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.042947, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.042976, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.043018, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 E9 00 00 00 00 00 00 00 9D 50 51 21 ........ .....PQ! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:21.043056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:21.043101, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:21.043140, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.043171, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..4280] (align 0) >[2012/11/09 16:29:21.043194, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.043206, 5] lib/util.c:342(show_msg) > size=4336 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2112 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4280 (0x10B8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=4281 >[2012/11/09 16:29:21.044770, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.044807, 3] smbd/process.c:1662(process_smb) > Transaction 308 of length 63 (0 toread) >[2012/11/09 16:29:21.044827, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.044838, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2176 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.045022, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.045043, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.045065, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.045095, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.046672, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.046706, 3] smbd/process.c:1662(process_smb) > Transaction 309 of length 63 (0 toread) >[2012/11/09 16:29:21.046726, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.046738, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2240 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.046923, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.046944, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.046965, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.047008, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.048443, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.048493, 3] smbd/process.c:1662(process_smb) > Transaction 310 of length 63 (0 toread) >[2012/11/09 16:29:21.048514, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.048526, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2304 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.048709, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.048729, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.048750, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.048779, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.050407, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.050477, 3] smbd/process.c:1662(process_smb) > Transaction 311 of length 63 (0 toread) >[2012/11/09 16:29:21.050516, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.050538, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2368 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.050751, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.050775, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.050797, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.050828, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.052316, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.052351, 3] smbd/process.c:1662(process_smb) > Transaction 312 of length 63 (0 toread) >[2012/11/09 16:29:21.052371, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.052383, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2432 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.052611, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.052634, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.052656, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.052688, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.054157, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.054214, 3] smbd/process.c:1662(process_smb) > Transaction 313 of length 63 (0 toread) >[2012/11/09 16:29:21.054236, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.054247, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2496 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.054429, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.054450, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.054482, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.054521, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/11/09 16:29:21.055957, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/11/09 16:29:21.055989, 3] smbd/process.c:1662(process_smb) > Transaction 314 of length 63 (0 toread) >[2012/11/09 16:29:21.056009, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:21.056021, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2560 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8210 (0x2012) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/11/09 16:29:21.056205, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:21.056226, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:21.056246, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:21.056273, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 7451 >[2012/11/09 16:29:21.056317, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=3016 >[2012/11/09 16:29:30.512593, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2012/11/09 16:29:30.512684, 3] smbd/process.c:1662(process_smb) > Transaction 315 of length 39 (0 toread) >[2012/11/09 16:29:30.512706, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.512718, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=2624 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:30.512818, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 12629) conn 0x7fa2eacb8b60 >[2012/11/09 16:29:30.512840, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:30.512860, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:30.512879, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:30.512916, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:30.512940, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/drivers >[2012/11/09 16:29:30.512966, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:30.512985, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:30.513031, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:30.513061, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:30.513082, 1] smbd/service.c:1378(close_cnum) > 10.129.108.68 (10.129.108.68) closed connection to service print$ >[2012/11/09 16:29:30.513106, 3] smbd/connection.c:35(yield_connection) > Yielding connection to print$ >[2012/11/09 16:29:30.513144, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2012/11/09 16:29:30.513168, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:30.513188, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:29:30.513227, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:29:30.513258, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:29:30.513290, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 784 - private_data=0x7fa2eaca8f40 >[2012/11/09 16:29:30.513316, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.513328, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=101 > smb_mid=2624 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:30.671795, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:30.671878, 3] smbd/process.c:1662(process_smb) > Transaction 316 of length 132 (0 toread) >[2012/11/09 16:29:30.671899, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.671910, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2688 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8212 (0x2014) > smb_bcc=61 >[2012/11/09 16:29:30.672123, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:30.672149, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 10006) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:29:30.672171, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (811): > SID[ 0]: S-1-5-21-160562036-3150058255-2134394716-19743 > SID[ 1]: S-1-5-21-160562036-3150058255-2134394716-513 > SID[ 2]: S-1-5-21-160562036-3150058255-2134394716-334230 > SID[ 3]: S-1-5-21-160562036-3150058255-2134394716-23353 > SID[ 4]: S-1-5-21-160562036-3150058255-2134394716-304793 > SID[ 5]: S-1-5-21-160562036-3150058255-2134394716-269408 > SID[ 6]: S-1-5-21-160562036-3150058255-2134394716-50420 > SID[ 7]: S-1-5-21-160562036-3150058255-2134394716-113634 > SID[ 8]: S-1-5-21-160562036-3150058255-2134394716-113662 > SID[ 9]: S-1-5-21-160562036-3150058255-2134394716-260755 > SID[ 10]: S-1-5-21-160562036-3150058255-2134394716-288770 > SID[ 11]: S-1-5-21-160562036-3150058255-2134394716-67892 > SID[ 12]: S-1-5-21-160562036-3150058255-2134394716-20800 > SID[ 13]: S-1-5-21-160562036-3150058255-2134394716-269744 > SID[ 14]: S-1-5-21-160562036-3150058255-2134394716-63803 > SID[ 15]: S-1-5-21-160562036-3150058255-2134394716-360934 > SID[ 16]: S-1-5-21-160562036-3150058255-2134394716-421750 > SID[ 17]: S-1-5-21-160562036-3150058255-2134394716-294313 > SID[ 18]: S-1-5-21-160562036-3150058255-2134394716-109619 > SID[ 19]: S-1-5-21-160562036-3150058255-2134394716-13623 > SID[ 20]: S-1-5-21-160562036-3150058255-2134394716-113660 > SID[ 21]: S-1-5-21-160562036-3150058255-2134394716-13846 > SID[ 22]: S-1-5-21-160562036-3150058255-2134394716-351693 > SID[ 23]: S-1-5-21-160562036-3150058255-2134394716-56178 > SID[ 24]: S-1-5-21-160562036-3150058255-2134394716-268914 > SID[ 25]: S-1-5-21-160562036-3150058255-2134394716-276389 > SID[ 26]: S-1-5-21-160562036-3150058255-2134394716-294265 > SID[ 27]: S-1-5-21-160562036-3150058255-2134394716-289050 > SID[ 28]: S-1-5-21-160562036-3150058255-2134394716-284074 > SID[ 29]: S-1-5-21-160562036-3150058255-2134394716-353623 > SID[ 30]: S-1-5-21-160562036-3150058255-2134394716-60632 > SID[ 31]: S-1-5-21-160562036-3150058255-2134394716-299617 > SID[ 32]: S-1-5-21-160562036-3150058255-2134394716-269875 > SID[ 33]: S-1-5-21-160562036-3150058255-2134394716-260777 > SID[ 34]: S-1-5-21-160562036-3150058255-2134394716-72011 > SID[ 35]: S-1-5-21-160562036-3150058255-2134394716-56174 > SID[ 36]: S-1-5-21-160562036-3150058255-2134394716-294145 > SID[ 37]: S-1-5-21-160562036-3150058255-2134394716-46643 > SID[ 38]: S-1-5-21-160562036-3150058255-2134394716-110684 > SID[ 39]: S-1-5-21-160562036-3150058255-2134394716-69476 > SID[ 40]: S-1-5-21-160562036-3150058255-2134394716-354438 > SID[ 41]: S-1-5-21-160562036-3150058255-2134394716-288215 > SID[ 42]: S-1-5-21-160562036-3150058255-2134394716-418124 > SID[ 43]: S-1-5-21-160562036-3150058255-2134394716-32947 > SID[ 44]: S-1-5-21-160562036-3150058255-2134394716-373447 > SID[ 45]: S-1-5-21-160562036-3150058255-2134394716-21119 > SID[ 46]: S-1-5-21-160562036-3150058255-2134394716-254283 > SID[ 47]: S-1-5-21-160562036-3150058255-2134394716-21918 > SID[ 48]: S-1-5-21-160562036-3150058255-2134394716-268915 > SID[ 49]: S-1-5-21-160562036-3150058255-2134394716-267093 > SID[ 50]: S-1-5-21-160562036-3150058255-2134394716-340888 > SID[ 51]: S-1-5-21-160562036-3150058255-2134394716-294363 > SID[ 52]: S-1-5-21-160562036-3150058255-2134394716-414620 > SID[ 53]: S-1-5-21-160562036-3150058255-2134394716-260959 > SID[ 54]: S-1-5-21-160562036-3150058255-2134394716-56176 > SID[ 55]: S-1-5-21-160562036-3150058255-2134394716-373472 > SID[ 56]: S-1-5-21-160562036-3150058255-2134394716-294492 > SID[ 57]: S-1-5-21-160562036-3150058255-2134394716-373554 > SID[ 58]: S-1-5-21-160562036-3150058255-2134394716-104382 > SID[ 59]: S-1-5-21-160562036-3150058255-2134394716-294361 > SID[ 60]: S-1-5-21-160562036-3150058255-2134394716-245149 > SID[ 61]: S-1-5-21-160562036-3150058255-2134394716-32807 > SID[ 62]: S-1-5-21-160562036-3150058255-2134394716-63805 > SID[ 63]: S-1-5-21-160562036-3150058255-2134394716-290135 > SID[ 64]: S-1-5-21-160562036-3150058255-2134394716-248439 > SID[ 65]: S-1-5-21-160562036-3150058255-2134394716-58745 > SID[ 66]: S-1-5-21-160562036-3150058255-2134394716-288316 > SID[ 67]: S-1-5-21-160562036-3150058255-2134394716-373441 > SID[ 68]: S-1-5-21-160562036-3150058255-2134394716-268916 > SID[ 69]: S-1-5-21-160562036-3150058255-2134394716-17597 > SID[ 70]: S-1-5-21-160562036-3150058255-2134394716-113654 > SID[ 71]: S-1-5-21-160562036-3150058255-2134394716-304050 > SID[ 72]: S-1-5-21-160562036-3150058255-2134394716-112626 > SID[ 73]: S-1-5-21-160562036-3150058255-2134394716-360946 > SID[ 74]: S-1-5-21-160562036-3150058255-2134394716-1116 > SID[ 75]: S-1-5-21-160562036-3150058255-2134394716-294490 > SID[ 76]: S-1-5-21-160562036-3150058255-2134394716-373442 > SID[ 77]: S-1-5-21-160562036-3150058255-2134394716-402137 > SID[ 78]: S-1-5-21-160562036-3150058255-2134394716-373470 > SID[ 79]: S-1-5-21-160562036-3150058255-2134394716-284963 > SID[ 80]: S-1-5-21-160562036-3150058255-2134394716-21963 > SID[ 81]: S-1-5-21-160562036-3150058255-2134394716-373556 > SID[ 82]: S-1-5-21-160562036-3150058255-2134394716-351504 > SID[ 83]: S-1-5-21-160562036-3150058255-2134394716-360382 > SID[ 84]: S-1-5-21-160562036-3150058255-2134394716-266966 > SID[ 85]: S-1-5-21-160562036-3150058255-2134394716-63797 > SID[ 86]: S-1-5-21-160562036-3150058255-2134394716-31306 > SID[ 87]: S-1-5-21-160562036-3150058255-2134394716-420969 > SID[ 88]: S-1-5-21-160562036-3150058255-2134394716-58439 > SID[ 89]: S-1-5-21-160562036-3150058255-2134394716-351240 > SID[ 90]: S-1-5-21-160562036-3150058255-2134394716-290160 > SID[ 91]: S-1-5-21-160562036-3150058255-2134394716-335340 > SID[ 92]: S-1-5-21-160562036-3150058255-2134394716-32819 > SID[ 93]: S-1-5-21-160562036-3150058255-2134394716-63801 > SID[ 94]: S-1-5-21-160562036-3150058255-2134394716-53171 > SID[ 95]: S-1-5-21-160562036-3150058255-2134394716-294243 > SID[ 96]: S-1-5-21-160562036-3150058255-2134394716-350032 > SID[ 97]: S-1-5-21-160562036-3150058255-2134394716-63737 > SID[ 98]: S-1-5-21-160562036-3150058255-2134394716-13863 > SID[ 99]: S-1-5-21-160562036-3150058255-2134394716-351719 > SID[100]: S-1-5-21-160562036-3150058255-2134394716-56165 > SID[101]: S-1-5-21-160562036-3150058255-2134394716-113646 > SID[102]: S-1-5-21-160562036-3150058255-2134394716-430811 > SID[103]: S-1-5-21-160562036-3150058255-2134394716-284081 > SID[104]: S-1-5-21-160562036-3150058255-2134394716-256696 > SID[105]: S-1-5-21-160562036-3150058255-2134394716-416414 > SID[106]: S-1-5-21-160562036-3150058255-2134394716-49609 > SID[107]: S-1-5-21-160562036-3150058255-2134394716-377791 > SID[108]: S-1-5-21-160562036-3150058255-2134394716-32821 > SID[109]: S-1-5-21-160562036-3150058255-2134394716-359223 > SID[110]: S-1-5-21-160562036-3150058255-2134394716-284091 > SID[111]: S-1-5-21-160562036-3150058255-2134394716-433713 > SID[112]: S-1-5-21-160562036-3150058255-2134394716-33100 > SID[113]: S-1-5-21-160562036-3150058255-2134394716-416203 > SID[114]: S-1-5-21-160562036-3150058255-2134394716-317007 > SID[115]: S-1-5-21-160562036-3150058255-2134394716-69542 > SID[116]: S-1-5-21-160562036-3150058255-2134394716-268918 > SID[117]: S-1-5-21-160562036-3150058255-2134394716-69428 > SID[118]: S-1-5-21-160562036-3150058255-2134394716-316764 > SID[119]: S-1-5-21-160562036-3150058255-2134394716-55705 > SID[120]: S-1-5-21-160562036-3150058255-2134394716-291229 > SID[121]: S-1-5-21-160562036-3150058255-2134394716-250116 > SID[122]: S-1-5-21-160562036-3150058255-2134394716-294315 > SID[123]: S-1-5-21-160562036-3150058255-2134394716-402469 > SID[124]: S-1-5-21-160562036-3150058255-2134394716-256697 > SID[125]: S-1-5-21-160562036-3150058255-2134394716-418438 > SID[126]: S-1-5-21-160562036-3150058255-2134394716-435652 > SID[127]: S-1-5-21-160562036-3150058255-2134394716-45010 > SID[128]: S-1-5-21-160562036-3150058255-2134394716-322368 > SID[129]: S-1-5-21-160562036-3150058255-2134394716-267090 > SID[130]: S-1-5-21-160562036-3150058255-2134394716-32825 > SID[131]: S-1-5-21-160562036-3150058255-2134394716-35099 > SID[132]: S-1-5-21-160562036-3150058255-2134394716-56157 > SID[133]: S-1-5-21-160562036-3150058255-2134394716-113648 > SID[134]: S-1-5-21-160562036-3150058255-2134394716-55709 > SID[135]: S-1-5-21-160562036-3150058255-2134394716-108789 > SID[136]: S-1-5-21-160562036-3150058255-2134394716-56159 > SID[137]: S-1-5-21-160562036-3150058255-2134394716-268919 > SID[138]: S-1-5-21-160562036-3150058255-2134394716-245147 > SID[139]: S-1-5-21-160562036-3150058255-2134394716-430693 > SID[140]: S-1-5-21-160562036-3150058255-2134394716-289617 > SID[141]: S-1-5-21-160562036-3150058255-2134394716-373445 > SID[142]: S-1-5-21-160562036-3150058255-2134394716-14282 > SID[143]: S-1-5-21-160562036-3150058255-2134394716-433712 > SID[144]: S-1-5-21-160562036-3150058255-2134394716-59232 > SID[145]: S-1-5-21-160562036-3150058255-2134394716-33429 > SID[146]: S-1-5-21-160562036-3150058255-2134394716-437634 > SID[147]: S-1-5-21-160562036-3150058255-2134394716-23354 > SID[148]: S-1-5-21-160562036-3150058255-2134394716-113636 > SID[149]: S-1-5-21-160562036-3150058255-2134394716-63799 > SID[150]: S-1-5-21-160562036-3150058255-2134394716-261009 > SID[151]: S-1-5-21-160562036-3150058255-2134394716-290498 > SID[152]: S-1-5-21-160562036-3150058255-2134394716-375928 > SID[153]: S-1-5-21-160562036-3150058255-2134394716-276407 > SID[154]: S-1-5-21-160562036-3150058255-2134394716-357401 > SID[155]: S-1-5-21-160562036-3150058255-2134394716-357385 > SID[156]: S-1-5-21-160562036-3150058255-2134394716-269404 > SID[157]: S-1-5-21-160562036-3150058255-2134394716-67790 > SID[158]: S-1-5-21-160562036-3150058255-2134394716-392120 > SID[159]: S-1-5-21-160562036-3150058255-2134394716-276395 > SID[160]: S-1-5-21-160562036-3150058255-2134394716-113343 > SID[161]: S-1-5-21-160562036-3150058255-2134394716-56172 > SID[162]: S-1-5-21-160562036-3150058255-2134394716-402467 > SID[163]: S-1-5-21-160562036-3150058255-2134394716-293007 > SID[164]: S-1-5-21-160562036-3150058255-2134394716-427942 > SID[165]: S-1-5-21-160562036-3150058255-2134394716-373529 > SID[166]: S-1-5-21-160562036-3150058255-2134394716-263163 > SID[167]: S-1-5-21-160562036-3150058255-2134394716-64111 > SID[168]: S-1-5-21-160562036-3150058255-2134394716-266852 > SID[169]: S-1-5-21-160562036-3150058255-2134394716-357892 > SID[170]: S-1-5-21-160562036-3150058255-2134394716-104429 > SID[171]: S-1-5-21-160562036-3150058255-2134394716-32813 > SID[172]: S-1-5-21-160562036-3150058255-2134394716-360722 > SID[173]: S-1-5-21-160562036-3150058255-2134394716-284092 > SID[174]: S-1-5-21-160562036-3150058255-2134394716-289619 > SID[175]: S-1-5-21-160562036-3150058255-2134394716-369316 > SID[176]: S-1-5-21-160562036-3150058255-2134394716-49542 > SID[177]: S-1-5-21-160562036-3150058255-2134394716-329659 > SID[178]: S-1-5-21-160562036-3150058255-2134394716-32809 > SID[179]: S-1-5-21-160562036-3150058255-2134394716-108767 > SID[180]: S-1-5-21-160562036-3150058255-2134394716-305399 > SID[181]: S-1-5-21-160562036-3150058255-2134394716-263161 > SID[182]: S-1-5-21-160562036-3150058255-2134394716-314050 > SID[183]: S-1-5-21-160562036-3150058255-2134394716-31001 > SID[184]: S-1-5-21-160562036-3150058255-2134394716-279682 > SID[185]: S-1-5-21-160562036-3150058255-2134394716-294147 > SID[186]: S-1-5-21-160562036-3150058255-2134394716-56163 > SID[187]: S-1-5-21-160562036-3150058255-2134394716-285751 > SID[188]: S-1-5-21-160562036-3150058255-2134394716-21723 > SID[189]: S-1-5-21-160562036-3150058255-2134394716-8332 > SID[190]: S-1-5-21-160562036-3150058255-2134394716-32827 > SID[191]: S-1-5-21-160562036-3150058255-2134394716-256460 > SID[192]: S-1-5-21-160562036-3150058255-2134394716-256183 > SID[193]: S-1-5-21-160562036-3150058255-2134394716-300424 > SID[194]: S-1-5-21-160562036-3150058255-2134394716-55677 > SID[195]: S-1-5-21-160562036-3150058255-2134394716-253145 > SID[196]: S-1-5-21-160562036-3150058255-2134394716-63804 > SID[197]: S-1-5-21-160562036-3150058255-2134394716-358866 > SID[198]: S-1-5-21-160562036-3150058255-2134394716-32823 > SID[199]: S-1-5-21-160562036-3150058255-2134394716-276620 > SID[200]: S-1-5-21-160562036-3150058255-2134394716-361940 > SID[201]: S-1-5-21-160562036-3150058255-2134394716-49274 > SID[202]: S-1-5-21-160562036-3150058255-2134394716-402177 > SID[203]: S-1-5-21-160562036-3150058255-2134394716-252230 > SID[204]: S-1-5-21-160562036-3150058255-2134394716-321100 > SID[205]: S-1-5-21-160562036-3150058255-2134394716-20801 > SID[206]: S-1-5-21-160562036-3150058255-2134394716-276621 > SID[207]: S-1-5-21-160562036-3150058255-2134394716-252010 > SID[208]: S-1-5-21-160562036-3150058255-2134394716-292766 > SID[209]: S-1-5-21-160562036-3150058255-2134394716-37331 > SID[210]: S-1-5-21-160562036-3150058255-2134394716-260776 > SID[211]: S-1-5-21-160562036-3150058255-2134394716-386708 > SID[212]: S-1-5-21-160562036-3150058255-2134394716-374616 > SID[213]: S-1-5-21-160562036-3150058255-2134394716-21084 > SID[214]: S-1-5-21-160562036-3150058255-2134394716-294267 > SID[215]: S-1-5-21-160562036-3150058255-2134394716-63802 > SID[216]: S-1-5-21-160562036-3150058255-2134394716-31186 > SID[217]: S-1-5-21-160562036-3150058255-2134394716-105575 > SID[218]: S-1-5-21-160562036-3150058255-2134394716-361874 > SID[219]: S-1-5-21-160562036-3150058255-2134394716-360362 > SID[220]: S-1-5-21-160562036-3150058255-2134394716-357734 > SID[221]: S-1-5-21-160562036-3150058255-2134394716-294241 > SID[222]: S-1-5-21-160562036-3150058255-2134394716-251778 > SID[223]: S-1-5-21-160562036-3150058255-2134394716-49510 > SID[224]: S-1-5-21-160562036-3150058255-2134394716-35015 > SID[225]: S-1-5-21-160562036-3150058255-2134394716-20749 > SID[226]: S-1-5-21-160562036-3150058255-2134394716-294291 > SID[227]: S-1-5-21-160562036-3150058255-2134394716-254469 > SID[228]: S-1-5-21-160562036-3150058255-2134394716-247296 > SID[229]: S-1-5-21-160562036-3150058255-2134394716-63798 > SID[230]: S-1-5-21-160562036-3150058255-2134394716-59035 > SID[231]: S-1-5-21-160562036-3150058255-2134394716-430331 > SID[232]: S-1-5-21-160562036-3150058255-2134394716-21301 > SID[233]: S-1-5-21-160562036-3150058255-2134394716-55627 > SID[234]: S-1-5-21-160562036-3150058255-2134394716-32815 > SID[235]: S-1-5-21-160562036-3150058255-2134394716-277164 > SID[236]: S-1-5-21-160562036-3150058255-2134394716-21552 > SID[237]: S-1-5-21-160562036-3150058255-2134394716-56622 > SID[238]: S-1-5-21-160562036-3150058255-2134394716-37315 > SID[239]: S-1-5-21-160562036-3150058255-2134394716-334225 > SID[240]: S-1-5-21-160562036-3150058255-2134394716-338141 > SID[241]: S-1-5-21-160562036-3150058255-2134394716-246169 > SID[242]: S-1-5-21-160562036-3150058255-2134394716-297835 > SID[243]: S-1-5-21-160562036-3150058255-2134394716-353615 > SID[244]: S-1-5-21-160562036-3150058255-2134394716-322371 > SID[245]: S-1-5-21-160562036-3150058255-2134394716-63235 > SID[246]: S-1-5-21-160562036-3150058255-2134394716-266849 > SID[247]: S-1-5-21-160562036-3150058255-2134394716-293998 > SID[248]: S-1-5-21-160562036-3150058255-2134394716-433714 > SID[249]: S-1-5-21-160562036-3150058255-2134394716-107694 > SID[250]: S-1-5-21-160562036-3150058255-2134394716-288317 > SID[251]: S-1-5-21-160562036-3150058255-2134394716-44135 > SID[252]: S-1-5-21-160562036-3150058255-2134394716-290560 > SID[253]: S-1-5-21-160562036-3150058255-2134394716-322681 > SID[254]: S-1-5-21-160562036-3150058255-2134394716-283109 > SID[255]: S-1-5-21-160562036-3150058255-2134394716-357879 > SID[256]: S-1-5-21-160562036-3150058255-2134394716-289046 > SID[257]: S-1-5-21-160562036-3150058255-2134394716-32803 > SID[258]: S-1-5-21-160562036-3150058255-2134394716-343968 > SID[259]: S-1-5-21-160562036-3150058255-2134394716-50792 > SID[260]: S-1-5-21-160562036-3150058255-2134394716-50518 > SID[261]: S-1-5-21-160562036-3150058255-2134394716-37238 > SID[262]: S-1-5-21-160562036-3150058255-2134394716-360465 > SID[263]: S-1-5-21-160562036-3150058255-2134394716-366652 > SID[264]: S-1-5-21-160562036-3150058255-2134394716-294094 > SID[265]: S-1-5-21-160562036-3150058255-2134394716-288540 > SID[266]: S-1-5-21-160562036-3150058255-2134394716-297984 > SID[267]: S-1-5-21-160562036-3150058255-2134394716-276427 > SID[268]: S-1-5-21-160562036-3150058255-2134394716-333792 > SID[269]: S-1-5-21-160562036-3150058255-2134394716-427342 > SID[270]: S-1-5-21-160562036-3150058255-2134394716-333794 > SID[271]: S-1-5-21-160562036-3150058255-2134394716-290460 > SID[272]: S-1-5-21-160562036-3150058255-2134394716-294091 > SID[273]: S-1-5-21-160562036-3150058255-2134394716-333793 > SID[274]: S-1-5-21-160562036-3150058255-2134394716-338207 > SID[275]: S-1-5-21-160562036-3150058255-2134394716-409571 > SID[276]: S-1-5-21-160562036-3150058255-2134394716-294054 > SID[277]: S-1-5-21-160562036-3150058255-2134394716-30854 > SID[278]: S-1-5-21-160562036-3150058255-2134394716-288547 > SID[279]: S-1-5-21-160562036-3150058255-2134394716-365347 > SID[280]: S-1-5-21-6776287-465249537-1446904402-4108 > SID[281]: S-1-5-21-160562036-3150058255-2134394716-58230 > SID[282]: S-1-5-21-160562036-3150058255-2134394716-357400 > SID[283]: S-1-5-21-160562036-3150058255-2134394716-343966 > SID[284]: S-1-5-21-160562036-3150058255-2134394716-104268 > SID[285]: S-1-5-21-160562036-3150058255-2134394716-334228 > SID[286]: S-1-5-21-160562036-3150058255-2134394716-357384 > SID[287]: S-1-5-21-160562036-3150058255-2134394716-64500 > SID[288]: S-1-5-21-160562036-3150058255-2134394716-291227 > SID[289]: S-1-5-21-160562036-3150058255-2134394716-62708 > SID[290]: S-1-5-21-160562036-3150058255-2134394716-266847 > SID[291]: S-1-5-21-160562036-3150058255-2134394716-313857 > SID[292]: S-1-5-21-160562036-3150058255-2134394716-350031 > SID[293]: S-1-5-21-160562036-3150058255-2134394716-373448 > SID[294]: S-1-5-21-160562036-3150058255-2134394716-420970 > SID[295]: S-1-5-21-160562036-3150058255-2134394716-351238 > SID[296]: S-1-5-21-160562036-3150058255-2134394716-11861 > SID[297]: S-1-5-21-160562036-3150058255-2134394716-353613 > SID[298]: S-1-5-21-160562036-3150058255-2134394716-322679 > SID[299]: S-1-5-21-160562036-3150058255-2134394716-253148 > SID[300]: S-1-5-21-160562036-3150058255-2134394716-277162 > SID[301]: S-1-5-21-160562036-3150058255-2134394716-304048 > SID[302]: S-1-5-21-160562036-3150058255-2134394716-288768 > SID[303]: S-1-5-21-160562036-3150058255-2134394716-62920 > SID[304]: S-1-5-21-160562036-3150058255-2134394716-62814 > SID[305]: S-1-5-21-160562036-3150058255-2134394716-338139 > SID[306]: S-1-5-21-160562036-3150058255-2134394716-266850 > SID[307]: S-1-5-21-160562036-3150058255-2134394716-74038 > SID[308]: S-1-5-21-160562036-3150058255-2134394716-62715 > SID[309]: S-1-5-21-160562036-3150058255-2134394716-357877 > SID[310]: S-1-5-21-160562036-3150058255-2134394716-252117 > SID[311]: S-1-5-21-160562036-3150058255-2134394716-322372 > SID[312]: S-1-5-21-160562036-3150058255-2134394716-65121 > SID[313]: S-1-5-21-160562036-3150058255-2134394716-62711 > SID[314]: S-1-5-21-160562036-3150058255-2134394716-267091 > SID[315]: S-1-5-21-160562036-3150058255-2134394716-24652 > SID[316]: S-1-5-21-160562036-3150058255-2134394716-360933 > SID[317]: S-1-5-21-160562036-3150058255-2134394716-354437 > SID[318]: S-1-5-21-160562036-3150058255-2134394716-249119 > SID[319]: S-1-5-21-160562036-3150058255-2134394716-248731 > SID[320]: S-1-5-21-160562036-3150058255-2134394716-64215 > SID[321]: S-1-5-21-160562036-3150058255-2134394716-373475 > SID[322]: S-1-5-21-160562036-3150058255-2134394716-250664 > SID[323]: S-1-5-21-160562036-3150058255-2134394716-267088 > SID[324]: S-1-5-21-160562036-3150058255-2134394716-50311 > SID[325]: S-1-5-21-160562036-3150058255-2134394716-62644 > SID[326]: S-1-5-21-160562036-3150058255-2134394716-69148 > SID[327]: S-1-5-21-160562036-3150058255-2134394716-360380 > SID[328]: S-1-5-21-160562036-3150058255-2134394716-52124 > SID[329]: S-1-5-21-160562036-3150058255-2134394716-351502 > SID[330]: S-1-5-21-160562036-3150058255-2134394716-317005 > SID[331]: S-1-5-21-160562036-3150058255-2134394716-62713 > SID[332]: S-1-5-21-160562036-3150058255-2134394716-313855 > SID[333]: S-1-5-21-160562036-3150058255-2134394716-53143 > SID[334]: S-1-5-21-160562036-3150058255-2134394716-349705 > SID[335]: S-1-5-21-160562036-3150058255-2134394716-357732 > SID[336]: S-1-5-21-160562036-3150058255-2134394716-402142 > SID[337]: S-1-5-21-160562036-3150058255-2134394716-50421 > SID[338]: S-1-5-21-160562036-3150058255-2134394716-357890 > SID[339]: S-1-5-21-160562036-3150058255-2134394716-416413 > SID[340]: S-1-5-21-160562036-3150058255-2134394716-255117 > SID[341]: S-1-5-21-160562036-3150058255-2134394716-73891 > SID[342]: S-1-5-21-160562036-3150058255-2134394716-377792 > SID[343]: S-1-5-21-160562036-3150058255-2134394716-63081 > SID[344]: S-1-5-21-160562036-3150058255-2134394716-386707 > SID[345]: S-1-5-21-160562036-3150058255-2134394716-64112 > SID[346]: S-1-5-21-160562036-3150058255-2134394716-256555 > SID[347]: S-1-5-21-160562036-3150058255-2134394716-361939 > SID[348]: S-1-5-21-160562036-3150058255-2134394716-62709 > SID[349]: S-1-5-21-160562036-3150058255-2134394716-248759 > SID[350]: S-1-5-21-160562036-3150058255-2134394716-359221 > SID[351]: S-1-5-21-160562036-3150058255-2134394716-310730 > SID[352]: S-1-5-21-160562036-3150058255-2134394716-109617 > SID[353]: S-1-5-21-160562036-3150058255-2134394716-60474 > SID[354]: S-1-5-21-160562036-3150058255-2134394716-402472 > SID[355]: S-1-5-21-160562036-3150058255-2134394716-55679 > SID[356]: S-1-5-21-160562036-3150058255-2134394716-69153 > SID[357]: S-1-5-21-160562036-3150058255-2134394716-22265 > SID[358]: S-1-5-21-160562036-3150058255-2134394716-423112 > SID[359]: S-1-5-21-160562036-3150058255-2134394716-289044 > SID[360]: S-1-5-21-160562036-3150058255-2134394716-67791 > SID[361]: S-1-5-21-160562036-3150058255-2134394716-69156 > SID[362]: S-1-5-21-160562036-3150058255-2134394716-62712 > SID[363]: S-1-5-21-160562036-3150058255-2134394716-360721 > SID[364]: S-1-5-21-160562036-3150058255-2134394716-435651 > SID[365]: S-1-5-21-160562036-3150058255-2134394716-69149 > SID[366]: S-1-5-21-160562036-3150058255-2134394716-73730 > SID[367]: S-1-5-21-160562036-3150058255-2134394716-243660 > SID[368]: S-1-5-21-160562036-3150058255-2134394716-104280 > SID[369]: S-1-5-21-160562036-3150058255-2134394716-430692 > SID[370]: S-1-5-21-160562036-3150058255-2134394716-256558 > SID[371]: S-1-5-21-160562036-3150058255-2134394716-54515 > SID[372]: S-1-5-21-160562036-3150058255-2134394716-334223 > SID[373]: S-1-5-21-160562036-3150058255-2134394716-304790 > SID[374]: S-1-5-21-160562036-3150058255-2134394716-373528 > SID[375]: S-1-5-21-160562036-3150058255-2134394716-375927 > SID[376]: S-1-5-21-160562036-3150058255-2134394716-74039 > SID[377]: S-1-5-21-160562036-3150058255-2134394716-62781 > SID[378]: S-1-5-21-160562036-3150058255-2134394716-69157 > SID[379]: S-1-5-21-160562036-3150058255-2134394716-309445 > SID[380]: S-1-5-21-160562036-3150058255-2134394716-62733 > SID[381]: S-1-5-21-160562036-3150058255-2134394716-418123 > SID[382]: S-1-5-21-160562036-3150058255-2134394716-64415 > SID[383]: S-1-5-21-160562036-3150058255-2134394716-414619 > SID[384]: S-1-5-21-160562036-3150058255-2134394716-373446 > SID[385]: S-1-5-21-160562036-3150058255-2134394716-289048 > SID[386]: S-1-5-21-160562036-3150058255-2134394716-69158 > SID[387]: S-1-5-21-160562036-3150058255-2134394716-373559 > SID[388]: S-1-5-21-160562036-3150058255-2134394716-110686 > SID[389]: S-1-5-21-160562036-3150058255-2134394716-260757 > SID[390]: S-1-5-21-160562036-3150058255-2134394716-249663 > SID[391]: S-1-5-21-160562036-3150058255-2134394716-249619 > SID[392]: S-1-5-21-160562036-3150058255-2134394716-321098 > SID[393]: S-1-5-21-160562036-3150058255-2134394716-64497 > SID[394]: S-1-5-21-160562036-3150058255-2134394716-112627 > SID[395]: S-1-5-21-160562036-3150058255-2134394716-62710 > SID[396]: S-1-5-21-160562036-3150058255-2134394716-360361 > SID[397]: S-1-5-21-160562036-3150058255-2134394716-353621 > SID[398]: S-1-5-21-160562036-3150058255-2134394716-365152 > SID[399]: S-1-5-21-160562036-3150058255-2134394716-69544 > SID[400]: S-1-5-21-160562036-3150058255-2134394716-249644 > SID[401]: S-1-5-21-160562036-3150058255-2134394716-55625 > SID[402]: S-1-1-0 > SID[403]: S-1-5-2 > SID[404]: S-1-5-11 > SID[405]: S-1-5-32-545 > SID[406]: S-1-22-1-10000 > SID[407]: S-1-22-2-10006 > SID[408]: S-1-22-2-10007 > SID[409]: S-1-22-2-10008 > SID[410]: S-1-22-2-10009 > SID[411]: S-1-22-2-10010 > SID[412]: S-1-22-2-10011 > SID[413]: S-1-22-2-10012 > SID[414]: S-1-22-2-10013 > SID[415]: S-1-22-2-10014 > SID[416]: S-1-22-2-10015 > SID[417]: S-1-22-2-10016 > SID[418]: S-1-22-2-10017 > SID[419]: S-1-22-2-10018 > SID[420]: S-1-22-2-10019 > SID[421]: S-1-22-2-10020 > SID[422]: S-1-22-2-10021 > SID[423]: S-1-22-2-10022 > SID[424]: S-1-22-2-10023 > SID[425]: S-1-22-2-10024 > SID[426]: S-1-22-2-10025 > SID[427]: S-1-22-2-10026 > SID[428]: S-1-22-2-10027 > SID[429]: S-1-22-2-10028 > SID[430]: S-1-22-2-10029 > SID[431]: S-1-22-2-10030 > SID[432]: S-1-22-2-10031 > SID[433]: S-1-22-2-10032 > SID[434]: S-1-22-2-10033 > SID[435]: S-1-22-2-10034 > SID[436]: S-1-22-2-10035 > SID[437]: S-1-22-2-10036 > SID[438]: S-1-22-2-10037 > SID[439]: S-1-22-2-10038 > SID[440]: S-1-22-2-10039 > SID[441]: S-1-22-2-10040 > SID[442]: S-1-22-2-10041 > SID[443]: S-1-22-2-10042 > SID[444]: S-1-22-2-10043 > SID[445]: S-1-22-2-10044 > SID[446]: S-1-22-2-10045 > SID[447]: S-1-22-2-10046 > SID[448]: S-1-22-2-10047 > SID[449]: S-1-22-2-10048 > SID[450]: S-1-22-2-10049 > SID[451]: S-1-22-2-10050 > SID[452]: S-1-22-2-10051 > SID[453]: S-1-22-2-10052 > SID[454]: S-1-22-2-10053 > SID[455]: S-1-22-2-10054 > SID[456]: S-1-22-2-10055 > SID[457]: S-1-22-2-10056 > SID[458]: S-1-22-2-10057 > SID[459]: S-1-22-2-10058 > SID[460]: S-1-22-2-10059 > SID[461]: S-1-22-2-10060 > SID[462]: S-1-22-2-10061 > SID[463]: S-1-22-2-10062 > SID[464]: S-1-22-2-10063 > SID[465]: S-1-22-2-10064 > SID[466]: S-1-22-2-10065 > SID[467]: S-1-22-2-10066 > SID[468]: S-1-22-2-10067 > SID[469]: S-1-22-2-10068 > SID[470]: S-1-22-2-10069 > SID[471]: S-1-22-2-10070 > SID[472]: S-1-22-2-10071 > SID[473]: S-1-22-2-10072 > SID[474]: S-1-22-2-10073 > SID[475]: S-1-22-2-10074 > SID[476]: S-1-22-2-10075 > SID[477]: S-1-22-2-10076 > SID[478]: S-1-22-2-10077 > SID[479]: S-1-22-2-10078 > SID[480]: S-1-22-2-10079 > SID[481]: S-1-22-2-10080 > SID[482]: S-1-22-2-10081 > SID[483]: S-1-22-2-10082 > SID[484]: S-1-22-2-10083 > SID[485]: S-1-22-2-10084 > SID[486]: S-1-22-2-10085 > SID[487]: S-1-22-2-10086 > SID[488]: S-1-22-2-10087 > SID[489]: S-1-22-2-10088 > SID[490]: S-1-22-2-10089 > SID[491]: S-1-22-2-10090 > SID[492]: S-1-22-2-10091 > SID[493]: S-1-22-2-10092 > SID[494]: S-1-22-2-10093 > SID[495]: S-1-22-2-10094 > SID[496]: S-1-22-2-10095 > SID[497]: S-1-22-2-10096 > SID[498]: S-1-22-2-10097 > SID[499]: S-1-22-2-10098 > SID[500]: S-1-22-2-10099 > SID[501]: S-1-22-2-10100 > SID[502]: S-1-22-2-10101 > SID[503]: S-1-22-2-10102 > SID[504]: S-1-22-2-10103 > SID[505]: S-1-22-2-10104 > SID[506]: S-1-22-2-10105 > SID[507]: S-1-22-2-10106 > SID[508]: S-1-22-2-10107 > SID[509]: S-1-22-2-10108 > SID[510]: S-1-22-2-10109 > SID[511]: S-1-22-2-10110 > SID[512]: S-1-22-2-10111 > SID[513]: S-1-22-2-10112 > SID[514]: S-1-22-2-10113 > SID[515]: S-1-22-2-10114 > SID[516]: S-1-22-2-10115 > SID[517]: S-1-22-2-10116 > SID[518]: S-1-22-2-10117 > SID[519]: S-1-22-2-10118 > SID[520]: S-1-22-2-10119 > SID[521]: S-1-22-2-10120 > SID[522]: S-1-22-2-10121 > SID[523]: S-1-22-2-10122 > SID[524]: S-1-22-2-10123 > SID[525]: S-1-22-2-10124 > SID[526]: S-1-22-2-10125 > SID[527]: S-1-22-2-10126 > SID[528]: S-1-22-2-10127 > SID[529]: S-1-22-2-10128 > SID[530]: S-1-22-2-10129 > SID[531]: S-1-22-2-10130 > SID[532]: S-1-22-2-10131 > SID[533]: S-1-22-2-10132 > SID[534]: S-1-22-2-10133 > SID[535]: S-1-22-2-10134 > SID[536]: S-1-22-2-10135 > SID[537]: S-1-22-2-10136 > SID[538]: S-1-22-2-10137 > SID[539]: S-1-22-2-10138 > SID[540]: S-1-22-2-10139 > SID[541]: S-1-22-2-10140 > SID[542]: S-1-22-2-10141 > SID[543]: S-1-22-2-10142 > SID[544]: S-1-22-2-10143 > SID[545]: S-1-22-2-10144 > SID[546]: S-1-22-2-10145 > SID[547]: S-1-22-2-10146 > SID[548]: S-1-22-2-10147 > SID[549]: S-1-22-2-10148 > SID[550]: S-1-22-2-10149 > SID[551]: S-1-22-2-10150 > SID[552]: S-1-22-2-10471 > SID[553]: S-1-22-2-10151 > SID[554]: S-1-22-2-10152 > SID[555]: S-1-22-2-10153 > SID[556]: S-1-22-2-10154 > SID[557]: S-1-22-2-10155 > SID[558]: S-1-22-2-10156 > SID[559]: S-1-22-2-10157 > SID[560]: S-1-22-2-10158 > SID[561]: S-1-22-2-10159 > SID[562]: S-1-22-2-10160 > SID[563]: S-1-22-2-10161 > SID[564]: S-1-22-2-10162 > SID[565]: S-1-22-2-10163 > SID[566]: S-1-22-2-10164 > SID[567]: S-1-22-2-10165 > SID[568]: S-1-22-2-10166 > SID[569]: S-1-22-2-10167 > SID[570]: S-1-22-2-10168 > SID[571]: S-1-22-2-10169 > SID[572]: S-1-22-2-10170 > SID[573]: S-1-22-2-10171 > SID[574]: S-1-22-2-10172 > SID[575]: S-1-22-2-10173 > SID[576]: S-1-22-2-10174 > SID[577]: S-1-22-2-10175 > SID[578]: S-1-22-2-10176 > SID[579]: S-1-22-2-10177 > SID[580]: S-1-22-2-10178 > SID[581]: S-1-22-2-10179 > SID[582]: S-1-22-2-10180 > SID[583]: S-1-22-2-10181 > SID[584]: S-1-22-2-10182 > SID[585]: S-1-22-2-10183 > SID[586]: S-1-22-2-10184 > SID[587]: S-1-22-2-10185 > SID[588]: S-1-22-2-10186 > SID[589]: S-1-22-2-10187 > SID[590]: S-1-22-2-10188 > SID[591]: S-1-22-2-10189 > SID[592]: S-1-22-2-10190 > SID[593]: S-1-22-2-10191 > SID[594]: S-1-22-2-10192 > SID[595]: S-1-22-2-10193 > SID[596]: S-1-22-2-10194 > SID[597]: S-1-22-2-10195 > SID[598]: S-1-22-2-10196 > SID[599]: S-1-22-2-10197 > SID[600]: S-1-22-2-10198 > SID[601]: S-1-22-2-10199 > SID[602]: S-1-22-2-10200 > SID[603]: S-1-22-2-10201 > SID[604]: S-1-22-2-10202 > SID[605]: S-1-22-2-10203 > SID[606]: S-1-22-2-10204 > SID[607]: S-1-22-2-10205 > SID[608]: S-1-22-2-10206 > SID[609]: S-1-22-2-10207 > SID[610]: S-1-22-2-10208 > SID[611]: S-1-22-2-10209 > SID[612]: S-1-22-2-10210 > SID[613]: S-1-22-2-10211 > SID[614]: S-1-22-2-10212 > SID[615]: S-1-22-2-10213 > SID[616]: S-1-22-2-10214 > SID[617]: S-1-22-2-10215 > SID[618]: S-1-22-2-10216 > SID[619]: S-1-22-2-10217 > SID[620]: S-1-22-2-10218 > SID[621]: S-1-22-2-10219 > SID[622]: S-1-22-2-10220 > SID[623]: S-1-22-2-10221 > SID[624]: S-1-22-2-10222 > SID[625]: S-1-22-2-10223 > SID[626]: S-1-22-2-10224 > SID[627]: S-1-22-2-10225 > SID[628]: S-1-22-2-10226 > SID[629]: S-1-22-2-10227 > SID[630]: S-1-22-2-10228 > SID[631]: S-1-22-2-10229 > SID[632]: S-1-22-2-10230 > SID[633]: S-1-22-2-10231 > SID[634]: S-1-22-2-10232 > SID[635]: S-1-22-2-10233 > SID[636]: S-1-22-2-10234 > SID[637]: S-1-22-2-10235 > SID[638]: S-1-22-2-10236 > SID[639]: S-1-22-2-10237 > SID[640]: S-1-22-2-10238 > SID[641]: S-1-22-2-10239 > SID[642]: S-1-22-2-10240 > SID[643]: S-1-22-2-10241 > SID[644]: S-1-22-2-10242 > SID[645]: S-1-22-2-10243 > SID[646]: S-1-22-2-10244 > SID[647]: S-1-22-2-10245 > SID[648]: S-1-22-2-10246 > SID[649]: S-1-22-2-10247 > SID[650]: S-1-22-2-10248 > SID[651]: S-1-22-2-10249 > SID[652]: S-1-22-2-10250 > SID[653]: S-1-22-2-10251 > SID[654]: S-1-22-2-10252 > SID[655]: S-1-22-2-10253 > SID[656]: S-1-22-2-10254 > SID[657]: S-1-22-2-10255 > SID[658]: S-1-22-2-10256 > SID[659]: S-1-22-2-10257 > SID[660]: S-1-22-2-10258 > SID[661]: S-1-22-2-10259 > SID[662]: S-1-22-2-10260 > SID[663]: S-1-22-2-10261 > SID[664]: S-1-22-2-10262 > SID[665]: S-1-22-2-10263 > SID[666]: S-1-22-2-10264 > SID[667]: S-1-22-2-10265 > SID[668]: S-1-22-2-10266 > SID[669]: S-1-22-2-10267 > SID[670]: S-1-22-2-10268 > SID[671]: S-1-22-2-10269 > SID[672]: S-1-22-2-10270 > SID[673]: S-1-22-2-10271 > SID[674]: S-1-22-2-10272 > SID[675]: S-1-22-2-10273 > SID[676]: S-1-22-2-10274 > SID[677]: S-1-22-2-10275 > SID[678]: S-1-22-2-10276 > SID[679]: S-1-22-2-10277 > SID[680]: S-1-22-2-10278 > SID[681]: S-1-22-2-10279 > SID[682]: S-1-22-2-10280 > SID[683]: S-1-22-2-10281 > SID[684]: S-1-22-2-10282 > SID[685]: S-1-22-2-10283 > SID[686]: S-1-22-2-10284 > SID[687]: S-1-22-2-10285 > SID[688]: S-1-22-2-10286 > SID[689]: S-1-22-2-10287 > SID[690]: S-1-22-2-10288 > SID[691]: S-1-22-2-10289 > SID[692]: S-1-22-2-10290 > SID[693]: S-1-22-2-10291 > SID[694]: S-1-22-2-10292 > SID[695]: S-1-22-2-10293 > SID[696]: S-1-22-2-10294 > SID[697]: S-1-22-2-10295 > SID[698]: S-1-22-2-10296 > SID[699]: S-1-22-2-10297 > SID[700]: S-1-22-2-10298 > SID[701]: S-1-22-2-10299 > SID[702]: S-1-22-2-10300 > SID[703]: S-1-22-2-10301 > SID[704]: S-1-22-2-10302 > SID[705]: S-1-22-2-10303 > SID[706]: S-1-22-2-10304 > SID[707]: S-1-22-2-10305 > SID[708]: S-1-22-2-10306 > SID[709]: S-1-22-2-10307 > SID[710]: S-1-22-2-10308 > SID[711]: S-1-22-2-10309 > SID[712]: S-1-22-2-10310 > SID[713]: S-1-22-2-10311 > SID[714]: S-1-22-2-10312 > SID[715]: S-1-22-2-10313 > SID[716]: S-1-22-2-10314 > SID[717]: S-1-22-2-10315 > SID[718]: S-1-22-2-10316 > SID[719]: S-1-22-2-10317 > SID[720]: S-1-22-2-10318 > SID[721]: S-1-22-2-10319 > SID[722]: S-1-22-2-10320 > SID[723]: S-1-22-2-10321 > SID[724]: S-1-22-2-10322 > SID[725]: S-1-22-2-10323 > SID[726]: S-1-22-2-10324 > SID[727]: S-1-22-2-10325 > SID[728]: S-1-22-2-10326 > SID[729]: S-1-22-2-10327 > SID[730]: S-1-22-2-10328 > SID[731]: S-1-22-2-10329 > SID[732]: S-1-22-2-10330 > SID[733]: S-1-22-2-10331 > SID[734]: S-1-22-2-10332 > SID[735]: S-1-22-2-10333 > SID[736]: S-1-22-2-10334 > SID[737]: S-1-22-2-10335 > SID[738]: S-1-22-2-10336 > SID[739]: S-1-22-2-10337 > SID[740]: S-1-22-2-10338 > SID[741]: S-1-22-2-10339 > SID[742]: S-1-22-2-10340 > SID[743]: S-1-22-2-10341 > SID[744]: S-1-22-2-10342 > SID[745]: S-1-22-2-10343 > SID[746]: S-1-22-2-10344 > SID[747]: S-1-22-2-10345 > SID[748]: S-1-22-2-10346 > SID[749]: S-1-22-2-10347 > SID[750]: S-1-22-2-10348 > SID[751]: S-1-22-2-10349 > SID[752]: S-1-22-2-10350 > SID[753]: S-1-22-2-10351 > SID[754]: S-1-22-2-10352 > SID[755]: S-1-22-2-10353 > SID[756]: S-1-22-2-10354 > SID[757]: S-1-22-2-10355 > SID[758]: S-1-22-2-10356 > SID[759]: S-1-22-2-10357 > SID[760]: S-1-22-2-10358 > SID[761]: S-1-22-2-10359 > SID[762]: S-1-22-2-10360 > SID[763]: S-1-22-2-10361 > SID[764]: S-1-22-2-10362 > SID[765]: S-1-22-2-10363 > SID[766]: S-1-22-2-10364 > SID[767]: S-1-22-2-10365 > SID[768]: S-1-22-2-10366 > SID[769]: S-1-22-2-10367 > SID[770]: S-1-22-2-10368 > SID[771]: S-1-22-2-10369 > SID[772]: S-1-22-2-10370 > SID[773]: S-1-22-2-10371 > SID[774]: S-1-22-2-10372 > SID[775]: S-1-22-2-10373 > SID[776]: S-1-22-2-10374 > SID[777]: S-1-22-2-10375 > SID[778]: S-1-22-2-10376 > SID[779]: S-1-22-2-10377 > SID[780]: S-1-22-2-10378 > SID[781]: S-1-22-2-10379 > SID[782]: S-1-22-2-10380 > SID[783]: S-1-22-2-10381 > SID[784]: S-1-22-2-10382 > SID[785]: S-1-22-2-10383 > SID[786]: S-1-22-2-10384 > SID[787]: S-1-22-2-10385 > SID[788]: S-1-22-2-10386 > SID[789]: S-1-22-2-10387 > SID[790]: S-1-22-2-10388 > SID[791]: S-1-22-2-10389 > SID[792]: S-1-22-2-10390 > SID[793]: S-1-22-2-10391 > SID[794]: S-1-22-2-10392 > SID[795]: S-1-22-2-10393 > SID[796]: S-1-22-2-10394 > SID[797]: S-1-22-2-10395 > SID[798]: S-1-22-2-10396 > SID[799]: S-1-22-2-10397 > SID[800]: S-1-22-2-10398 > SID[801]: S-1-22-2-10399 > SID[802]: S-1-22-2-10400 > SID[803]: S-1-22-2-10401 > SID[804]: S-1-22-2-10402 > SID[805]: S-1-22-2-10403 > SID[806]: S-1-22-2-10404 > SID[807]: S-1-22-2-10002 > SID[808]: S-1-22-2-10003 > SID[809]: S-1-22-2-10004 > SID[810]: S-1-22-2-10001 > Privileges (0x 20): > Privilege[ 0]: SePrintOperatorPrivilege > Rights (0x 0): >[2012/11/09 16:29:30.681820, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 10006 and contains 404 supplementary groups > Group[ 0]: 10006 > Group[ 1]: 10007 > Group[ 2]: 10008 > Group[ 3]: 10009 > Group[ 4]: 10010 > Group[ 5]: 10011 > Group[ 6]: 10012 > Group[ 7]: 10013 > Group[ 8]: 10014 > Group[ 9]: 10015 > Group[ 10]: 10016 > Group[ 11]: 10017 > Group[ 12]: 10018 > Group[ 13]: 10019 > Group[ 14]: 10020 > Group[ 15]: 10021 > Group[ 16]: 10022 > Group[ 17]: 10023 > Group[ 18]: 10024 > Group[ 19]: 10025 > Group[ 20]: 10026 > Group[ 21]: 10027 > Group[ 22]: 10028 > Group[ 23]: 10029 > Group[ 24]: 10030 > Group[ 25]: 10031 > Group[ 26]: 10032 > Group[ 27]: 10033 > Group[ 28]: 10034 > Group[ 29]: 10035 > Group[ 30]: 10036 > Group[ 31]: 10037 > Group[ 32]: 10038 > Group[ 33]: 10039 > Group[ 34]: 10040 > Group[ 35]: 10041 > Group[ 36]: 10042 > Group[ 37]: 10043 > Group[ 38]: 10044 > Group[ 39]: 10045 > Group[ 40]: 10046 > Group[ 41]: 10047 > Group[ 42]: 10048 > Group[ 43]: 10049 > Group[ 44]: 10050 > Group[ 45]: 10051 > Group[ 46]: 10052 > Group[ 47]: 10053 > Group[ 48]: 10054 > Group[ 49]: 10055 > Group[ 50]: 10056 > Group[ 51]: 10057 > Group[ 52]: 10058 > Group[ 53]: 10059 > Group[ 54]: 10060 > Group[ 55]: 10061 > Group[ 56]: 10062 > Group[ 57]: 10063 > Group[ 58]: 10064 > Group[ 59]: 10065 > Group[ 60]: 10066 > Group[ 61]: 10067 > Group[ 62]: 10068 > Group[ 63]: 10069 > Group[ 64]: 10070 > Group[ 65]: 10071 > Group[ 66]: 10072 > Group[ 67]: 10073 > Group[ 68]: 10074 > Group[ 69]: 10075 > Group[ 70]: 10076 > Group[ 71]: 10077 > Group[ 72]: 10078 > Group[ 73]: 10079 > Group[ 74]: 10080 > Group[ 75]: 10081 > Group[ 76]: 10082 > Group[ 77]: 10083 > Group[ 78]: 10084 > Group[ 79]: 10085 > Group[ 80]: 10086 > Group[ 81]: 10087 > Group[ 82]: 10088 > Group[ 83]: 10089 > Group[ 84]: 10090 > Group[ 85]: 10091 > Group[ 86]: 10092 > Group[ 87]: 10093 > Group[ 88]: 10094 > Group[ 89]: 10095 > Group[ 90]: 10096 > Group[ 91]: 10097 > Group[ 92]: 10098 > Group[ 93]: 10099 > Group[ 94]: 10100 > Group[ 95]: 10101 > Group[ 96]: 10102 > Group[ 97]: 10103 > Group[ 98]: 10104 > Group[ 99]: 10105 > Group[100]: 10106 > Group[101]: 10107 > Group[102]: 10108 > Group[103]: 10109 > Group[104]: 10110 > Group[105]: 10111 > Group[106]: 10112 > Group[107]: 10113 > Group[108]: 10114 > Group[109]: 10115 > Group[110]: 10116 > Group[111]: 10117 > Group[112]: 10118 > Group[113]: 10119 > Group[114]: 10120 > Group[115]: 10121 > Group[116]: 10122 > Group[117]: 10123 > Group[118]: 10124 > Group[119]: 10125 > Group[120]: 10126 > Group[121]: 10127 > Group[122]: 10128 > Group[123]: 10129 > Group[124]: 10130 > Group[125]: 10131 > Group[126]: 10132 > Group[127]: 10133 > Group[128]: 10134 > Group[129]: 10135 > Group[130]: 10136 > Group[131]: 10137 > Group[132]: 10138 > Group[133]: 10139 > Group[134]: 10140 > Group[135]: 10141 > Group[136]: 10142 > Group[137]: 10143 > Group[138]: 10144 > Group[139]: 10145 > Group[140]: 10146 > Group[141]: 10147 > Group[142]: 10148 > Group[143]: 10149 > Group[144]: 10150 > Group[145]: 10471 > Group[146]: 10151 > Group[147]: 10152 > Group[148]: 10153 > Group[149]: 10154 > Group[150]: 10155 > Group[151]: 10156 > Group[152]: 10157 > Group[153]: 10158 > Group[154]: 10159 > Group[155]: 10160 > Group[156]: 10161 > Group[157]: 10162 > Group[158]: 10163 > Group[159]: 10164 > Group[160]: 10165 > Group[161]: 10166 > Group[162]: 10167 > Group[163]: 10168 > Group[164]: 10169 > Group[165]: 10170 > Group[166]: 10171 > Group[167]: 10172 > Group[168]: 10173 > Group[169]: 10174 > Group[170]: 10175 > Group[171]: 10176 > Group[172]: 10177 > Group[173]: 10178 > Group[174]: 10179 > Group[175]: 10180 > Group[176]: 10181 > Group[177]: 10182 > Group[178]: 10183 > Group[179]: 10184 > Group[180]: 10185 > Group[181]: 10186 > Group[182]: 10187 > Group[183]: 10188 > Group[184]: 10189 > Group[185]: 10190 > Group[186]: 10191 > Group[187]: 10192 > Group[188]: 10193 > Group[189]: 10194 > Group[190]: 10195 > Group[191]: 10196 > Group[192]: 10197 > Group[193]: 10198 > Group[194]: 10199 > Group[195]: 10200 > Group[196]: 10201 > Group[197]: 10202 > Group[198]: 10203 > Group[199]: 10204 > Group[200]: 10205 > Group[201]: 10206 > Group[202]: 10207 > Group[203]: 10208 > Group[204]: 10209 > Group[205]: 10210 > Group[206]: 10211 > Group[207]: 10212 > Group[208]: 10213 > Group[209]: 10214 > Group[210]: 10215 > Group[211]: 10216 > Group[212]: 10217 > Group[213]: 10218 > Group[214]: 10219 > Group[215]: 10220 > Group[216]: 10221 > Group[217]: 10222 > Group[218]: 10223 > Group[219]: 10224 > Group[220]: 10225 > Group[221]: 10226 > Group[222]: 10227 > Group[223]: 10228 > Group[224]: 10229 > Group[225]: 10230 > Group[226]: 10231 > Group[227]: 10232 > Group[228]: 10233 > Group[229]: 10234 > Group[230]: 10235 > Group[231]: 10236 > Group[232]: 10237 > Group[233]: 10238 > Group[234]: 10239 > Group[235]: 10240 > Group[236]: 10241 > Group[237]: 10242 > Group[238]: 10243 > Group[239]: 10244 > Group[240]: 10245 > Group[241]: 10246 > Group[242]: 10247 > Group[243]: 10248 > Group[244]: 10249 > Group[245]: 10250 > Group[246]: 10251 > Group[247]: 10252 > Group[248]: 10253 > Group[249]: 10254 > Group[250]: 10255 > Group[251]: 10256 > Group[252]: 10257 > Group[253]: 10258 > Group[254]: 10259 > Group[255]: 10260 > Group[256]: 10261 > Group[257]: 10262 > Group[258]: 10263 > Group[259]: 10264 > Group[260]: 10265 > Group[261]: 10266 > Group[262]: 10267 > Group[263]: 10268 > Group[264]: 10269 > Group[265]: 10270 > Group[266]: 10271 > Group[267]: 10272 > Group[268]: 10273 > Group[269]: 10274 > Group[270]: 10275 > Group[271]: 10276 > Group[272]: 10277 > Group[273]: 10278 > Group[274]: 10279 > Group[275]: 10280 > Group[276]: 10281 > Group[277]: 10282 > Group[278]: 10283 > Group[279]: 10284 > Group[280]: 10285 > Group[281]: 10286 > Group[282]: 10287 > Group[283]: 10288 > Group[284]: 10289 > Group[285]: 10290 > Group[286]: 10291 > Group[287]: 10292 > Group[288]: 10293 > Group[289]: 10294 > Group[290]: 10295 > Group[291]: 10296 > Group[292]: 10297 > Group[293]: 10298 > Group[294]: 10299 > Group[295]: 10300 > Group[296]: 10301 > Group[297]: 10302 > Group[298]: 10303 > Group[299]: 10304 > Group[300]: 10305 > Group[301]: 10306 > Group[302]: 10307 > Group[303]: 10308 > Group[304]: 10309 > Group[305]: 10310 > Group[306]: 10311 > Group[307]: 10312 > Group[308]: 10313 > Group[309]: 10314 > Group[310]: 10315 > Group[311]: 10316 > Group[312]: 10317 > Group[313]: 10318 > Group[314]: 10319 > Group[315]: 10320 > Group[316]: 10321 > Group[317]: 10322 > Group[318]: 10323 > Group[319]: 10324 > Group[320]: 10325 > Group[321]: 10326 > Group[322]: 10327 > Group[323]: 10328 > Group[324]: 10329 > Group[325]: 10330 > Group[326]: 10331 > Group[327]: 10332 > Group[328]: 10333 > Group[329]: 10334 > Group[330]: 10335 > Group[331]: 10336 > Group[332]: 10337 > Group[333]: 10338 > Group[334]: 10339 > Group[335]: 10340 > Group[336]: 10341 > Group[337]: 10342 > Group[338]: 10343 > Group[339]: 10344 > Group[340]: 10345 > Group[341]: 10346 > Group[342]: 10347 > Group[343]: 10348 > Group[344]: 10349 > Group[345]: 10350 > Group[346]: 10351 > Group[347]: 10352 > Group[348]: 10353 > Group[349]: 10354 > Group[350]: 10355 > Group[351]: 10356 > Group[352]: 10357 > Group[353]: 10358 > Group[354]: 10359 > Group[355]: 10360 > Group[356]: 10361 > Group[357]: 10362 > Group[358]: 10363 > Group[359]: 10364 > Group[360]: 10365 > Group[361]: 10366 > Group[362]: 10367 > Group[363]: 10368 > Group[364]: 10369 > Group[365]: 10370 > Group[366]: 10371 > Group[367]: 10372 > Group[368]: 10373 > Group[369]: 10374 > Group[370]: 10375 > Group[371]: 10376 > Group[372]: 10377 > Group[373]: 10378 > Group[374]: 10379 > Group[375]: 10380 > Group[376]: 10381 > Group[377]: 10382 > Group[378]: 10383 > Group[379]: 10384 > Group[380]: 10385 > Group[381]: 10386 > Group[382]: 10387 > Group[383]: 10388 > Group[384]: 10389 > Group[385]: 10390 > Group[386]: 10391 > Group[387]: 10392 > Group[388]: 10393 > Group[389]: 10394 > Group[390]: 10395 > Group[391]: 10396 > Group[392]: 10397 > Group[393]: 10398 > Group[394]: 10399 > Group[395]: 10400 > Group[396]: 10401 > Group[397]: 10402 > Group[398]: 10403 > Group[399]: 10404 > Group[400]: 10002 > Group[401]: 10003 > Group[402]: 10004 > Group[403]: 10001 >[2012/11/09 16:29:30.685365, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,10006) >[2012/11/09 16:29:30.685420, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/tmp >[2012/11/09 16:29:30.685458, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:30.685480, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:30.685511, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:30.685537, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:30.685573, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2014) >[2012/11/09 16:29:30.685605, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:30.685636, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:30.685659, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:30.685702, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:30.685728, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.685782, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.685857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 9D 50 47 21 ....H... .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.685898, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:30.685920, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:30.685951, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:30.685977, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:30.686016, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:30.686040, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.686051, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2688 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:30.687136, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/11/09 16:29:30.687179, 3] smbd/process.c:1662(process_smb) > Transaction 317 of length 132 (0 toread) >[2012/11/09 16:29:30.687204, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.687223, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2755 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 8210 (0x2012) > smb_bcc=61 >[2012/11/09 16:29:30.687502, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:30.687545, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:30.687576, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/11/09 16:29:30.687597, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/11/09 16:29:30.687625, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/11/09 16:29:30.687648, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/11/09 16:29:30.687686, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 2012) >[2012/11/09 16:29:30.687713, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/11/09 16:29:30.687743, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/11/09 16:29:30.687769, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/11/09 16:29:30.687802, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fa2ea3e55d0 >[2012/11/09 16:29:30.687824, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.687889, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.687932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 9D 50 47 21 ........ .....PG! > [0010] 55 31 00 00 U1.. >[2012/11/09 16:29:30.687969, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/11/09 16:29:30.687990, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/11/09 16:29:30.688023, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/11/09 16:29:30.688056, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/11/09 16:29:30.688081, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/11/09 16:29:30.688101, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.688112, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=5012 > smb_uid=101 > smb_mid=2755 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/11/09 16:29:30.689249, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:30.689283, 3] smbd/process.c:1662(process_smb) > Transaction 318 of length 45 (0 toread) >[2012/11/09 16:29:30.689303, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.689314, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2816 > smt_wct=3 > smb_vwv[ 0]= 8212 (0x2014) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:30.689434, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:30.689455, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:30.689475, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8212 (numopen=2) >[2012/11/09 16:29:30.689494, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:30.689539, 5] smbd/files.c:482(file_free) > freed files structure 8212 (1 used) >[2012/11/09 16:29:30.689562, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.689574, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2816 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:29:30.690540, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/11/09 16:29:30.690581, 3] smbd/process.c:1662(process_smb) > Transaction 319 of length 45 (0 toread) >[2012/11/09 16:29:30.690602, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.690614, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51223 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2880 > smt_wct=3 > smb_vwv[ 0]= 8210 (0x2012) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/11/09 16:29:30.690733, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 12629) conn 0x7fa2eac856c0 >[2012/11/09 16:29:30.690754, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/11/09 16:29:30.690774, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=8210 (numopen=1) >[2012/11/09 16:29:30.690793, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 07:28:15 2106 >[2012/11/09 16:29:30.690975, 5] smbd/files.c:482(file_free) > freed files structure 8210 (0 used) >[2012/11/09 16:29:30.691030, 5] lib/util.c:332(show_msg) >[2012/11/09 16:29:30.691057, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=2880 > smt_wct=0 > smb_bcc=0 >[2012/11/09 16:30:11.102743, 5] smbd/process.c:2474(housekeeping_fn) > housekeeping >[2012/11/09 16:30:11.102852, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:30:11.102892, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:30:11.102925, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:30:11.102995, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:31:11.157929, 5] smbd/process.c:2474(housekeeping_fn) > housekeeping >[2012/11/09 16:31:11.158077, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:31:11.158106, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:31:11.158125, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:31:11.158163, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/11/09 16:32:11.158332, 5] smbd/process.c:2474(housekeeping_fn) > housekeeping >[2012/11/09 16:32:11.158444, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/11/09 16:32:11.158484, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/11/09 16:32:11.158524, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/11/09 16:32:11.158590, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9378
: 8179 |
8184
|
8185
|
8452
|
8453
|
8454
|
8456
|
8457