[2013/02/27 08:52:35, 0] smbd/server.c:1026(main) smbd version 3.6.13-GIT-b76501d-test started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2013/02/27 08:52:35, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter debug pid = yes [2013/02/27 08:52:35, 4] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2013/02/27 08:52:35, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find homes [2013/02/27 08:52:35, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_STANDALONE [2013/02/27 08:52:35, 1] param/loadparm.c:9670(lp_load_ex) WARNING: The security=share option is deprecated [2013/02/27 08:52:35, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2013/02/27 08:52:35, 4] smbd/sec_ctx.c:174(get_current_groups) get_current_groups: user is in 1 groups: 0 [2013/02/27 08:52:35, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2013/02/27 08:52:35, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2013/02/27 08:52:35.560540, 3, pid=21839] param/loadparm.c:9572(lp_load_ex) lp_load_ex: refreshing parameters [2013/02/27 08:52:35.560600, 3, pid=21839] param/loadparm.c:5192(init_globals) Initialising global parameters [2013/02/27 08:52:35.560639, 2, pid=21839] param/loadparm.c:4985(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2013/02/27 08:52:35.560733, 3, pid=21839] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2013/02/27 08:52:35.560775, 3, pid=21839] param/loadparm.c:8310(do_section) Processing section "[global]" doing parameter workgroup = DISCWORLD doing parameter security = share doing parameter debug level = 10 [2013/02/27 08:52:35.560866, 5, pid=21839] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 doing parameter debug pid = yes [2013/02/27 08:52:35.561103, 2, pid=21839] param/loadparm.c:8327(do_section) Processing section "[guru]" [2013/02/27 08:52:35.561155, 8, pid=21839] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 0 for guru [2013/02/27 08:52:35.561180, 10, pid=21839] param/loadparm.c:6518(hash_a_service) hash_a_service: creating servicehash [2013/02/27 08:52:35.561206, 10, pid=21839] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 0 for service name guru doing parameter path = /srv/samba/tmp doing parameter read only = no doing parameter guest ok = yes [2013/02/27 08:52:35.561283, 4, pid=21839] param/loadparm.c:9608(lp_load_ex) pm_process() returned Yes [2013/02/27 08:52:35.561318, 7, pid=21839] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find homes [2013/02/27 08:52:35.561373, 8, pid=21839] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 1 for IPC$ [2013/02/27 08:52:35.561398, 10, pid=21839] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 1 for service name IPC$ [2013/02/27 08:52:35.561426, 3, pid=21839] param/loadparm.c:6630(lp_add_ipc) adding IPC service [2013/02/27 08:52:35.561450, 10, pid=21839] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_STANDALONE [2013/02/27 08:52:35.561474, 1, pid=21839] param/loadparm.c:9670(lp_load_ex) WARNING: The security=share option is deprecated [2013/02/27 08:52:35.561504, 5, pid=21839] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2013/02/27 08:52:35.561537, 6, pid=21839] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Feb 27 08:52:30 2013 [2013/02/27 08:52:35.561759, 2, pid=21839] lib/interface.c:341(add_interface) added interface vnet0 ip=fdfe::3 bcast=fdfe::ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: [2013/02/27 08:52:35.561801, 2, pid=21839] lib/interface.c:341(add_interface) added interface eth1 ip=fe80::223:54ff:fe33:63ed%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: [2013/02/27 08:52:35.561868, 2, pid=21839] lib/interface.c:341(add_interface) added interface vnet0 ip=192.168.52.1 bcast=192.168.52.255 netmask=255.255.255.0 [2013/02/27 08:52:35.561898, 2, pid=21839] lib/interface.c:341(add_interface) added interface eth1 ip=192.168.178.30 bcast=192.168.178.255 netmask=255.255.255.0 [2013/02/27 08:52:35.561938, 3, pid=21839] smbd/server.c:1061(main) loaded services [2013/02/27 08:52:35.561966, 5, pid=21839] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="MAGRATHEA" [2013/02/27 08:52:35.562029, 0, pid=21839] smbd/server.c:1082(main) standard input is not a socket, assuming -D option [2013/02/27 08:52:35.562083, 3, pid=21839] smbd/server.c:1093(main) Becoming a daemon. [2013/02/27 08:52:35.562625, 8, pid=21840] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 10 6 0 1 1 [2013/02/27 08:52:35.562767, 8, pid=21840] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2013/02/27 08:52:35.563039, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam [2013/02/27 08:52:35.563072, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2013/02/27 08:52:35.563097, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2013/02/27 08:52:35.563123, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2013/02/27 08:52:35.563149, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2013/02/27 08:52:35.563174, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2013/02/27 08:52:35.563199, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2013/02/27 08:52:35.563223, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2013/02/27 08:52:35.563249, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2013/02/27 08:52:35.563274, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2013/02/27 08:52:35.563300, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ads [2013/02/27 08:52:35.563325, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ads' [2013/02/27 08:52:35.563351, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend smbpasswd [2013/02/27 08:52:35.563376, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2013/02/27 08:52:35.563402, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend tdbsam [2013/02/27 08:52:35.563427, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2013/02/27 08:52:35.563452, 5, pid=21840] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend wbc_sam [2013/02/27 08:52:35.563481, 5, pid=21840] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2013/02/27 08:52:35.563506, 5, pid=21840] passdb/pdb_interface.c:141(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2013/02/27 08:52:35.563530, 5, pid=21840] passdb/pdb_interface.c:162(make_pdb_method_name) Found pdb backend tdbsam [2013/02/27 08:52:35.563559, 5, pid=21840] passdb/pdb_interface.c:173(make_pdb_method_name) pdb backend tdbsam has a valid init [2013/02/27 08:52:35.564117, 10, pid=21840] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2013/02/27 08:52:35.564156, 10, pid=21840] registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0x12be520 for key [] [2013/02/27 08:52:35.564326, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2013/02/27 08:52:35.564373, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2013/02/27 08:52:35.564402, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/02/27 08:52:35.564441, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2013/02/27 08:52:35.564469, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.564505, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2013/02/27 08:52:35.564532, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2013/02/27 08:52:35.564560, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.564596, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2013/02/27 08:52:35.564623, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2013/02/27 08:52:35.564651, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be640 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2013/02/27 08:52:35.564678, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.564717, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2013/02/27 08:52:35.564745, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.564770, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be520 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/02/27 08:52:35.564795, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.564823, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2013/02/27 08:52:35.564849, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.564874, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be520 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2013/02/27 08:52:35.564899, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.564928, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2013/02/27 08:52:35.564954, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.564980, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be6a0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2013/02/27 08:52:35.565005, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565031, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2013/02/27 08:52:35.565056, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565081, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be580 for key [\HKLM\SOFTWARE\Samba\smbconf] [2013/02/27 08:52:35.565105, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565131, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2013/02/27 08:52:35.565155, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565180, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be700 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2013/02/27 08:52:35.565205, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565232, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2013/02/27 08:52:35.565256, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565283, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be760 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2013/02/27 08:52:35.565308, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565334, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2013/02/27 08:52:35.565359, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565384, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be7c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2013/02/27 08:52:35.565409, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565435, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2013/02/27 08:52:35.565459, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565484, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be820 for key [\HKPT] [2013/02/27 08:52:35.565508, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565533, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2013/02/27 08:52:35.565557, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565582, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be880 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/02/27 08:52:35.565607, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565632, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2013/02/27 08:52:35.565656, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565685, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be8e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2013/02/27 08:52:35.565715, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.565741, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2013/02/27 08:52:35.565766, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.565790, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2013/02/27 08:52:35.565966, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user MAGRATHEA\root [2013/02/27 08:52:35.566005, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is magrathea\root [2013/02/27 08:52:35.566061, 5, pid=21840] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is MAGRATHEA\root [2013/02/27 08:52:35.566110, 5, pid=21840] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is MAGRATHEA\ROOT [2013/02/27 08:52:35.566158, 5, pid=21840] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in magrathea\root [2013/02/27 08:52:35.566184, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [MAGRATHEA\root]! [2013/02/27 08:52:35.566210, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2013/02/27 08:52:35.566234, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2013/02/27 08:52:35.566287, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2013/02/27 08:52:35.566327, 10, pid=21840] passdb/lookup_sid.c:76(lookup_name) lookup_name: MAGRATHEA\root => domain=[MAGRATHEA], name=[root] [2013/02/27 08:52:35.566357, 10, pid=21840] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/02/27 08:52:35.566388, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.566419, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.566446, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.566472, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.566497, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.566570, 4, pid=21840] passdb/pdb_tdb.c:523(tdbsam_open) tdbsam_open: successfully opened /etc/samba/passdb.tdb [2013/02/27 08:52:35.566600, 5, pid=21840] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2013/02/27 08:52:35.566638, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.566663, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.566688, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.566730, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.566755, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.566779, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.566858, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.566893, 10, pid=21840] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2013/02/27 08:52:35.566918, 10, pid=21840] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/02/27 08:52:35.566982, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2013/02/27 08:52:35.567008, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2013/02/27 08:52:35.567033, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2013/02/27 08:52:35.567065, 10, pid=21840] passdb/lookup_sid.c:1544(sid_to_uid) sid S-1-22-1-0 -> uid 0 [2013/02/27 08:52:35.567143, 10, pid=21840] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2013/02/27 08:52:35.567247, 5, pid=21840] lib/gencache.c:68(gencache_init) Opening cache file at /var/lib/samba/gencache.tdb [2013/02/27 08:52:35.567306, 5, pid=21840] lib/gencache.c:111(gencache_init) Opening cache file at /var/lib/samba/gencache_notrans.tdb [2013/02/27 08:52:35.567383, 5, pid=21840] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2013/02/27 08:52:35.567410, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567435, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.567459, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567483, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.567507, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.567551, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.567576, 10, pid=21840] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2013/02/27 08:52:35.567607, 10, pid=21840] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-0 [2013/02/27 08:52:35.567648, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:35.567675, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567704, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.567730, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567754, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.567778, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.567823, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.567848, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:35.567874, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567898, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.567922, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.567947, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.567970, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.568023, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:35.568053, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.568078, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568103, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.568127, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.568150, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.568194, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568220, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:35.568251, 5, pid=21840] passdb/pdb_util.c:128(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2013/02/27 08:52:35.568279, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.568314, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:35.568340, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568365, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.568389, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568413, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.568437, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.568482, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.568507, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:35.568533, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568558, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.568582, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568606, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.568630, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.568680, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:35.568717, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.568742, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568766, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.568791, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.568814, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.568858, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568884, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:35.568911, 5, pid=21840] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/02/27 08:52:35.568942, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.568967, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.568991, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569015, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569039, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.569063, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.569131, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569193, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2013/02/27 08:52:35.569225, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2013/02/27 08:52:35.569255, 5, pid=21840] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/02/27 08:52:35.569293, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/02/27 08:52:35.569323, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2013/02/27 08:52:35.569388, 10, pid=21840] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/02/27 08:52:35.569416, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569441, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569465, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569490, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.569513, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.569559, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569584, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:35.569610, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:35.569636, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569661, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569685, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569722, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.569746, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.569790, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569816, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:35.569841, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:35.569867, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569892, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.569920, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.569944, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.569968, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.570011, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.570036, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2013/02/27 08:52:35.570062, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-11 [2013/02/27 08:52:35.570088, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/02/27 08:52:35.570113, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/02/27 08:52:35.570138, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2013/02/27 08:52:35.570164, 10, pid=21840] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (5): SID[ 0]: S-1-22-1-0 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 Privileges (0x 0): Rights (0x 0): [2013/02/27 08:52:35.570266, 10, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 1 supplementary groups Group[ 0]: 0 [2013/02/27 08:52:35.570316, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.570340, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.570395, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.570433, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user MAGRATHEA\nobody [2013/02/27 08:52:35.570459, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is magrathea\nobody [2013/02/27 08:52:35.570520, 5, pid=21840] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is MAGRATHEA\nobody [2013/02/27 08:52:35.570571, 5, pid=21840] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is MAGRATHEA\NOBODY [2013/02/27 08:52:35.570621, 5, pid=21840] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in magrathea\nobody [2013/02/27 08:52:35.570648, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [MAGRATHEA\nobody]! [2013/02/27 08:52:35.570673, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.570707, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.570736, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.570764, 10, pid=21840] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/02/27 08:52:35.570800, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:35.570827, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.570852, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.570876, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.570901, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.570928, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.570974, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571000, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:35.571025, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571050, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571074, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571098, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.571122, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.571178, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:35.571205, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.571230, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571254, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.571278, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.571301, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.571346, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571371, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:35.571399, 5, pid=21840] passdb/pdb_util.c:128(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2013/02/27 08:52:35.571427, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571461, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:35.571487, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571512, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571537, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571561, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.571584, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.571631, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571656, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:35.571682, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571722, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.571747, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571772, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.571796, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.571850, 10, pid=21840] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:35.571877, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.571902, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.571926, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.571950, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.571974, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.572018, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572043, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:35.572071, 5, pid=21840] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/02/27 08:52:35.572097, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.572122, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572147, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.572170, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572194, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.572218, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.572285, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.572314, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-1406987565-2067085585-2387977275-501] [2013/02/27 08:52:35.572345, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-1406987565-2067085585-2387977275-514] [2013/02/27 08:52:35.572376, 5, pid=21840] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/02/27 08:52:35.572413, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/02/27 08:52:35.572442, 4, pid=21840] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/02/27 08:52:35.572518, 10, pid=21840] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/02/27 08:52:35.572544, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572569, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.572593, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572617, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.572641, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.572680, 5, pid=21840] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/02/27 08:52:35.572720, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.572745, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.572772, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.572796, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.572819, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.572855, 6, pid=21840] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/02/27 08:52:35.572880, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.572903, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.572929, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.572954, 10, pid=21840] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/02/27 08:52:35.572984, 10, pid=21840] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/02/27 08:52:35.573009, 10, pid=21840] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain MAGRATHEA, was [2013/02/27 08:52:35.573035, 10, pid=21840] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 [2013/02/27 08:52:35.573062, 10, pid=21840] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 from rid 501 [2013/02/27 08:52:35.573103, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573130, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.573154, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.573180, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.573208, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.573233, 5, pid=21840] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-1406987565-2067085585-2387977275-501 is a User, expected a group [2013/02/27 08:52:35.573260, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573285, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.573310, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573334, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.573358, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.573395, 5, pid=21840] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/02/27 08:52:35.573421, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.573446, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573470, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.573494, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.573518, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.573554, 6, pid=21840] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/02/27 08:52:35.573582, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.573606, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.573632, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.573656, 10, pid=21840] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/02/27 08:52:35.573682, 10, pid=21840] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/02/27 08:52:35.573713, 10, pid=21840] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain MAGRATHEA, was [2013/02/27 08:52:35.573740, 10, pid=21840] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 [2013/02/27 08:52:35.573767, 10, pid=21840] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 from rid 501 [2013/02/27 08:52:35.573807, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573834, 5, pid=21840] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:35.573858, 5, pid=21840] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:35.573883, 5, pid=21840] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:35.573911, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.573936, 10, pid=21840] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-1406987565-2067085585-2387977275-501 -> uid 65534 [2013/02/27 08:52:35.573965, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.573990, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.574014, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574038, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.574062, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.574101, 5, pid=21840] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 514. [2013/02/27 08:52:35.574126, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.574151, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574175, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.574199, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.574223, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.574266, 5, pid=21840] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. [2013/02/27 08:52:35.574301, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574326, 5, pid=21840] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/02/27 08:52:35.574353, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.574378, 10, pid=21840] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-1406987565-2067085585-2387977275-514 [2013/02/27 08:52:35.574408, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574434, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.574458, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574482, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.574506, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.574543, 5, pid=21840] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 514. [2013/02/27 08:52:35.574569, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.574593, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574618, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:35.574642, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.574665, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.574709, 5, pid=21840] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. [2013/02/27 08:52:35.574746, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574771, 5, pid=21840] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/02/27 08:52:35.574798, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.574823, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-1406987565-2067085585-2387977275-514 [2013/02/27 08:52:35.574850, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574875, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.574900, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.574924, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.574948, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.574991, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575017, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:35.575043, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:35.575068, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575094, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575118, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575142, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.575166, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.575209, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575234, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:35.575263, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:35.575289, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575314, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575338, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575362, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.575386, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.575430, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575455, 10, pid=21840] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/02/27 08:52:35.575481, 10, pid=21840] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/02/27 08:52:35.575507, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-1406987565-2067085585-2387977275-514 to gid, ignoring it [2013/02/27 08:52:35.575533, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/02/27 08:52:35.575559, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/02/27 08:52:35.575584, 10, pid=21840] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/02/27 08:52:35.575612, 10, pid=21840] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-5-21-1406987565-2067085585-2387977275-501 SID[ 1]: S-1-5-21-1406987565-2067085585-2387977275-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-65534 Privileges (0x 0): Rights (0x 0): [2013/02/27 08:52:35.575730, 10, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2013/02/27 08:52:35.575839, 3, pid=21840] rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2013/02/27 08:52:35.575868, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575893, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.575918, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.575942, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.575966, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.576028, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.576054, 10, pid=21840] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/02/27 08:52:35.576091, 4, pid=21840] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/02/27 08:52:35.576134, 10, pid=21840] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/02/27 08:52:35.576161, 10, pid=21840] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/02/27 08:52:35.576190, 4, pid=21840] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2013/02/27 08:52:35.576247, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/02/27 08:52:35.576405, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/02/27 08:52:35.576432, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2013/02/27 08:52:35.576458, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/02/27 08:52:35.576482, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/02/27 08:52:35.576507, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.576530, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM] [2013/02/27 08:52:35.576573, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.576627, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 result : WERR_OK [2013/02/27 08:52:35.576816, 5, pid=21840] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'UTF-8' for LOCALE [2013/02/27 08:52:35.576855, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/02/27 08:52:35.577154, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.577207, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.577236, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2013/02/27 08:52:35.577262, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.577289, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.577314, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.577337, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.577374, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.577401, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.577429, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.577457, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.577482, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.577506, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.577542, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.577567, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.577594, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.577618, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.577643, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.577667, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.577725, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.577754, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.577780, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.577832, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 result : WERR_OK [2013/02/27 08:52:35.577948, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/02/27 08:52:35.578098, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.578154, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x12be520) [2013/02/27 08:52:35.578179, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.578213, 10, pid=21840] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.578250, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.578559, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.578817, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.578869, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.578895, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.579121, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.579374, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.579426, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.579452, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.579674, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.579934, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.579986, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.580011, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.580232, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.580483, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.580535, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.580560, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.580817, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.581070, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.581123, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.581148, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.581372, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.581629, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.581681, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.581717, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.581941, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2013/02/27 08:52:35.582194, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.582247, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.582272, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.582516, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2013/02/27 08:52:35.582916, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.582970, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2013/02/27 08:52:35.582999, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.583026, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.583051, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.583076, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.583102, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.583127, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.583151, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.583175, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.583210, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.583236, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.583262, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.583288, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.583313, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.583341, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.583364, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.583402, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.583428, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.583453, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.583478, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.583504, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.583528, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.583554, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.583577, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.583624, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.583650, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2013/02/27 08:52:35.583675, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.583705, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.583731, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.583757, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.583781, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.583818, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.583844, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.583897, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.584040, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.584279, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.584331, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2013/02/27 08:52:35.584357, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.584382, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x12be520) [2013/02/27 08:52:35.584407, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.584442, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2013/02/27 08:52:35.584469, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2013/02/27 08:52:35.584495, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2013/02/27 08:52:35.584521, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2013/02/27 08:52:35.584547, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[28] [2013/02/27 08:52:35.584574, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[46] [2013/02/27 08:52:35.584600, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[106] [2013/02/27 08:52:35.584626, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.584689, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.584928, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.584984, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2013/02/27 08:52:35.585010, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.585036, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.585098, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.585332, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.585384, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2013/02/27 08:52:35.585410, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.585436, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.585506, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2013/02/27 08:52:35.585986, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.586037, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2013/02/27 08:52:35.586063, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.586089, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.586156, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2013/02/27 08:52:35.586676, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.586734, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2013/02/27 08:52:35.586760, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.586785, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.586850, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x63 (99) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x2f (47) [35] : 0x00 (0) [36] : 0x73 (115) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x62 (98) [41] : 0x00 (0) [42] : 0x64 (100) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2013/02/27 08:52:35.587580, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.587632, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2013/02/27 08:52:35.587658, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.587683, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.587753, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2013/02/27 08:52:35.589193, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.589245, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2013/02/27 08:52:35.589271, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.589297, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.589360, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.589446, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.589498, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.589549, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.589576, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.589601, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.589718, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2013/02/27 08:52:35.590110, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.590161, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2013/02/27 08:52:35.590188, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.590214, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.590239, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.590263, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.590289, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.590313, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.590338, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.590361, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.590396, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.590422, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.590447, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.590474, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.590497, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.590522, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.590545, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.590582, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.590609, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.590634, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.590659, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.590685, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.590720, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.590746, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.590770, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.590822, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.590850, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.590875, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2013/02/27 08:52:35.590900, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.590926, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.590950, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.590976, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.590999, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2013/02/27 08:52:35.591036, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.591062, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2013/02/27 08:52:35.591087, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.591113, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2013/02/27 08:52:35.591138, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2013/02/27 08:52:35.591163, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.591187, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2013/02/27 08:52:35.591220, 10, pid=21840] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2013/02/27 08:52:35.591247, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.591273, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.591325, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.591475, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2013/02/27 08:52:35.593084, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.593136, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2013/02/27 08:52:35.593163, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.593189, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x12be520) [2013/02/27 08:52:35.593214, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2013/02/27 08:52:35.593252, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2013/02/27 08:52:35.593279, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.593340, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.593426, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.593478, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.593529, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.593554, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.593579, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.593695, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2013/02/27 08:52:35.594088, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.594144, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2013/02/27 08:52:35.594171, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.594196, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.594221, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.594246, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.594273, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.594297, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.594321, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.594345, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.594380, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.594407, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.594432, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.594458, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.594483, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.594508, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.594532, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.594569, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.594595, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.594620, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.594645, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.594671, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.594695, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.594726, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.594750, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.594797, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.594824, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2013/02/27 08:52:35.594849, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.594875, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.594903, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.594928, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.594952, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.594991, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.595017, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.595069, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.595204, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.595437, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.595489, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2013/02/27 08:52:35.595515, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.595540, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x12be520) [2013/02/27 08:52:35.595565, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.595600, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2013/02/27 08:52:35.595627, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2013/02/27 08:52:35.595653, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2013/02/27 08:52:35.595679, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2013/02/27 08:52:35.595714, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[20] [2013/02/27 08:52:35.595741, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[46] [2013/02/27 08:52:35.595767, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[164] [2013/02/27 08:52:35.595793, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.595858, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.596093, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.596145, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2013/02/27 08:52:35.596171, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.596197, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.596259, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.596493, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.596548, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2013/02/27 08:52:35.596574, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.596600, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.596663, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2013/02/27 08:52:35.597136, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.597188, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2013/02/27 08:52:35.597214, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.597240, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.597306, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2013/02/27 08:52:35.597733, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.597785, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2013/02/27 08:52:35.597811, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.597836, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.597901, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x63 (99) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x2f (47) [35] : 0x00 (0) [36] : 0x73 (115) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x62 (98) [41] : 0x00 (0) [42] : 0x64 (100) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2013/02/27 08:52:35.598629, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.598680, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2013/02/27 08:52:35.598711, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.598737, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.598802, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2013/02/27 08:52:35.600922, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.600975, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2013/02/27 08:52:35.601001, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.601027, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.601090, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.601176, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.601228, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.601280, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.601306, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.601331, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.601445, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2013/02/27 08:52:35.601838, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.601891, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2013/02/27 08:52:35.601917, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.601943, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.601968, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.601993, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.602019, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.602043, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.602067, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.602090, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.602126, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.602152, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.602177, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.602203, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.602227, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.602252, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.602275, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.602312, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.602339, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.602367, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.602392, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.602418, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.602442, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.602467, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.602490, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.602537, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.602563, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.602588, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2013/02/27 08:52:35.602613, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.602639, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.602663, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.602689, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.602717, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2013/02/27 08:52:35.602756, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.602782, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2013/02/27 08:52:35.602807, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.602833, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2013/02/27 08:52:35.602858, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2013/02/27 08:52:35.602884, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.602907, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2013/02/27 08:52:35.602940, 10, pid=21840] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2013/02/27 08:52:35.602967, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.602993, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.603045, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.603188, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2013/02/27 08:52:35.604790, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.604846, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2013/02/27 08:52:35.604873, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.604898, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x12be520) [2013/02/27 08:52:35.604923, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2013/02/27 08:52:35.604958, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2013/02/27 08:52:35.604985, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.605045, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.605131, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.605183, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.605234, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.605259, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.605284, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.605399, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2013/02/27 08:52:35.605792, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.605844, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2013/02/27 08:52:35.605870, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.605896, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.605921, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.605947, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.605973, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.605997, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.606022, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.606045, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.606080, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.606106, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.606132, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.606158, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.606182, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.606207, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.606230, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.606267, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.606294, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.606319, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.606344, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.606370, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.606398, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.606423, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.606447, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.606493, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.606520, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2013/02/27 08:52:35.606545, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.606571, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.606595, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.606621, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.606644, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.606683, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.606715, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.606767, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.606901, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.607135, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.607187, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2013/02/27 08:52:35.607213, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.607242, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x12be520) [2013/02/27 08:52:35.607268, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.607303, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2013/02/27 08:52:35.607330, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2013/02/27 08:52:35.607356, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2013/02/27 08:52:35.607382, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2013/02/27 08:52:35.607408, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[48] [2013/02/27 08:52:35.607434, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[46] [2013/02/27 08:52:35.607460, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[126] [2013/02/27 08:52:35.607486, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.607549, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.607787, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.607839, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2013/02/27 08:52:35.607866, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.607891, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.607953, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.608188, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.608240, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2013/02/27 08:52:35.608266, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.608292, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.608356, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2013/02/27 08:52:35.608825, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.608881, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2013/02/27 08:52:35.608908, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.608933, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.609000, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2013/02/27 08:52:35.609758, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.609810, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2013/02/27 08:52:35.609837, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.609862, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.609927, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x63 (99) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x2f (47) [35] : 0x00 (0) [36] : 0x73 (115) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x62 (98) [41] : 0x00 (0) [42] : 0x64 (100) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2013/02/27 08:52:35.610654, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.610716, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2013/02/27 08:52:35.610743, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.610769, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.610834, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2013/02/27 08:52:35.612506, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.612558, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2013/02/27 08:52:35.612585, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.612611, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.612673, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.612764, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.612816, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.612867, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.612893, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.612918, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.613032, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2013/02/27 08:52:35.613419, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.613471, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2013/02/27 08:52:35.613498, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.613524, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.613549, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.613574, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.613600, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.613624, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.613648, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.613671, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.613710, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.613738, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.613763, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.613790, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.613814, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.613838, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.613865, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.613902, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.613929, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.613954, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.613979, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.614005, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.614029, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.614054, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.614078, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.614124, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.614151, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.614176, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2013/02/27 08:52:35.614201, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.614227, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.614252, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.614277, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.614301, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2013/02/27 08:52:35.614338, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.614364, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2013/02/27 08:52:35.614389, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.614416, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2013/02/27 08:52:35.614441, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2013/02/27 08:52:35.614466, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.614489, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2013/02/27 08:52:35.614524, 10, pid=21840] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2013/02/27 08:52:35.614552, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.614577, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.614632, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.614777, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2013/02/27 08:52:35.616383, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.616435, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2013/02/27 08:52:35.616462, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.616487, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x12be520) [2013/02/27 08:52:35.616512, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2013/02/27 08:52:35.616548, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2013/02/27 08:52:35.616575, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.616635, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.616725, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.616777, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.616828, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.616853, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.616878, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.616993, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2013/02/27 08:52:35.617384, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.617436, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2013/02/27 08:52:35.617463, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.617488, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.617514, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.617539, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.617565, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.617589, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.617614, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.617637, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.617673, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.617703, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.617730, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.617757, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.617781, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.617806, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.617830, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.617867, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.617894, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.617923, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.617948, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.617974, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.617998, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.618023, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.618047, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.618096, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.618123, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2013/02/27 08:52:35.618148, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.618175, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.618199, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.618224, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.618248, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.618284, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.618311, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.618362, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.618498, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.618737, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.618792, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2013/02/27 08:52:35.618819, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.618844, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x12be520) [2013/02/27 08:52:35.618869, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.618903, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Start] len[4] [2013/02/27 08:52:35.618930, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Type] len[4] [2013/02/27 08:52:35.618956, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[ErrorControl] len[4] [2013/02/27 08:52:35.618983, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[ObjectName] len[24] [2013/02/27 08:52:35.619009, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[DisplayName] len[74] [2013/02/27 08:52:35.619036, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[ImagePath] len[46] [2013/02/27 08:52:35.619062, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Description] len[178] [2013/02/27 08:52:35.619088, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.619151, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.619386, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.619438, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2013/02/27 08:52:35.619465, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.619490, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.619556, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2013/02/27 08:52:35.619796, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.619848, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2013/02/27 08:52:35.619874, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.619900, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.619964, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2013/02/27 08:52:35.620438, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.620490, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2013/02/27 08:52:35.620516, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.620542, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.620609, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2013/02/27 08:52:35.621684, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.621741, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2013/02/27 08:52:35.621767, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.621793, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.621857, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(46) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x36 (54) [17] : 0x00 (0) [18] : 0x34 (52) [19] : 0x00 (0) [20] : 0x2f (47) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x63 (99) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x6c (108) [33] : 0x00 (0) [34] : 0x2f (47) [35] : 0x00 (0) [36] : 0x6e (110) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x62 (98) [41] : 0x00 (0) [42] : 0x64 (100) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) size : 0x0000002e (46) [2013/02/27 08:52:35.622586, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.622638, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2013/02/27 08:52:35.622664, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.622690, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.622769, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2013/02/27 08:52:35.625059, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.625111, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2013/02/27 08:52:35.625137, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.625163, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.625224, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.625311, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.625363, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.625417, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.625443, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.625468, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.625583, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2013/02/27 08:52:35.625978, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.626031, 10, pid=21840] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2013/02/27 08:52:35.626058, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.626083, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.626109, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.626134, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.626160, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.626184, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.626209, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.626233, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.626271, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.626298, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.626323, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.626349, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.626373, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.626398, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.626422, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.626459, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.626486, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.626510, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.626535, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.626561, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.626585, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.626610, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.626633, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.626680, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.626712, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 [2013/02/27 08:52:35.626738, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2013/02/27 08:52:35.626762, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.626789, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.626813, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.626838, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.626861, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2013/02/27 08:52:35.626899, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.626926, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2013/02/27 08:52:35.626951, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.626978, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2013/02/27 08:52:35.627002, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2013/02/27 08:52:35.627031, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.627055, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2013/02/27 08:52:35.627088, 10, pid=21840] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2013/02/27 08:52:35.627114, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.627140, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.627192, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-2d51-43bb50550000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2013/02/27 08:52:35.627332, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-2d51-43bb50550000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2013/02/27 08:52:35.628942, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.628994, 8, pid=21840] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2013/02/27 08:52:35.629020, 5, pid=21840] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 [2013/02/27 08:52:35.629045, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x12be520) [2013/02/27 08:52:35.629070, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2013/02/27 08:52:35.629105, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[120] [2013/02/27 08:52:35.629132, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2013/02/27 08:52:35.629192, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.629278, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.629330, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.629381, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.629406, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.629431, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.629542, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.629628, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.629680, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.629736, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.629762, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2013/02/27 08:52:35.629787, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.629893, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2013/02/27 08:52:35.629934, 3, pid=21840] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2013/02/27 08:52:35.629963, 4, pid=21840] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/02/27 08:52:35.629991, 10, pid=21840] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2013/02/27 08:52:35.630019, 4, pid=21840] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2013/02/27 08:52:35.630051, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/02/27 08:52:35.630200, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/02/27 08:52:35.630225, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2013/02/27 08:52:35.630251, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/02/27 08:52:35.630275, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/02/27 08:52:35.630299, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.630322, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM] [2013/02/27 08:52:35.630361, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.630418, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-2d51-43bb50550000 result : WERR_OK [2013/02/27 08:52:35.630529, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-2d51-43bb50550000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/02/27 08:52:35.630840, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.630894, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2013/02/27 08:52:35.630919, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2013/02/27 08:52:35.630946, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2013/02/27 08:52:35.630970, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2013/02/27 08:52:35.630994, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.631018, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM] [2013/02/27 08:52:35.631055, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2013/02/27 08:52:35.631082, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.631108, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.631132, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.631157, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.631181, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet] [2013/02/27 08:52:35.631221, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2013/02/27 08:52:35.631251, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.631278, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.631302, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.631327, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.631350, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2013/02/27 08:52:35.631400, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2013/02/27 08:52:35.631427, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2013/02/27 08:52:35.631454, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.631478, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.631503, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.631527, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.631567, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2013/02/27 08:52:35.631594, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.631619, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.631644, 4, pid=21840] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.631696, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-2d51-43bb50550000 result : WERR_OK [2013/02/27 08:52:35.631814, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-2d51-43bb50550000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/02/27 08:52:35.631959, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.632012, 10, pid=21840] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x12be520) [2013/02/27 08:52:35.632037, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.632078, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2013/02/27 08:52:35.632106, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2013/02/27 08:52:35.632132, 10, pid=21840] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.632169, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/02/27 08:52:35.632469, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-2d51-43bb50550000 [2013/02/27 08:52:35.632555, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.632608, 4, pid=21840] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 2D 51 43 BB ........ ....-QC. [0010] 50 55 00 00 PU.. [2013/02/27 08:52:35.632659, 3, pid=21840] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/02/27 08:52:35.632684, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2013/02/27 08:52:35.632715, 1, pid=21840] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/02/27 08:52:35.632879, 3, pid=21840] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2013/02/27 08:52:35.632919, 10, pid=21840] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2013/02/27 08:52:35.632956, 10, pid=21840] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b70090 [2013/02/27 08:52:35.633048, 10, pid=21840] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2013/02/27 08:52:35.633087, 5, pid=21840] printing/print_cups.c:449(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2013/02/27 08:52:35.633403, 10, pid=21840] printing/print_cups.c:466(cups_pcap_load_async) cups_pcap_load_async: child pid = 21841 [2013/02/27 08:52:35.633461, 10, pid=21840] printing/print_cups.c:586(cups_cache_reload) cups_cache_reload: async read on fd 26 [2013/02/27 08:52:35.633500, 3, pid=21840] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2013/02/27 08:52:35.633528, 3, pid=21840] printing/printing.c:1695(start_background_queue) start_background_queue: Starting background LPQ thread [2013/02/27 08:52:35.633669, 5, pid=21841] printing/print_cups.c:318(cups_cache_reload_async) reloading cups printcap cache [2013/02/27 08:52:35.633833, 5, pid=21842] printing/printing.c:1718(start_background_queue) start_background_queue: background LPQ thread started [2013/02/27 08:52:35.633996, 10, pid=21840] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2013/02/27 08:52:35.634044, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 [2013/02/27 08:52:35.634085, 10, pid=21841] printing/print_cups.c:130(cups_connect) TCP_NODELAY = 0 [2013/02/27 08:52:35.634095, 10, pid=21842] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) TCP_KEEPCNT = 9 connecting to cups server /var/run/cups/cups.sock:631 TCP_KEEPIDLE = 7200 Locking key 52550000FFFFFFFF TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 [2013/02/27 08:52:35.634176, 10, pid=21842] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) SO_SNDBUF = 16384 Allocated locked data 0x0x2b6f800 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.634274, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 [2013/02/27 08:52:35.634307, 10, pid=21842] lib/dbwrap_tdb.c:44(db_tdb_record_destr) SO_BROADCAST = 0 TCP_NODELAY = 1 Unlocking key 52550000FFFFFFFF TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 [2013/02/27 08:52:35.634373, 10, pid=21842] smbd/process.c:920(event_add_idle) IPTOS_THROUGHPUT = 0 event_add_idle: idle_evt(printer_housekeeping) 0x2b72ac0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 [2013/02/27 08:52:35.634417, 5, pid=21842] printing/printing.c:1763(start_background_queue) SO_SNDLOWAT = 1 start_background_queue: background LPQ thread waiting for messages SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.634530, 10, pid=21840] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2013/02/27 08:52:35.634560, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.634762, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.634982, 10, pid=21840] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2013/02/27 08:52:35.635011, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.635204, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.635419, 10, pid=21840] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2013/02/27 08:52:35.635449, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.635637, 5, pid=21840] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:35.635840, 10, pid=21840] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 50550000FFFFFFFF [2013/02/27 08:52:35.635870, 10, pid=21840] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b72980 [2013/02/27 08:52:35.635912, 10, pid=21840] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 50550000FFFFFFFF [2013/02/27 08:52:35.635943, 5, pid=21840] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2013/02/27 08:52:35.637658, 10, pid=21841] printing/print_cups.c:171(send_pcap_blob) successfully sent blob of len 141 [2013/02/27 08:52:35.638068, 10, pid=21840] smbd/avahi_register.c:79(avahi_client_callback) avahi_client_callback: AVAHI_CLIENT_S_RUNNING [2013/02/27 08:52:35.638475, 10, pid=21840] smbd/avahi_register.c:61(avahi_entry_group_callback) avahi_entry_group_callback: AVAHI_ENTRY_GROUP_UNCOMMITED [2013/02/27 08:52:35.639067, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2013/02/27 08:52:35.639114, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2013/02/27 08:52:35.639164, 10, pid=21840] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2013/02/27 08:52:35.639226, 2, pid=21840] smbd/server.c:815(smbd_parent_loop) waiting for connections [2013/02/27 08:52:35.639277, 2, pid=21840] smbd/server.c:301(remove_child_pid) Could not find child 21841 -- ignoring [2013/02/27 08:52:35.639315, 10, pid=21840] lib/events.c:221(run_events_poll) Running timed event "avahi_timeout_handler" 0x2b7b0d0 [2013/02/27 08:52:35.639371, 10, pid=21840] lib/events.c:221(run_events_poll) Running timed event "avahi_timeout_handler" 0x2b7c5d0 [2013/02/27 08:52:35.639420, 10, pid=21840] smbd/avahi_register.c:65(avahi_entry_group_callback) avahi_entry_group_callback: AVAHI_ENTRY_GROUP_REGISTERING [2013/02/27 08:52:35.639477, 5, pid=21840] printing/print_cups.c:512(cups_async_callback) cups_async_callback: callback received for printer data. fd = 26 [2013/02/27 08:52:35.639518, 10, pid=21840] printing/print_cups.c:196(recv_pcap_blob) successfully recvd blob of len 141 [2013/02/27 08:52:35.639578, 10, pid=21840] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2013/02/27 08:52:35.639621, 10, pid=21840] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b704b0 [2013/02/27 08:52:35.639660, 10, pid=21840] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2013/02/27 08:52:35.639721, 10, pid=21840] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2013/02/27 08:52:35.639768, 10, pid=21840] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b7b0d0 [2013/02/27 08:52:35.639808, 10, pid=21840] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2013/02/27 08:52:35.639888, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.639942, 10, pid=21840] registry/reg_init_smbconf.c:41(registry_init_smbconf) registry_init_smbconf called [2013/02/27 08:52:35.640012, 10, pid=21840] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2013/02/27 08:52:35.640229, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2013/02/27 08:52:35.640285, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] [2013/02/27 08:52:35.640324, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/02/27 08:52:35.640377, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] [2013/02/27 08:52:35.640415, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.640466, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2013/02/27 08:52:35.640505, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2013/02/27 08:52:35.640542, 10, pid=21840] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2013/02/27 08:52:35.640593, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[DisplayName] len[20] [2013/02/27 08:52:35.640631, 10, pid=21840] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[ErrorControl] len[4] [2013/02/27 08:52:35.640677, 10, pid=21840] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0x12be580 for key [\HKLM\SOFTWARE\Samba\smbconf] [2013/02/27 08:52:35.640738, 8, pid=21840] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2013/02/27 08:52:35.640775, 10, pid=21840] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2013/02/27 08:52:35.640810, 8, pid=21840] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2013/02/27 08:52:35.640844, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2013/02/27 08:52:35.640890, 4, pid=21840] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.640916, 4, pid=21840] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:35.640941, 4, pid=21840] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:35.640965, 5, pid=21840] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:35.640989, 5, pid=21840] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:35.641050, 4, pid=21840] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:35.641076, 10, pid=21840] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/02/27 08:52:35.641101, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/02/27 08:52:35.641130, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2013/02/27 08:52:35.641157, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/02/27 08:52:35.641180, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/02/27 08:52:35.641205, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.641228, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM] [2013/02/27 08:52:35.641267, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/02/27 08:52:35.641293, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2013/02/27 08:52:35.641319, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/02/27 08:52:35.641343, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/02/27 08:52:35.641367, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.641391, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SOFTWARE] [2013/02/27 08:52:35.641432, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Samba] [2013/02/27 08:52:35.641458, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2013/02/27 08:52:35.641484, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba] [2013/02/27 08:52:35.641508, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba] [2013/02/27 08:52:35.641532, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.641556, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be520 for key [\HKLM\SOFTWARE\Samba] [2013/02/27 08:52:35.641594, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [smbconf] [2013/02/27 08:52:35.641620, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2013/02/27 08:52:35.641646, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf] [2013/02/27 08:52:35.641670, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf] [2013/02/27 08:52:35.641696, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.641725, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be580 for key [\HKLM\SOFTWARE\Samba\smbconf] [2013/02/27 08:52:35.641761, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2013/02/27 08:52:35.641788, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2013/02/27 08:52:35.641814, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2013/02/27 08:52:35.641839, 5, pid=21840] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2013/02/27 08:52:35.641866, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2013/02/27 08:52:35.641891, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2013/02/27 08:52:35.641917, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.641945, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.641970, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.641994, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be580 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.642027, 10, pid=21840] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2013/02/27 08:52:35.642052, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2013/02/27 08:52:35.642080, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.642106, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.642132, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.642155, 10, pid=21840] smbd/server_reload.c:53(reload_printers) reloading printer services from pcap cache [2013/02/27 08:52:35.642190, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.642215, 5, pid=21840] param/loadparm.c:7280(process_registry_service) process_registry_service: service name printers [2013/02/27 08:52:35.642239, 7, pid=21840] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2013/02/27 08:52:35.642264, 10, pid=21840] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2013/02/27 08:52:35.642290, 10, pid=21840] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.642314, 10, pid=21840] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.642339, 10, pid=21840] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/02/27 08:52:35.642363, 10, pid=21840] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x12be580 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2013/02/27 08:52:35.642394, 10, pid=21840] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2013/02/27 08:52:35.642420, 10, pid=21840] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2013/02/27 08:52:35.642447, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:35.642473, 7, pid=21840] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find printers [2013/02/27 08:52:36.433935, 10, pid=21840] lib/events.c:221(run_events_poll) Running timed event "avahi_timeout_handler" 0x2b7c5d0 [2013/02/27 08:52:36.434033, 10, pid=21840] smbd/avahi_register.c:46(avahi_entry_group_callback) avahi_entry_group_callback: AVAHI_ENTRY_GROUP_ESTABLISHED [2013/02/27 08:52:41.637892, 10, pid=21845] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 55550000FFFFFFFF [2013/02/27 08:52:41.638044, 10, pid=21845] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b6b2c0 [2013/02/27 08:52:41.638118, 10, pid=21845] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 55550000FFFFFFFF [2013/02/27 08:52:41.638193, 5, pid=21845] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 172560 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:41.638507, 5, pid=21845] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 172560 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2013/02/27 08:52:41.638948, 6, pid=21845] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Feb 27 08:52:30 2013 [2013/02/27 08:52:41.639040, 3, pid=21845] lib/access.c:338(allow_access) Allowed connection from ::1 (::1) [2013/02/27 08:52:41.639076, 10, pid=21845] smbd/process.c:3020(smbd_process) Connection allowed from ipv6:::1:34467 to ipv6:::1:445 [2013/02/27 08:52:41.639151, 3, pid=21845] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/02/27 08:52:41.639247, 3, pid=21845] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/02/27 08:52:41.639289, 5, pid=21845] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2013/02/27 08:52:41.639335, 10, pid=21845] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0x2b5c420 [2013/02/27 08:52:41.639377, 10, pid=21845] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0x2b6c950 [2013/02/27 08:52:41.639416, 10, pid=21845] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x2b6cce0 [2013/02/27 08:52:41.639499, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2013/02/27 08:52:41.639553, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2013/02/27 08:52:41.639590, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2013/02/27 08:52:41.639628, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:41.639649, 5, pid=21845] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=21844 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2013/02/27 08:52:41.639857, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2013/02/27 08:52:41.640177, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 21845) conn 0x0 [2013/02/27 08:52:41.640218, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.640258, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.640299, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.640363, 5, pid=21845] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/02/27 08:52:41.640692, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/02/27 08:52:41.640925, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2013/02/27 08:52:41.640964, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2013/02/27 08:52:41.641007, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2013/02/27 08:52:41.641046, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2013/02/27 08:52:41.641083, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2013/02/27 08:52:41.641121, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2013/02/27 08:52:41.641158, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2013/02/27 08:52:41.641196, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2013/02/27 08:52:41.641233, 3, pid=21845] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2013/02/27 08:52:41.641274, 10, pid=21845] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2013/02/27 08:52:41.641321, 6, pid=21845] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Feb 27 08:52:30 2013 [2013/02/27 08:52:41.641400, 10, pid=21845] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 55550000FFFFFFFF [2013/02/27 08:52:41.641444, 10, pid=21845] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b7f9d0 [2013/02/27 08:52:41.641483, 10, pid=21845] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 55550000FFFFFFFF [2013/02/27 08:52:41.641537, 6, pid=21845] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Feb 27 08:52:30 2013 [2013/02/27 08:52:41.641629, 10, pid=21845] smbd/negprot.c:44(get_challenge) get challenge: creating negprot_global_auth_context [2013/02/27 08:52:41.641668, 5, pid=21845] auth/auth.c:508(make_auth_context_subsystem) Making default auth method list for security=share, encrypt passwords = yes [2013/02/27 08:52:41.641722, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam [2013/02/27 08:52:41.641764, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam' [2013/02/27 08:52:41.641799, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2013/02/27 08:52:41.641839, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2013/02/27 08:52:41.641879, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend unix [2013/02/27 08:52:41.641917, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'unix' [2013/02/27 08:52:41.641952, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend winbind [2013/02/27 08:52:41.641988, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'winbind' [2013/02/27 08:52:41.642025, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend wbc [2013/02/27 08:52:41.642061, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'wbc' [2013/02/27 08:52:41.642102, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend smbserver [2013/02/27 08:52:41.642141, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'smbserver' [2013/02/27 08:52:41.642178, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend trustdomain [2013/02/27 08:52:41.642215, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'trustdomain' [2013/02/27 08:52:41.642250, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend ntdomain [2013/02/27 08:52:41.642287, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'ntdomain' [2013/02/27 08:52:41.642324, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend guest [2013/02/27 08:52:41.642363, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'guest' [2013/02/27 08:52:41.642399, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend fixed_challenge [2013/02/27 08:52:41.642435, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'fixed_challenge' [2013/02/27 08:52:41.642471, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend name_to_ntstatus [2013/02/27 08:52:41.642508, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'name_to_ntstatus' [2013/02/27 08:52:41.642545, 5, pid=21845] auth/auth.c:48(smb_register_auth) Attempting to register auth backend netlogond [2013/02/27 08:52:41.642583, 5, pid=21845] auth/auth.c:60(smb_register_auth) Successfully added auth method 'netlogond' [2013/02/27 08:52:41.642618, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2013/02/27 08:52:41.642656, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2013/02/27 08:52:41.642692, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2013/02/27 08:52:41.642737, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2013/02/27 08:52:41.642773, 10, pid=21845] smbd/negprot.c:52(get_challenge) get challenge: getting challenge [2013/02/27 08:52:41.642843, 5, pid=21845] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2013/02/27 08:52:41.642910, 5, pid=21845] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2013/02/27 08:52:41.642984, 5, pid=21845] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2013/02/27 08:52:41.643057, 5, pid=21845] auth/auth.c:135(get_ntlm_challenge) challenge is: [2013/02/27 08:52:41.643126, 5, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 53 03 19 F5 6A C3 0A F4 S...j... [2013/02/27 08:52:41.643204, 3, pid=21845] smbd/negprot.c:401(reply_nt1) not using SPNEGO [2013/02/27 08:52:41.643258, 3, pid=21845] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2013/02/27 08:52:41.643325, 5, pid=21845] smbd/negprot.c:711(reply_negprot) negprot index=8 [2013/02/27 08:52:41.643380, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:41.643404, 5, pid=21845] lib/util.c:342(show_msg) size=97 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49155 smb_tid=0 smb_pid=21844 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12802 (0x3202) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=21760 (0x5500) smb_vwv[ 8]= 85 (0x55) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=46080 (0xB400) smb_vwv[12]=37585 (0x92D1) smb_vwv[13]=49003 (0xBF6B) smb_vwv[14]=52756 (0xCE14) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 2303 (0x8FF) smb_bcc=28 [2013/02/27 08:52:41.644340, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 53 03 19 F5 6A C3 0A F4 44 00 49 00 53 00 43 00 S...j... D.I.S.C. [0010] 57 00 4F 00 52 00 4C 00 44 00 00 00 W.O.R.L. D... [2013/02/27 08:52:41.644591, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2013/02/27 08:52:41.644642, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2013/02/27 08:52:41.644686, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 1 of length 92 (0 toread) [2013/02/27 08:52:41.644736, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:41.644758, 5, pid=21845] lib/util.c:342(show_msg) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=21844 smb_uid=0 smb_mid=2 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]=21844 (0x5554) smb_vwv[ 5]=21845 (0x5555) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53340 (0xD05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2013/02/27 08:52:41.645202, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [0010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2013/02/27 08:52:41.645288, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 21845) conn 0x0 [2013/02/27 08:52:41.645328, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.645367, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.645407, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.645465, 5, pid=21845] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/02/27 08:52:41.645507, 3, pid=21845] smbd/sesssetup.c:1345(reply_sesssetup_and_X) wct=13 flg2=0xc801 [2013/02/27 08:52:41.645557, 3, pid=21845] smbd/sesssetup.c:1548(reply_sesssetup_and_X) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null] [2013/02/27 08:52:41.645596, 3, pid=21845] smbd/sesssetup.c:1564(reply_sesssetup_and_X) sesssetupX:name=[]\[]@[__1] [2013/02/27 08:52:41.645644, 6, pid=21845] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Feb 27 08:52:30 2013 [2013/02/27 08:52:41.645746, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.645785, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.645828, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.645872, 3, pid=21845] smbd/sesssetup.c:151(check_guest_password) Got anonymous request [2013/02/27 08:52:41.645910, 5, pid=21845] auth/auth.c:508(make_auth_context_subsystem) Making default auth method list for security=share, encrypt passwords = yes [2013/02/27 08:52:41.645952, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2013/02/27 08:52:41.645993, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2013/02/27 08:52:41.646030, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2013/02/27 08:52:41.646069, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2013/02/27 08:52:41.646111, 5, pid=21845] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/02/27 08:52:41.646148, 5, pid=21845] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/02/27 08:52:41.646188, 5, pid=21845] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/02/27 08:52:41.646261, 10, pid=21845] auth/user_info.c:123(make_user_info) made a user_info for () [2013/02/27 08:52:41.646302, 3, pid=21845] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2013/02/27 08:52:41.646342, 3, pid=21845] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: []\[]@[] [2013/02/27 08:52:41.646379, 10, pid=21845] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by fixed [2013/02/27 08:52:41.646422, 10, pid=21845] auth/auth.c:233(check_ntlm_password) challenge is: [2013/02/27 08:52:41.646551, 5, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 00 00 ........ [2013/02/27 08:52:41.646638, 10, pid=21845] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/02/27 08:52:41.646754, 3, pid=21845] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/02/27 08:52:41.646802, 5, pid=21845] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/02/27 08:52:41.647068, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 84 [2013/02/27 08:52:41.647136, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x54 [2013/02/27 08:52:41.647179, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 2 of length 88 (0 toread) [2013/02/27 08:52:41.647219, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:41.647241, 5, pid=21845] lib/util.c:342(show_msg) size=84 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=65535 smb_pid=21844 smb_uid=0 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=41 [2013/02/27 08:52:41.647526, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4C 00 4F 00 43 00 41 00 4C 00 48 .\.\.L.O .C.A.L.H [0010] 00 4F 00 53 00 54 00 5C 00 47 00 55 00 52 00 55 .O.S.T.\ .G.U.R.U [0020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? . [2013/02/27 08:52:41.647645, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 21845) conn 0x0 [2013/02/27 08:52:41.647736, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.647782, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.647821, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.647881, 5, pid=21845] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/02/27 08:52:41.647929, 4, pid=21845] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [GURU] [2013/02/27 08:52:41.647989, 5, pid=21845] smbd/service.c:1354(make_connection) making a connection to 'normal' service guru [2013/02/27 08:52:41.648038, 3, pid=21845] lib/access.c:338(allow_access) Allowed connection from ::1 (::1) [2013/02/27 08:52:41.648082, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user guru [2013/02/27 08:52:41.648121, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is guru [2013/02/27 08:52:41.649398, 5, pid=21845] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is GURU [2013/02/27 08:52:41.650470, 5, pid=21845] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in guru [2013/02/27 08:52:41.650561, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [guru]! [2013/02/27 08:52:41.650736, 5, pid=21845] auth/auth.c:508(make_auth_context_subsystem) Making default auth method list for security=share, encrypt passwords = yes [2013/02/27 08:52:41.650819, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2013/02/27 08:52:41.650921, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method guest has a valid init [2013/02/27 08:52:41.650993, 5, pid=21845] auth/auth.c:385(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2013/02/27 08:52:41.651065, 5, pid=21845] auth/auth.c:410(load_auth_module) load_auth_module: auth method sam has a valid init [2013/02/27 08:52:41.651141, 5, pid=21845] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2013/02/27 08:52:41.651213, 5, pid=21845] auth/auth.c:99(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2013/02/27 08:52:41.651288, 5, pid=21845] auth/auth.c:134(get_ntlm_challenge) auth_context challenge created by random [2013/02/27 08:52:41.651360, 5, pid=21845] auth/auth.c:135(get_ntlm_challenge) challenge is: [2013/02/27 08:52:41.651430, 5, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 0C D4 9B 09 4A 44 FE 79 ....JD.y [2013/02/27 08:52:41.651508, 5, pid=21845] auth/auth_util.c:312(make_user_info_for_reply) make_user_info_for_reply: User passwords not in encrypted format. [2013/02/27 08:52:41.651580, 10, pid=21845] auth/auth_util.c:318(make_user_info_for_reply) Unencrypted password (len 1): [2013/02/27 08:52:41.651942, 5, pid=21845] auth/auth_util.c:110(make_user_info_map) Mapping user [DISCWORLD]\[nobody] from workstation [__1] [2013/02/27 08:52:41.652000, 5, pid=21845] auth/auth_util.c:131(make_user_info_map) Mapped domain from [DISCWORLD] to [MAGRATHEA] for user [nobody] from workstation [__1] [2013/02/27 08:52:41.652072, 5, pid=21845] auth/user_info.c:59(make_user_info) attempting to make a user_info for nobody (nobody) [2013/02/27 08:52:41.652146, 5, pid=21845] auth/user_info.c:70(make_user_info) making strings for nobody's user_info struct [2013/02/27 08:52:41.652218, 5, pid=21845] auth/user_info.c:87(make_user_info) making blobs for nobody's user_info struct [2013/02/27 08:52:41.652290, 10, pid=21845] auth/user_info.c:123(make_user_info) made a user_info for nobody (nobody) [2013/02/27 08:52:41.652361, 3, pid=21845] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [DISCWORLD]\[nobody]@[__1] with the new password interface [2013/02/27 08:52:41.652432, 3, pid=21845] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [MAGRATHEA]\[nobody]@[__1] [2013/02/27 08:52:41.652507, 10, pid=21845] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/02/27 08:52:41.652579, 10, pid=21845] auth/auth.c:233(check_ntlm_password) challenge is: [2013/02/27 08:52:41.652650, 5, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 0C D4 9B 09 4A 44 FE 79 ....JD.y [2013/02/27 08:52:41.652740, 10, pid=21845] auth/auth_builtin.c:44(check_guest_security) Check auth for: [nobody] [2013/02/27 08:52:41.652800, 10, pid=21845] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2013/02/27 08:52:41.652872, 10, pid=21845] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [nobody] [2013/02/27 08:52:41.652944, 8, pid=21845] lib/util.c:1521(is_myname) is_myname("MAGRATHEA") returns 1 [2013/02/27 08:52:41.653015, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.653089, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.653160, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.653230, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.653302, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.653440, 5, pid=21845] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_nobody [2013/02/27 08:52:41.653528, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.653599, 3, pid=21845] auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'nobody' in passdb. [2013/02/27 08:52:41.653674, 5, pid=21845] auth/auth.c:271(check_ntlm_password) check_ntlm_password: sam authentication for user [nobody] FAILED with error NT_STATUS_NO_SUCH_USER [2013/02/27 08:52:41.653782, 2, pid=21845] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_NO_SUCH_USER [2013/02/27 08:52:41.653888, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.653940, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.654012, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.654085, 3, pid=21845] smbd/password.c:721(authorise_login) authorise_login: ACCEPTED: guest account and guest ok (nobody) [2013/02/27 08:52:41.654158, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.654229, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.654300, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.654398, 10, pid=21845] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\nobody => domain=[Unix User], name=[nobody] [2013/02/27 08:52:41.654452, 10, pid=21845] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/02/27 08:52:41.654568, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.654621, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.654694, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.654799, 10, pid=21845] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/02/27 08:52:41.654875, 10, pid=21845] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/02/27 08:52:41.654928, 10, pid=21845] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain MAGRATHEA, was [2013/02/27 08:52:41.655024, 10, pid=21845] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 [2013/02/27 08:52:41.655080, 10, pid=21845] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1406987565-2067085585-2387977275-501 from rid 501 [2013/02/27 08:52:41.655187, 10, pid=21845] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was nobody [2013/02/27 08:52:41.655264, 10, pid=21845] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-22-1-65534 [2013/02/27 08:52:41.655385, 5, pid=21845] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65533 [2013/02/27 08:52:41.655439, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.655511, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.655583, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.655655, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.655741, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.655880, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.655934, 10, pid=21845] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 65533 -> sid S-1-22-2-65533 [2013/02/27 08:52:41.656036, 3, pid=21845] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for nobody [2013/02/27 08:52:41.656096, 10, pid=21845] auth/server_info.c:349(samu_to_SamInfo3) Unix User found in struct samu. Rid marked as special and sid (S-1-22-1-65534) saved as extra sid [2013/02/27 08:52:41.656199, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.656251, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.656323, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.656441, 10, pid=21845] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [nobody] [2013/02/27 08:52:41.657766, 5, pid=21845] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2013/02/27 08:52:41.657809, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.657838, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.657866, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.657894, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.657921, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.657972, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.658002, 10, pid=21845] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2013/02/27 08:52:41.658042, 10, pid=21845] passdb/lookup_sid.c:76(lookup_name) lookup_name: MAGRATHEA\nobody => domain=[MAGRATHEA], name=[nobody] [2013/02/27 08:52:41.658071, 10, pid=21845] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/02/27 08:52:41.658102, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.658130, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.658157, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.658185, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.658211, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.658258, 5, pid=21845] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_nobody [2013/02/27 08:52:41.658300, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.658328, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.658354, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.658380, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.658405, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.658430, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.658478, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.658507, 10, pid=21845] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\nobody => domain=[Unix User], name=[nobody] [2013/02/27 08:52:41.658533, 10, pid=21845] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/02/27 08:52:41.658566, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.658593, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.658620, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.658655, 10, pid=21845] passdb/lookup_sid.c:1544(sid_to_uid) sid S-1-22-1-65534 -> uid 65534 [2013/02/27 08:52:41.658903, 10, pid=21845] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [nobody] [2013/02/27 08:52:41.659019, 10, pid=21845] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-65534 [2013/02/27 08:52:41.659068, 10, pid=21845] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:41.659099, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659128, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.659156, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659183, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.659210, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.659260, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.659290, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:41.659319, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659347, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.659374, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659401, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.659428, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.659493, 10, pid=21845] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/02/27 08:52:41.659524, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:41.659552, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659579, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:41.659607, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.659632, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.659681, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659723, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2013/02/27 08:52:41.659755, 5, pid=21845] passdb/pdb_util.c:128(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2013/02/27 08:52:41.659785, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.659821, 10, pid=21845] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:41.659849, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659875, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.659904, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.659930, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.659955, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.660000, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.660027, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:41.660054, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660080, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.660105, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660131, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.660156, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.660208, 10, pid=21845] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/02/27 08:52:41.660236, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/02/27 08:52:41.660263, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660288, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/02/27 08:52:41.660314, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.660339, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.660384, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660411, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/02/27 08:52:41.660440, 5, pid=21845] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/02/27 08:52:41.660468, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.660495, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660520, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.660546, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.660571, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.660597, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.660691, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661030, 4, pid=21845] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-65534] [2013/02/27 08:52:41.661062, 4, pid=21845] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65533] [2013/02/27 08:52:41.661093, 4, pid=21845] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65534] [2013/02/27 08:52:41.661126, 5, pid=21845] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/02/27 08:52:41.661167, 4, pid=21845] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/02/27 08:52:41.661202, 4, pid=21845] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/02/27 08:52:41.661263, 10, pid=21845] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/02/27 08:52:41.661292, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661319, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661344, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661370, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.661395, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.661442, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661469, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:41.661496, 10, pid=21845] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/02/27 08:52:41.661523, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661549, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661575, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661600, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.661625, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.661671, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661702, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:41.661734, 10, pid=21845] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/02/27 08:52:41.661761, 4, pid=21845] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661786, 4, pid=21845] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661814, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/02/27 08:52:41.661839, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.661864, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.661912, 4, pid=21845] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.661938, 10, pid=21845] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/02/27 08:52:41.661965, 10, pid=21845] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/02/27 08:52:41.661992, 10, pid=21845] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/02/27 08:52:41.662020, 10, pid=21845] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/02/27 08:52:41.662048, 10, pid=21845] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/02/27 08:52:41.662076, 10, pid=21845] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-22-1-65534 SID[ 1]: S-1-22-2-65533 SID[ 2]: S-1-22-2-65534 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 Privileges (0x 0): Rights (0x 0): [2013/02/27 08:52:41.662205, 10, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2013/02/27 08:52:41.662269, 5, pid=21845] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/02/27 08:52:41.662296, 5, pid=21845] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/02/27 08:52:41.662325, 5, pid=21845] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/02/27 08:52:41.662361, 10, pid=21845] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service guru, connectpath = /srv/samba/tmp [2013/02/27 08:52:41.662391, 3, pid=21845] smbd/service.c:872(make_connection_snum) Connect path is '/srv/samba/tmp' for service [guru] [2013/02/27 08:52:41.662434, 10, pid=21845] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/02/27 08:52:41.662465, 10, pid=21845] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/02/27 08:52:41.662497, 3, pid=21845] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/02/27 08:52:41.662528, 10, pid=21845] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/02/27 08:52:41.662555, 5, pid=21845] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/02/27 08:52:41.662584, 10, pid=21845] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/02/27 08:52:41.662611, 5, pid=21845] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/02/27 08:52:41.662638, 3, pid=21845] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/02/27 08:52:41.662667, 10, pid=21845] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/02/27 08:52:41.662720, 5, pid=21845] smbd/connection.c:134(claim_connection) claiming [guru] [2013/02/27 08:52:41.662789, 10, pid=21845] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 55550000FFFFFFFF0DF0 [2013/02/27 08:52:41.662824, 10, pid=21845] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b6bbf0 [2013/02/27 08:52:41.663034, 10, pid=21845] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 55550000FFFFFFFF0DF0 [2013/02/27 08:52:41.663148, 10, pid=21845] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service guru, connectpath = /srv/samba/tmp [2013/02/27 08:52:41.663185, 10, pid=21845] smbd/share_access.c:241(user_ok_token) user_ok_token: share guru is ok for unix user nobody [2013/02/27 08:52:41.663216, 10, pid=21845] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share guru is read-write for unix user nobody [2013/02/27 08:52:41.663251, 10, pid=21845] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/02/27 08:52:41.663287, 10, pid=21845] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/02/27 08:52:41.663320, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.663349, 5, pid=21845] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-22-1-65534 SID[ 1]: S-1-22-2-65533 SID[ 2]: S-1-22-2-65534 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 Privileges (0x 0): Rights (0x 0): [2013/02/27 08:52:41.663477, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2013/02/27 08:52:41.663542, 5, pid=21845] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65533) [2013/02/27 08:52:41.663573, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:41.663601, 5, pid=21845] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/02/27 08:52:41.663628, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/02/27 08:52:41.663670, 5, pid=21845] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/02/27 08:52:41.663730, 10, pid=21845] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service guru, connectpath = /srv/samba/tmp [2013/02/27 08:52:41.663776, 10, pid=21845] modules/vfs_default.c:160(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share guru, directory /srv/samba/tmp [2013/02/27 08:52:41.663807, 1, pid=21845] smbd/service.c:1114(make_connection_snum) __1 (::1) connect to service guru initially as user nobody (uid=65534, gid=65533) (pid 21845) [2013/02/27 08:52:41.663844, 3, pid=21845] smbd/reply.c:871(reply_tcon_and_X) tconX service=GURU [2013/02/27 08:52:47.408163, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 50 [2013/02/27 08:52:47.408273, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x32 [2013/02/27 08:52:47.408315, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 3 of length 54 (0 toread) [2013/02/27 08:52:47.408357, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:47.408380, 5, pid=21845] lib/util.c:342(show_msg) size=50 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=4 smt_wct=0 smb_bcc=15 [2013/02/27 08:52:47.408611, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 04 5C 00 77 00 75 00 72 00 73 00 74 00 00 00 .\.w.u.r .s.t... [2013/02/27 08:52:47.408672, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBmkdir (pid 21845) conn 0x2b7b790 [2013/02/27 08:52:47.408727, 10, pid=21845] smbd/share_access.c:241(user_ok_token) user_ok_token: share guru is ok for unix user nobody [2013/02/27 08:52:47.408773, 10, pid=21845] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share guru is read-write for unix user nobody [2013/02/27 08:52:47.408835, 10, pid=21845] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/02/27 08:52:47.408888, 10, pid=21845] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/02/27 08:52:47.408935, 4, pid=21845] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2013/02/27 08:52:47.408978, 5, pid=21845] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (6): SID[ 0]: S-1-22-1-65534 SID[ 1]: S-1-22-2-65533 SID[ 2]: S-1-22-2-65534 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 Privileges (0x 0): Rights (0x 0): [2013/02/27 08:52:47.409168, 5, pid=21845] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 [2013/02/27 08:52:47.409271, 5, pid=21845] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65533) [2013/02/27 08:52:47.409319, 4, pid=21845] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /srv/samba/tmp [2013/02/27 08:52:47.409401, 5, pid=21845] smbd/filename.c:257(unix_convert) unix_convert called on file "wurst" [2013/02/27 08:52:47.409448, 10, pid=21845] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [WURST] [2013/02/27 08:52:47.409490, 5, pid=21845] smbd/filename.c:416(unix_convert) unix_convert begin: name = wurst, dirpath = , start = wurst [2013/02/27 08:52:47.409556, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled wurst ? [2013/02/27 08:52:47.409597, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component wurst (len 5) ? [2013/02/27 08:52:47.409639, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled wurst ? [2013/02/27 08:52:47.409679, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component wurst (len 5) ? [2013/02/27 08:52:47.409790, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled wurst ? [2013/02/27 08:52:47.409833, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component wurst (len 5) ? [2013/02/27 08:52:47.409874, 5, pid=21845] smbd/filename.c:781(unix_convert) New file wurst [2013/02/27 08:52:47.409915, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [wurst] [/srv/samba/tmp] [2013/02/27 08:52:47.409966, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [wurst] -> [/srv/samba/tmp/wurst] [2013/02/27 08:52:47.410007, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: wurst reduced to /srv/samba/tmp/wurst [2013/02/27 08:52:47.410051, 10, pid=21845] smbd/open.c:3613(create_file_default) create_file: access_mask = 0x80 file_attributes = 0x10, share_access = 0x0, create_disposition = 0x2 create_options = 0x1 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = wurst [2013/02/27 08:52:47.410103, 10, pid=21845] smbd/open.c:3137(create_file_unixpath) create_file_unixpath: access_mask = 0x80 file_attributes = 0x10, share_access = 0x0, create_disposition = 0x2 create_options = 0x1 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = wurst [2013/02/27 08:52:47.410152, 5, pid=21845] smbd/open.c:2609(open_directory) open_directory: opening directory wurst, access_mask = 0x80, share_access = 0x0 create_options = 0x1, create_disposition = 0x2, file_attributes = 0x10 [2013/02/27 08:52:47.410200, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [wurst] [/srv/samba/tmp] [2013/02/27 08:52:47.410250, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [wurst] -> [/srv/samba/tmp/wurst] [2013/02/27 08:52:47.410291, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: wurst reduced to /srv/samba/tmp/wurst [2013/02/27 08:52:47.410333, 3, pid=21845] smbd/dosmode.c:159(unix_mode) unix_mode(wurst) returning 0755 [2013/02/27 08:52:47.410569, 10, pid=21845] smbd/notify_internal.c:930(notify_trigger) notify_trigger called action=0x1, filter=0x2, path=/srv/samba/tmp/wurst [2013/02/27 08:52:47.410634, 5, pid=21845] smbd/files.c:140(file_new) allocated file structure 11802, fnum = 15898 (1 used) [2013/02/27 08:52:47.410689, 10, pid=21845] smbd/files.c:705(file_name_hash) file_name_hash: /srv/samba/tmp/wurst hash 0xa297fa68 [2013/02/27 08:52:47.410747, 10, pid=21845] smbd/open.c:196(fd_open) fd_open: name wurst, flags = 0200000 mode = 00, fd = 28. [2013/02/27 08:52:47.410801, 10, pid=21845] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 1400000000000000C6BD [2013/02/27 08:52:47.410851, 10, pid=21845] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b7fff0 [2013/02/27 08:52:47.410919, 10, pid=21845] locking/locking.c:801(unparse_share_modes) unparse_share_modes: owrt: Wed Feb 27 08:52:47 2013 CET cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num: 1 [2013/02/27 08:52:47.410986, 10, pid=21845] locking/locking.c:536(print_share_mode_table) print_share_mode_table: share_mode_entry[0]: pid = 21845, share_access = 0x0, private_options = 0x0, access_mask = 0x80, mid = 0x4, type= 0x0, gen_id = 1056019026, uid = 65534, flags = 0, file_id 14:228bdc6:0, name_hash = 0xa297fa68 [2013/02/27 08:52:47.411180, 10, pid=21845] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 1400000000000000C6BD [2013/02/27 08:52:47.411240, 10, pid=21845] smbd/open.c:3425(create_file_unixpath) create_file_unixpath: info=2 [2013/02/27 08:52:47.411282, 10, pid=21845] smbd/open.c:3701(create_file_default) create_file: info=2 [2013/02/27 08:52:47.411332, 10, pid=21845] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 1400000000000000C6BD [2013/02/27 08:52:47.411378, 10, pid=21845] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x2b80630 [2013/02/27 08:52:47.411420, 10, pid=21845] locking/locking.c:663(parse_share_modes) parse_share_modes: owrt: Wed Feb 27 08:52:47 2013 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, ntok: 0, num_share_modes: 1 [2013/02/27 08:52:47.411481, 10, pid=21845] locking/locking.c:725(parse_share_modes) parse_share_modes: share_mode_entry[0]: pid = 21845, share_access = 0x0, private_options = 0x0, access_mask = 0x80, mid = 0x4, type= 0x0, gen_id = 1056019026, uid = 65534, flags = 0, file_id 14:228bdc6:0, name_hash = 0xa297fa68 [2013/02/27 08:52:47.411530, 10, pid=21845] locking/locking.c:1656(get_delete_on_close_token) get_delete_on_close_token: name_hash = 0xa297fa68 [2013/02/27 08:52:47.411576, 10, pid=21845] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 1400000000000000C6BD [2013/02/27 08:52:47.411633, 10, pid=21845] locking/posix.c:516(get_windows_lock_ref_count) get_windows_lock_count for file wurst = 0 [2013/02/27 08:52:47.411680, 10, pid=21845] locking/posix.c:542(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file wurst [2013/02/27 08:52:47.411738, 5, pid=21845] smbd/files.c:482(file_free) freed files structure 15898 (0 used) [2013/02/27 08:52:47.411780, 5, pid=21845] smbd/reply.c:5547(reply_mkdir) create_directory returned NT_STATUS_OK [2013/02/27 08:52:47.411826, 3, pid=21845] smbd/reply.c:5568(reply_mkdir) mkdir wurst [2013/02/27 08:52:47.411869, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:47.411894, 5, pid=21845] lib/util.c:342(show_msg) size=35 smb_com=0x0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49155 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=4 smt_wct=0 smb_bcc=0 [2013/02/27 08:52:47.412057, 10, pid=21845] ../lib/util/util.c:415(dump_data) [2013/02/27 08:52:50.015960, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2013/02/27 08:52:50.016053, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2013/02/27 08:52:50.016093, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 4 of length 92 (0 toread) [2013/02/27 08:52:50.016137, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:50.016161, 5, pid=21845] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=5 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16644 (0x4104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 88 (0x58) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=23 [2013/02/27 08:52:50.016612, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 44 20 16 00 56 05 06 00 04 01 00 00 00 00 5C .D ..V.. .......\ [0010] 00 2A 00 00 00 00 00 .*..... [2013/02/27 08:52:50.016707, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 21845) conn 0x2b7b790 [2013/02/27 08:52:50.016751, 4, pid=21845] smbd/uid.c:345(change_to_user) Skipping user change - already user [2013/02/27 08:52:50.016806, 3, pid=21845] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16644 [2013/02/27 08:52:50.016873, 5, pid=21845] smbd/filename.c:257(unix_convert) unix_convert called on file "*" [2013/02/27 08:52:50.016919, 10, pid=21845] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [*] [2013/02/27 08:52:50.016961, 5, pid=21845] smbd/filename.c:416(unix_convert) unix_convert begin: name = *, dirpath = , start = * [2013/02/27 08:52:50.017004, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2013/02/27 08:52:50.017044, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2013/02/27 08:52:50.017086, 5, pid=21845] smbd/filename.c:609(unix_convert) Wildcard * [2013/02/27 08:52:50.017128, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [*] [/srv/samba/tmp] [2013/02/27 08:52:50.017196, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [*] -> [/srv/samba/tmp/*] [2013/02/27 08:52:50.017240, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: * reduced to /srv/samba/tmp/* [2013/02/27 08:52:50.017282, 5, pid=21845] smbd/trans2.c:2371(call_trans2findfirst) dir=., mask = * [2013/02/27 08:52:50.017328, 5, pid=21845] smbd/dir.c:439(dptr_create) dptr_create dir=. [2013/02/27 08:52:50.017370, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [.] [/srv/samba/tmp] [2013/02/27 08:52:50.017414, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [.] -> [/srv/samba/tmp] [2013/02/27 08:52:50.017455, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: . reduced to /srv/samba/tmp [2013/02/27 08:52:50.017510, 3, pid=21845] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path ., expect_close = 1 [2013/02/27 08:52:50.017552, 4, pid=21845] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2013/02/27 08:52:50.017594, 8, pid=21845] smbd/trans2.c:2448(call_trans2findfirst) dirpath=<.> dontdescend=<> [2013/02/27 08:52:50.017647, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b7c1b0 now at offset 0 [2013/02/27 08:52:50.017725, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./. [2013/02/27 08:52:50.017778, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:50.017822, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:50.017878, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:50.017920, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./. fname=. (.) [2013/02/27 08:52:50.017967, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16644 [2013/02/27 08:52:50.018010, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:50.018069, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b7c1b0 now at offset 2147483648 [2013/02/27 08:52:50.018120, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./.. [2013/02/27 08:52:50.018162, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:50.018203, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:50.018249, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:50.018291, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..) [2013/02/27 08:52:50.018335, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16548 [2013/02/27 08:52:50.018381, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:50.018444, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b7c1b0 now at offset 2147483647 [2013/02/27 08:52:50.018496, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./wurst [2013/02/27 08:52:50.018537, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:50.018578, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:50.018624, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:50.018665, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./wurst fname=wurst (wurst) [2013/02/27 08:52:50.018715, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16448 [2013/02/27 08:52:50.018758, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:50.018810, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b7c1b0 now at offset -1 [2013/02/27 08:52:50.018853, 5, pid=21845] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2013/02/27 08:52:50.018895, 4, pid=21845] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2013/02/27 08:52:50.018945, 9, pid=21845] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 300, useable_space = 65473 [2013/02/27 08:52:50.018987, 9, pid=21845] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 300, paramsize = 10, datasize = 300 [2013/02/27 08:52:50.019028, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:50.019051, 5, pid=21845] lib/util.c:342(show_msg) size=368 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49155 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=5 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 300 (0x12C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 300 (0x12C) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=313 [2013/02/27 08:52:50.019451, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 03 00 01 00 00 00 C4 00 00 00 60 00 00 ........ .....`.. [0010] 00 00 00 00 00 4D 62 1F A7 BE 14 CE 01 4D 62 1F .....Mb. .....Mb. [0020] A7 BE 14 CE 01 BB CE 02 6F BF 14 CE 01 BB CE 02 ........ o....... [0030] 6F BF 14 CE 01 00 00 00 00 00 00 00 00 00 00 00 o....... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 57 7A 9C A0 14 FE CD 01 57 7A 9C .....Wz. .....Wz. [0080] A0 14 FE CD 01 4D 62 1F A7 BE 14 CE 01 4D 62 1F .....Mb. .....Mb. [0090] A7 BE 14 CE 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 68 00 00 00 00 00 00 00 BB CE 02 6F BF 14 CE .h...... ....o... [00E0] 01 BB CE 02 6F BF 14 CE 01 BB CE 02 6F BF 14 CE ....o... ....o... [00F0] 01 BB CE 02 6F BF 14 CE 01 00 00 00 00 00 00 00 ....o... ........ [0100] 00 00 00 00 00 00 00 00 00 10 00 00 00 0A 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 ........ .......w [0130] 00 75 00 72 00 73 00 74 00 .u.r.s.t . [2013/02/27 08:52:50.020156, 4, pid=21845] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=* directory=. dirtype=22 numentries=3 [2013/02/27 08:52:50.020214, 10, pid=21845] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2013/02/27 08:52:51.679969, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 88 [2013/02/27 08:52:51.680072, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x58 [2013/02/27 08:52:51.680116, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 5 of length 92 (0 toread) [2013/02/27 08:52:51.680158, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:51.680182, 5, pid=21845] lib/util.c:342(show_msg) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=6 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16644 (0x4104) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 88 (0x58) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=23 [2013/02/27 08:52:51.680663, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 44 20 16 00 56 05 06 00 04 01 00 00 00 00 5C .D ..V.. .......\ [0010] 00 2A 00 00 00 00 00 .*..... [2013/02/27 08:52:51.680762, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 21845) conn 0x2b7b790 [2013/02/27 08:52:51.680805, 4, pid=21845] smbd/uid.c:345(change_to_user) Skipping user change - already user [2013/02/27 08:52:51.680852, 3, pid=21845] smbd/trans2.c:2286(call_trans2findfirst) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16644 [2013/02/27 08:52:51.680909, 5, pid=21845] smbd/filename.c:257(unix_convert) unix_convert called on file "*" [2013/02/27 08:52:51.680954, 10, pid=21845] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [*] [2013/02/27 08:52:51.680996, 5, pid=21845] smbd/filename.c:416(unix_convert) unix_convert begin: name = *, dirpath = , start = * [2013/02/27 08:52:51.681039, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled * ? [2013/02/27 08:52:51.681099, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component * (len 1) ? [2013/02/27 08:52:51.681141, 5, pid=21845] smbd/filename.c:609(unix_convert) Wildcard * [2013/02/27 08:52:51.681182, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [*] [/srv/samba/tmp] [2013/02/27 08:52:51.681234, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [*] -> [/srv/samba/tmp/*] [2013/02/27 08:52:51.681276, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: * reduced to /srv/samba/tmp/* [2013/02/27 08:52:51.681318, 5, pid=21845] smbd/trans2.c:2371(call_trans2findfirst) dir=., mask = * [2013/02/27 08:52:51.681364, 5, pid=21845] smbd/dir.c:439(dptr_create) dptr_create dir=. [2013/02/27 08:52:51.681404, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [.] [/srv/samba/tmp] [2013/02/27 08:52:51.681447, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [.] -> [/srv/samba/tmp] [2013/02/27 08:52:51.681488, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: . reduced to /srv/samba/tmp [2013/02/27 08:52:51.681538, 3, pid=21845] smbd/dir.c:578(dptr_create) creating new dirptr 256 for path ., expect_close = 1 [2013/02/27 08:52:51.681579, 4, pid=21845] smbd/trans2.c:2439(call_trans2findfirst) dptr_num is 256, wcard = *, attr = 22 [2013/02/27 08:52:51.681620, 8, pid=21845] smbd/trans2.c:2448(call_trans2findfirst) dirpath=<.> dontdescend=<> [2013/02/27 08:52:51.681676, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b615f0 now at offset 0 [2013/02/27 08:52:51.681742, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./. [2013/02/27 08:52:51.681774, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:51.681804, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:51.681846, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:51.681884, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./. fname=. (.) [2013/02/27 08:52:51.681918, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16644 [2013/02/27 08:52:51.681947, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:51.681994, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b615f0 now at offset 2147483648 [2013/02/27 08:52:51.682029, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./.. [2013/02/27 08:52:51.682058, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:51.682094, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:51.682126, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:51.682154, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./.. fname=.. (..) [2013/02/27 08:52:51.682185, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16548 [2013/02/27 08:52:51.682213, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:51.682260, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b615f0 now at offset 2147483647 [2013/02/27 08:52:51.682301, 8, pid=21845] smbd/dosmode.c:621(dos_mode) dos_mode: ./wurst [2013/02/27 08:52:51.682334, 8, pid=21845] smbd/dosmode.c:199(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2013/02/27 08:52:51.682366, 8, pid=21845] smbd/dosmode.c:672(dos_mode) dos_mode returning d [2013/02/27 08:52:51.682398, 10, pid=21845] locking/locking.c:1026(fetch_share_mode_unlocked) fetch_share_mode_unlocked: no share_mode record around (file not open) [2013/02/27 08:52:51.682426, 3, pid=21845] smbd/dir.c:1041(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[*] found ./wurst fname=wurst (wurst) [2013/02/27 08:52:51.682456, 10, pid=21845] smbd/trans2.c:1572(smbd_marshall_dir_entry) smbd_marshall_dir_entry: space_remaining = 16448 [2013/02/27 08:52:51.682485, 10, pid=21845] smbd/trans2.c:1721(smbd_marshall_dir_entry) smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO [2013/02/27 08:52:51.682529, 6, pid=21845] smbd/dir.c:969(smbd_dirptr_get_entry) smbd_dirptr_get_entry: dirptr 0x2b615f0 now at offset -1 [2013/02/27 08:52:51.682559, 5, pid=21845] smbd/trans2.c:2505(call_trans2findfirst) call_trans2findfirst - (2) closing dptr_num 256 [2013/02/27 08:52:51.682588, 4, pid=21845] smbd/dir.c:257(dptr_close_internal) closing dptr key 256 [2013/02/27 08:52:51.682630, 9, pid=21845] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 10, data_sent_thistime = 300, useable_space = 65473 [2013/02/27 08:52:51.682658, 9, pid=21845] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 10, data_to_send = 300, paramsize = 10, datasize = 300 [2013/02/27 08:52:51.682687, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:51.682715, 5, pid=21845] lib/util.c:342(show_msg) size=368 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49155 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 300 (0x12C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 300 (0x12C) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=313 [2013/02/27 08:52:51.683012, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 00 FD FF 03 00 01 00 00 00 C4 00 00 00 60 00 00 ........ .....`.. [0010] 00 00 00 00 00 4D 62 1F A7 BE 14 CE 01 4D 62 1F .....Mb. .....Mb. [0020] A7 BE 14 CE 01 BB CE 02 6F BF 14 CE 01 BB CE 02 ........ o....... [0030] 6F BF 14 CE 01 00 00 00 00 00 00 00 00 00 00 00 o....... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 57 7A 9C A0 14 FE CD 01 57 7A 9C .....Wz. .....Wz. [0080] A0 14 FE CD 01 4D 62 1F A7 BE 14 CE 01 4D 62 1F .....Mb. .....Mb. [0090] A7 BE 14 CE 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 68 00 00 00 00 00 00 00 BB CE 02 6F BF 14 CE .h...... ....o... [00E0] 01 BB CE 02 6F BF 14 CE 01 BB CE 02 6F BF 14 CE ....o... ....o... [00F0] 01 BB CE 02 6F BF 14 CE 01 00 00 00 00 00 00 00 ....o... ........ [0100] 00 00 00 00 00 00 00 00 00 10 00 00 00 0A 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 ........ .......w [0130] 00 75 00 72 00 73 00 74 00 .u.r.s.t . [2013/02/27 08:52:51.683529, 4, pid=21845] smbd/trans2.c:2549(call_trans2findfirst) SMBtrans2 mask=* directory=. dirtype=22 numentries=3 [2013/02/27 08:52:51.683564, 10, pid=21845] smbd/mangle_hash2.c:792(hash2_name_to_8_3) hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) [2013/02/27 08:52:54.328162, 10, pid=21845] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/02/27 08:52:54.328276, 6, pid=21845] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/02/27 08:52:54.328320, 3, pid=21845] smbd/process.c:1662(process_smb) Transaction 6 of length 80 (0 toread) [2013/02/27 08:52:54.328362, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:54.328386, 5, pid=21845] lib/util.c:342(show_msg) size=76 smb_com=0x7 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=7 smt_wct=1 smb_vwv[ 0]= 22 (0x16) smb_bcc=39 [2013/02/27 08:52:54.328633, 10, pid=21845] ../lib/util/util.c:415(dump_data) [0000] 04 5C 00 77 00 75 00 72 00 73 00 74 00 00 00 04 .\.w.u.r .s.t.... [0010] 00 5C 00 62 00 6C 00 75 00 74 00 77 00 75 00 72 .\.b.l.u .t.w.u.r [0020] 00 73 00 74 00 00 00 .s.t... [2013/02/27 08:52:54.328761, 3, pid=21845] smbd/process.c:1467(switch_message) switch message SMBmv (pid 21845) conn 0x2b7b790 [2013/02/27 08:52:54.328805, 4, pid=21845] smbd/uid.c:345(change_to_user) Skipping user change - already user [2013/02/27 08:52:54.328861, 5, pid=21845] smbd/filename.c:257(unix_convert) unix_convert called on file "wurst" [2013/02/27 08:52:54.328907, 10, pid=21845] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [WURST] [2013/02/27 08:52:54.328950, 5, pid=21845] smbd/filename.c:416(unix_convert) unix_convert begin: name = wurst, dirpath = , start = wurst [2013/02/27 08:52:54.329019, 5, pid=21845] smbd/statcache.c:143(stat_cache_add) stat_cache_add: Added entry (2b7f380:size 5) WURST -> wurst [2013/02/27 08:52:54.329068, 5, pid=21845] smbd/filename.c:439(unix_convert) conversion of base_name finished wurst -> wurst [2013/02/27 08:52:54.329110, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [wurst] [/srv/samba/tmp] [2013/02/27 08:52:54.329160, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [wurst] -> [/srv/samba/tmp/wurst] [2013/02/27 08:52:54.329201, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: wurst reduced to /srv/samba/tmp/wurst [2013/02/27 08:52:54.329243, 5, pid=21845] smbd/filename.c:257(unix_convert) unix_convert called on file "blutwurst" [2013/02/27 08:52:54.329285, 10, pid=21845] smbd/statcache.c:244(stat_cache_lookup) stat_cache_lookup: lookup failed for name [BLUTWURST] [2013/02/27 08:52:54.329327, 5, pid=21845] smbd/filename.c:416(unix_convert) unix_convert begin: name = blutwurst, dirpath = , start = blutwurst [2013/02/27 08:52:54.329389, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled blutwurst ? [2013/02/27 08:52:54.329430, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component blutwurst (len 9) ? [2013/02/27 08:52:54.329473, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled blutwurst ? [2013/02/27 08:52:54.329513, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component blutwurst (len 9) ? [2013/02/27 08:52:54.329578, 10, pid=21845] smbd/mangle_hash2.c:418(is_mangled) is_mangled blutwurst ? [2013/02/27 08:52:54.329621, 10, pid=21845] smbd/mangle_hash2.c:357(is_mangled_component) is_mangled_component blutwurst (len 9) ? [2013/02/27 08:52:54.329661, 5, pid=21845] smbd/filename.c:781(unix_convert) New file blutwurst [2013/02/27 08:52:54.329711, 3, pid=21845] smbd/vfs.c:905(check_reduced_name) check_reduced_name [blutwurst] [/srv/samba/tmp] [2013/02/27 08:52:54.329764, 10, pid=21845] smbd/vfs.c:969(check_reduced_name) check_reduced_name realpath [blutwurst] -> [/srv/samba/tmp/blutwurst] [2013/02/27 08:52:54.329805, 3, pid=21845] smbd/vfs.c:1039(check_reduced_name) check_reduced_name: blutwurst reduced to /srv/samba/tmp/blutwurst [2013/02/27 08:52:54.329846, 3, pid=21845] smbd/reply.c:6700(reply_mv) reply_mv : wurst -> blutwurst [2013/02/27 08:52:54.329896, 3, pid=21845] smbd/reply.c:6349(rename_internals) rename_internals: case_sensitive = 0, case_preserve = 1, short case preserve = 1, directory = wurst, newname = blutwurst, last_component_dest = blutwurst [2013/02/27 08:52:54.329944, 10, pid=21845] smbd/open.c:3613(create_file_default) create_file: access_mask = 0x10000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = wurst [2013/02/27 08:52:54.329991, 10, pid=21845] smbd/open.c:3137(create_file_unixpath) create_file_unixpath: access_mask = 0x10000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = wurst [2013/02/27 08:52:54.330044, 10, pid=21845] smbd/posix_acls.c:3440(posix_get_nt_acl) posix_get_nt_acl: called for file . [2013/02/27 08:52:54.330122, 10, pid=21845] smbd/posix_acls.c:2565(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2013/02/27 08:52:54.330166, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.330212, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-65533 gid 65533 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.330356, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-21-1406987565-2067085585-2387977275-501 uid 65534 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2013/02/27 08:52:54.330463, 10, pid=21845] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-1406987565-2067085585-2387977275-501 uid 65534 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-65533 gid 65533 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.330658, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2013/02/27 08:52:54.330719, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9 [2013/02/27 08:52:54.330766, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9 [2013/02/27 08:52:54.330818, 10, pid=21845] smbd/file_access.c:76(can_access_file_acl) can_access_file_acl for file . access_mask 0x40, access_granted 0x40 access DENIED [2013/02/27 08:52:54.330864, 1, pid=21845] ../librpc/ndr/ndr.c:247(ndr_print_debug) secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9004 (36868) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-1406987565-2067085585-2387977275-501 group_sid : * group_sid : S-1-22-2-65533 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0058 (88) num_aces : 0x00000003 (3) aces: ARRAY(3) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1406987565-2067085585-2387977275-501 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x001200a9 (1179817) object : union security_ace_object_ctr(case 0) trustee : S-1-22-2-65533 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001200a9 (1179817) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 [2013/02/27 08:52:54.332049, 10, pid=21845] smbd/posix_acls.c:3440(posix_get_nt_acl) posix_get_nt_acl: called for file wurst [2013/02/27 08:52:54.332115, 10, pid=21845] smbd/posix_acls.c:2565(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2013/02/27 08:52:54.332145, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.332177, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-65533 gid 65533 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.332252, 10, pid=21845] smbd/posix_acls.c:2578(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-21-1406987565-2067085585-2387977275-501 uid 65534 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2013/02/27 08:52:54.332324, 10, pid=21845] smbd/posix_acls.c:848(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-1406987565-2067085585-2387977275-501 uid 65534 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-65533 gid 65533 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2013/02/27 08:52:54.332472, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2013/02/27 08:52:54.332503, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9 [2013/02/27 08:52:54.332529, 10, pid=21845] smbd/posix_acls.c:1124(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9 [2013/02/27 08:52:54.332561, 10, pid=21845] smbd/file_access.c:76(can_access_file_acl) can_access_file_acl for file wurst access_mask 0x10000, access_granted 0x10000 access DENIED [2013/02/27 08:52:54.332589, 1, pid=21845] ../librpc/ndr/ndr.c:247(ndr_print_debug) secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9004 (36868) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-1406987565-2067085585-2387977275-501 group_sid : * group_sid : S-1-22-2-65533 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0058 (88) num_aces : 0x00000003 (3) aces: ARRAY(3) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1406987565-2067085585-2387977275-501 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x001200a9 (1179817) object : union security_ace_object_ctr(case 0) trustee : S-1-22-2-65533 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001200a9 (1179817) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 [2013/02/27 08:52:54.333544, 10, pid=21845] smbd/open.c:3183(create_file_unixpath) create_file_unixpath: open file wurst for delete ACCESS_DENIED [2013/02/27 08:52:54.333571, 10, pid=21845] smbd/open.c:3437(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2013/02/27 08:52:54.333597, 10, pid=21845] smbd/open.c:3710(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2013/02/27 08:52:54.333623, 3, pid=21845] smbd/reply.c:6402(rename_internals) Could not open rename source wurst: NT_STATUS_ACCESS_DENIED [2013/02/27 08:52:54.333653, 3, pid=21845] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(6710) cmd=7 (SMBmv) NT_STATUS_ACCESS_DENIED [2013/02/27 08:52:54.333681, 5, pid=21845] lib/util.c:332(show_msg) [2013/02/27 08:52:54.333696, 5, pid=21845] lib/util.c:342(show_msg) size=35 smb_com=0x7 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=49155 smb_tid=1 smb_pid=21844 smb_uid=0 smb_mid=7 smt_wct=0 smb_bcc=0 [2013/02/27 08:52:54.333985, 10, pid=21845] ../lib/util/util.c:415(dump_data)