[2013/04/29 08:37:06.890433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:37:06.891667, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:37:06.891763, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:37:06.891841, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 12 15 ....m... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.891994, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:37:06.892060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-1215765c0000 result : NT_STATUS_OK [2013/04/29 08:37:06.892411, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-1215765c0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:37:06.892864, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 12 15 ....m... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.893015, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:37:06.893114, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:06.893196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:37:06.893461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-1215765c0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:06.894132, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 12 15 ....m... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.894282, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:37:06.894355, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:37:06.894428, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 12 15 ....n... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.894578, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:37:06.894647, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-1215765c0000 result : NT_STATUS_OK [2013/04/29 08:37:06.894958, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-1215765c0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:37:06.895403, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:37:06.895473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 12 15 ....n... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.895620, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:37:06.895685, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:06.895762, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.895830, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:06.895895, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.895960, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.896024, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.896196, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:06.897343, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:37:06.897507, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:06.897579, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:06.897645, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:06.897726, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:06.897797, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:06.897953, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:37:06.898037, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:37:06.898114, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:37:06.898191, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:37:06.898266, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:37:06.898343, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:06.898421, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:37:06.898485, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:06.898564, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:37:06.898635, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.898715, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:06.898793, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:37:06.898862, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:06.898927, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:06.908203, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:06.917330, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:06.917513, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:37:06.917588, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.917671, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:06.917764, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:37:06.917841, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:37:06.917917, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:37:06.918003, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.918071, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.918136, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.918201, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.918300, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.918455, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 (-1367217426 seconds in the past) [2013/04/29 08:37:06.945606, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2013/04/29 08:37:06.945768, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=WEBDEALAUTO,dc=webdealauto,dc=com], filter => [(objectClass=sambaDomain)], scope => [0] [2013/04/29 08:37:06.946589, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2013/04/29 08:37:06.946751, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Mon Apr 29 08:38:06 2013 (60 seconds ahead) [2013/04/29 08:37:06.946935, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.947029, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:37:06.947136, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:37:06.947216, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:37:06.947292, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:37:06.947402, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:37:06.947480, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:37:06.947544, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:37:06.947626, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.947694, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.947760, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.947825, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.947946, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.948073, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Jan 1 01:00:00 1970 (-1367217426 seconds in the past) [2013/04/29 08:37:06.948223, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2013/04/29 08:37:06.948295, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=WEBDEALAUTO,dc=webdealauto,dc=com], filter => [(objectClass=sambaDomain)], scope => [0] [2013/04/29 08:37:06.948996, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2013/04/29 08:37:06.949157, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Mon Apr 29 08:38:06 2013 (60 seconds ahead) [2013/04/29 08:37:06.949322, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.949401, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:06.949467, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:06.949538, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:06.949647, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:37:06.949754, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.949823, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.949888, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.949953, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.950016, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.950140, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:37:06.950994, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:06.951207, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.951280, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:06.951369, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:37:06.951444, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:37:06.951530, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:37:06.951607, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:37:06.951684, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.951751, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.951817, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.951882, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.951945, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.952043, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:37:06.952115, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:37:06.952234, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:37:06.952300, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:37:06.952365, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.952428, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.952583, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:06.953868, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:37:06.954076, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:37:06.955166, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:06.955382, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.955487, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:37:06.955563, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.955634, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:37:06.955721, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.955788, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.955853, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.955918, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.955980, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.956111, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.956212, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:06.956280, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:06.956345, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:06.956410, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:06.956499, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.956581, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:06.956648, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:06.956717, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:06.956781, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:06.957060, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:06.957346, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:06.957444, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.957521, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:06.957591, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:37:06.957661, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.957726, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.957791, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.957856, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.957918, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.958038, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.958111, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:06.958184, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:37:06.958334, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:06.958435, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.958504, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.958569, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.958633, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.958696, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.958793, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:37:06.958865, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:37:06.958930, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:37:06.958995, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:37:06.959059, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.959121, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.959267, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:06.960658, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:37:06.960868, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:37:06.961957, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:06.962173, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.962255, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.962323, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:37:06.962409, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:06.962495, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:06.962582, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:37:06.962650, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:37:06.963215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-1215765c0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:37:06.963873, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 12 15 ....n... ....~Q.. [0010] 76 5C 00 00 v\.. [2013/04/29 08:37:06.964028, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:37:06.964103, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:37:06.964203, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.964272, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:06.964338, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.964404, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.964467, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.964574, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.964642, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.964707, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.964772, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.964835, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.964968, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.965041, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.965108, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.965173, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.965237, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.965300, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.965416, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.965504, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:06.965573, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:06.965639, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:06.965706, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:06.965777, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.965858, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:06.965945, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:06.966016, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:06.966080, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:06.966348, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:06.966588, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:06.966693, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:06.966771, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:06.966841, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:37:06.966910, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.966976, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:06.967041, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:06.967107, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:06.967169, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:06.967289, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:06.967362, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:06.967436, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:37:06.967643, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid (SID ERR) *** stack smashing detected ***: /usr/sbin/smbd terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f0ee1d04f07] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f0ee1d04ed0] /usr/sbin/smbd(+0x3d42ab)[0x7f0ee52602ab] [0x7f0ee6831320] ======= Memory map: ======== 7f0edf460000-7f0edf475000 r-xp 00000000 fe:00 351271 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f0edf475000-7f0edf675000 ---p 00015000 fe:00 351271 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f0edf675000-7f0edf676000 rw-p 00015000 fe:00 351271 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f0edf686000-7f0edf6da000 rw-s 00000000 fe:03 5046415 /var/run/samba/connections.tdb 7f0edf6da000-7f0edf6dd000 r-xp 00000000 fe:02 270363 /usr/lib/x86_64-linux-gnu/gconv/UTF-16.so 7f0edf6dd000-7f0edf8dc000 ---p 00003000 fe:02 270363 /usr/lib/x86_64-linux-gnu/gconv/UTF-16.so 7f0edf8dc000-7f0edf8dd000 r--p 00002000 fe:02 270363 /usr/lib/x86_64-linux-gnu/gconv/UTF-16.so 7f0edf8dd000-7f0edf8de000 rw-p 00003000 fe:02 270363 /usr/lib/x86_64-linux-gnu/gconv/UTF-16.so 7f0edf8de000-7f0edf8e0000 r-xp 00000000 fe:02 270544 /usr/lib/x86_64-linux-gnu/gconv/IBM850.so 7f0edf8e0000-7f0edfadf000 ---p 00002000 fe:02 270544 /usr/lib/x86_64-linux-gnu/gconv/IBM850.so 7f0edfadf000-7f0edfae0000 r--p 00001000 fe:02 270544 /usr/lib/x86_64-linux-gnu/gconv/IBM850.so 7f0edfae0000-7f0edfae1000 rw-p 00002000 fe:02 270544 /usr/lib/x86_64-linux-gnu/gconv/IBM850.so 7f0edfae1000-7f0edfb18000 rw-s 00000000 fe:03 5046405 /var/run/samba/messages.tdb 7f0edfb18000-7f0edfb26000 rw-s 00000000 fe:03 5046416 /var/run/samba/brlock.tdb 7f0edfb26000-7f0edfb49000 r--p 00000000 fe:02 233243 /usr/share/locale/fr/LC_MESSAGES/libc.mo 7f0edfb49000-7f0edfbb0000 rw-s 00000000 fe:03 16040008 /var/lib/samba/account_policy.tdb 7f0edfbb0000-7f0edfbb1000 rw-s 00000000 fe:03 12820514 /var/cache/samba/login_cache.tdb 7f0edfbb1000-7f0edfc19000 rw-s 00000000 fe:03 5046498 /var/run/samba/gencache_notrans.tdb 7f0edfc19000-7f0edfc81000 rw-s 00000000 fe:03 5046497 /var/run/samba/gencache.tdb 7f0edfc81000-7f0edfce8000 rw-s 00000000 fe:03 16040003 /var/lib/samba/share_info.tdb 7f0edfce8000-7f0edfcf3000 r-xp 00000000 fe:00 351296 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f0edfcf3000-7f0edfef2000 ---p 0000b000 fe:00 351296 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f0edfef2000-7f0edfef3000 r--p 0000a000 fe:00 351296 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f0edfef3000-7f0edfef4000 rw-p 0000b000 fe:00 351296 /lib/x86_64-linux-gnu/libnss_files-2.13.so 7f0edfef4000-7f0edff14000 r--s 00000000 fe:02 492491 /usr/share/samba/lowcase.dat 7f0edff14000-7f0edff34000 r--s 00000000 fe:02 494260 /usr/share/samba/upcase.dat 7f0edff34000-7f0edff9d000 rw-s 00000000 fe:03 16040001 /var/lib/samba/secrets.tdb 7f0edff9d000-7f0edffa0000 r-xp 00000000 fe:02 213936 /usr/lib/libgpg-error.so.0.4.0 7f0edffa0000-7f0ee019f000 ---p 00003000 fe:02 213936 /usr/lib/libgpg-error.so.0.4.0 7f0ee019f000-7f0ee01a0000 rw-p 00002000 fe:02 213936 /usr/lib/libgpg-error.so.0.4.0 7f0ee01a0000-7f0ee01de000 r-xp 00000000 fe:00 343492 /lib/libdbus-1.so.3.4.0 7f0ee01de000-7f0ee03de000 ---p 0003e000 fe:00 343492 /lib/libdbus-1.so.3.4.0 7f0ee03de000-7f0ee03df000 r--p 0003e000 fe:00 343492 /lib/libdbus-1.so.3.4.0 7f0ee03df000-7f0ee03e0000 rw-p 0003f000 fe:00 343492 /lib/libdbus-1.so.3.4.0 7f0ee03e0000-7f0ee03f1000 r-xp 00000000 fe:02 262652 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0 7f0ee03f1000-7f0ee05f0000 ---p 00011000 fe:02 262652 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0 7f0ee05f0000-7f0ee05f1000 r--p 00010000 fe:02 262652 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0 7f0ee05f1000-7f0ee05f2000 rw-p 00011000 fe:02 262652 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.0.0 7f0ee05f2000-7f0ee0666000 r-xp 00000000 fe:02 213938 /usr/lib/libgcrypt.so.11.5.3 7f0ee0666000-7f0ee0866000 ---p 00074000 fe:02 213938 /usr/lib/libgcrypt.so.11.5.3 7f0ee0866000-7f0ee086a000 rw-p 00074000 fe:02 213938 /usr/lib/libgcrypt.so.11.5.3 7f0ee086a000-7f0ee087a000 r-xp 00000000 fe:02 213108 /usr/lib/libtasn1.so.3.1.9 7f0ee087a000-7f0ee0a79000 ---p 00010000 fe:02 213108 /usr/lib/libtasn1.so.3.1.9 7f0ee0a79000-7f0ee0a7a000 rw-p 0000f000 fe:02 213108 /usr/lib/libtasn1.so.3.1.9 7f0ee0a7a000-7f0ee0afb000 r-xp 00000000 fe:00 351287 /lib/x86_64-linux-gnu/libm-2.13.so 7f0ee0afb000-7f0ee0cfa000 ---p 00081000 fe:00 351287 /lib/x86_64-linux-gnu/libm-2.13.so 7f0ee0cfa000-7f0ee0cfb000 r--p 00080000 fe:00 351287 /lib/x86_64-linux-gnu/libm-2.13.so 7f0ee0cfb000-7f0ee0cfc000 rw-p 00081000 fe:00 351287 /lib/x86_64-linux-gnu/libm-2.13.so 7f0ee0cfc000-7f0ee0d0c000 r-xp 00000000 fe:02 214020 /usr/lib/libavahi-client.so.3.2.7 7f0ee0d0c000-7f0ee0f0b000 ---p 00010000 fe:02 214020 /usr/lib/libavahi-client.so.3.2.7 7f0ee0f0b000-7f0ee0f0c000 rw-p 0000f000 fe:02 214020 /usr/lib/libavahi-client.so.3.2.7 7f0ee0f0c000-7f0ee0f18000 r-xp 00000000 fe:02 214018 /usr/lib/libavahi-common.so.3.5.2 7f0ee0f18000-7f0ee1117000 ---p 0000c000 fe:02 214018 /usr/lib/libavahi-common.so.3.5.2 7f0ee1117000-7f0ee1118000 rw-p 0000b000 fe:02 214018 /usr/lib/libavahi-common.so.3.5.2 7f0ee1118000-7f0ee111a000 r-xp 00000000 fe:00 343494 /lib/libkeyutils.so.1.3 7f0ee111a000-7f0ee1319000 ---p 00002000 fe:00 343494 /lib/libkeyutils.so.1.3 7f0ee1319000-7f0ee131a000 rw-p 00001000 fe:00 343494 /lib/libkeyutils.so.1.3 7f0ee131a000-7f0ee1322000 r-xp 00000000 fe:02 262677 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 7f0ee1322000-7f0ee1521000 ---p 00008000 fe:02 262677 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 7f0ee1521000-7f0ee1522000 r--p 00007000 fe:02 262677 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 7f0ee1522000-7f0ee1523000 rw-p 00008000 fe:02 262677 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1 7f0ee1523000-7f0ee153a000 r-xp 00000000 fe:00 351298 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f0ee153a000-7f0ee1739000 ---p 00017000 fe:00 351298 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f0ee1739000-7f0ee173a000 r--p 00016000 fe:00 351298 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f0ee173a000-7f0ee173b000 rw-p 00017000 fe:00 351298 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f0ee173b000-7f0ee173f000 rw-p 00000000 00:00 0 7f0ee173f000-7f0ee17f8000 r-xp 00000000 fe:02 263144 /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 7f0ee17f8000-7f0ee19f7000 ---p 000b9000 fe:02 263144 /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 7f0ee19f7000-7f0ee19fd000 r--p 000b8000 fe:02 263144 /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 7f0ee19fd000-7f0ee19ff000 rw-p 000be000 fe:02 263144 /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.4 7f0ee19ff000-7f0ee1a18000 r-xp 00000000 fe:02 213948 /usr/lib/libsasl2.so.2.0.23 7f0ee1a18000-7f0ee1c17000 ---p 00019000 fe:02 213948 /usr/lib/libsasl2.so.2.0.23 7f0ee1c17000-7f0ee1c18000 rw-p 00018000 fe:02 213948 /usr/lib/libsasl2.so.2.0.23 7f0ee1c18000-7f0ee1d95000 r-xp 00000000 fe:00 351280 /lib/x86_64-linux-gnu/libc-2.13.so 7f0ee1d95000-7f0ee1f95000 ---p 0017d000 fe:00 351280 /lib/x86_64-linux-gnu/libc-2.13.so 7f0ee1f95000-7f0ee1f99000 r--p 0017d000 fe:00 351280 /lib/x86_64-linux-gnu/libc-2.13.so 7f0ee1f99000-7f0ee1f9a000 rw-p 00181000 fe:00 351280 /lib/x86_64-linux-gnu/libc-2.13.so 7f0ee1f9a000-7f0ee1f9f000 rw-p 00000000 00:00 0 7f0ee1f9f000-7f0ee1fb6000 r-xp 00000000 fe:02 213018 /usr/lib/libz.so.1.2.3.4 7f0ee1fb6000-7f0ee21b5000 ---p 00017000 fe:02 213018 /usr/lib/libz.so.1.2.3.4 7f0ee21b5000-7f0ee21b6000 rw-p 00016000 fe:02 213018 /usr/lib/libz.so.1.2.3.4 7f0ee21b6000-7f0ee21c2000 r-xp 00000000 fe:02 262147 /usr/lib/x86_64-linux-gnu/libwbclient.so.0 7f0ee21c2000-7f0ee23c1000 ---p 0000c000 fe:02 262147 /usr/lib/x86_64-linux-gnu/libwbclient.so.0 7f0ee23c1000-7f0ee23c2000 r--p 0000b000 fe:02 262147 /usr/lib/x86_64-linux-gnu/libwbclient.so.0 7f0ee23c2000-7f0ee23c3000 rw-p 0000c000 fe:02 262147 /usr/lib/x86_64-linux-gnu/libwbclient.so.0 7f0ee23c3000-7f0ee23c4000 rw-p 00000000 00:00 0 7f0ee23c4000-7f0ee23d4000 r-xp 00000000 fe:02 262662 /usr/lib/x86_64-linux-gnu/libtdb.so.1.2.9 7f0ee23d4000-7f0ee25d4000 ---p 00010000 fe:02 262662 /usr/lib/x86_64-linux-gnu/libtdb.so.1.2.9 7f0ee25d4000-7f0ee25d5000 rw-p 00010000 fe:02 262662 /usr/lib/x86_64-linux-gnu/libtdb.so.1.2.9 7f0ee25d5000-7f0ee25e0000 r-xp 00000000 fe:02 262660 /usr/lib/x86_64-linux-gnu/libtalloc.so.2.0.7 7f0ee25e0000-7f0ee27df000 ---p 0000b000 fe:02 262660 /usr/lib/x86_64-linux-gnu/libtalloc.so.2.0.7 7f0ee27df000-7f0ee27e0000 rw-p 0000a000 fe:02 262660 /usr/lib/x86_64-linux-gnu/libtalloc.so.2.0.7 7f0ee27e0000-7f0ee27eb000 r-xp 00000000 fe:00 342347 /lib/libpopt.so.0.0.0 7f0ee27eb000-7f0ee29ea000 ---p 0000b000 fe:00 342347 /lib/libpopt.so.0.0.0 7f0ee29ea000-7f0ee29eb000 rw-p 0000a000 fe:00 342347 /lib/libpopt.so.0.0.0 7f0ee29eb000-7f0ee29f2000 r-xp 00000000 fe:00 351300 /lib/x86_64-linux-gnu/librt-2.13.so 7f0ee29f2000-7f0ee2bf1000 ---p 00007000 fe:00 351300 /lib/x86_64-linux-gnu/librt-2.13.so 7f0ee2bf1000-7f0ee2bf2000 r--p 00006000 fe:00 351300 /lib/x86_64-linux-gnu/librt-2.13.so 7f0ee2bf2000-7f0ee2bf3000 rw-p 00007000 fe:00 351300 /lib/x86_64-linux-gnu/librt-2.13.so 7f0ee2bf3000-7f0ee2bf5000 r-xp 00000000 fe:00 351294 /lib/x86_64-linux-gnu/libdl-2.13.so 7f0ee2bf5000-7f0ee2df5000 ---p 00002000 fe:00 351294 /lib/x86_64-linux-gnu/libdl-2.13.so 7f0ee2df5000-7f0ee2df6000 r--p 00002000 fe:00 351294 /lib/x86_64-linux-gnu/libdl-2.13.so 7f0ee2df6000-7f0ee2df7000 rw-p 00003000 fe:00 351294 /lib/x86_64-linux-gnu/libdl-2.13.so 7f0ee2df7000-7f0ee2e0c000 r-xp 00000000 fe:00 351290 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f0ee2e0c000-7f0ee300b000 ---p 00015000 fe:00 351290 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f0ee300b000-7f0ee300c000 r--p 00014000 fe:00 351290 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f0ee300c000-7f0ee300d000 rw-p 00015000 fe:00 351290 /lib/x86_64-linux-gnu/libnsl-2.13.so 7f0ee300d000-7f0ee300f000 rw-p 00000000 00:00 0 7f0ee300f000-7f0ee3022000 r-xp 00000000 fe:00 351281 /lib/x86_64-linux-gnu/libresolv-2.13.so 7f0ee3022000-7f0ee3221000 ---p 00013000 fe:00 351281 /lib/x86_64-linux-gnu/libresolv-2.13.so 7f0ee3221000-7f0ee3222000 r--p 00012000 fe:00 351281 /lib/x86_64-linux-gnu/libresolv-2.13.so 7f0ee3222000-7f0ee3223000 rw-p 00013000 fe:00 351281 /lib/x86_64-linux-gnu/libresolv-2.13.so 7f0ee3223000-7f0ee3225000 rw-p 00000000 00:00 0 7f0ee3225000-7f0ee3229000 r-xp 00000000 fe:00 343496 /lib/libcap.so.2.19 7f0ee3229000-7f0ee3428000 ---p 00004000 fe:00 343496 /lib/libcap.so.2.19 7f0ee3428000-7f0ee3429000 rw-p 00003000 fe:00 343496 /lib/libcap.so.2.19 7f0ee3429000-7f0ee342d000 r-xp 00000000 fe:00 351323 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f0ee342d000-7f0ee362c000 ---p 00004000 fe:00 351323 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f0ee362c000-7f0ee362d000 r--p 00003000 fe:00 351323 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f0ee362d000-7f0ee362e000 rw-p 00004000 fe:00 351323 /lib/x86_64-linux-gnu/libattr.so.1.1.0 7f0ee362e000-7f0ee3636000 r-xp 00000000 fe:00 351272 /lib/x86_64-linux-gnu/libacl.so.1.1.0 7f0ee3636000-7f0ee3835000 ---p 00008000 fe:00 351272 /lib/x86_64-linux-gnu/libacl.so.1.1.0 7f0ee3835000-7f0ee3836000 r--p 00007000 fe:00 351272 /lib/x86_64-linux-gnu/libacl.so.1.1.0 7f0ee3836000-7f0ee3837000 rw-p 00008000 fe:00 351272 /lib/x86_64-linux-gnu/libacl.so.1.1.0 7f0ee3837000-7f0ee3843000 r-xp 00000000 fe:00 342100 /lib/libpam.so.0.82.2 7f0ee3843000-7f0ee3a42000 ---p 0000c000 fe:00 342100 /lib/libpam.so.0.82.2 7f0ee3a42000-7f0ee3a43000 rw-p 0000b000 fe:00 342100 /lib/libpam.so.0.82.2 7f0ee3a43000-7f0ee3a4b000 r-xp 00000000 fe:00 351283 /lib/x86_64-linux-gnu/libcrypt-2.13.so 7f0ee3a4b000-7f0ee3c4a000 ---p 00008000 fe:00 351283 /lib/x86_64-linux-gnu/libcrypt-2.13.so 7f0ee3c4a000-7f0ee3c4b000 r--p 00007000 fe:00 351283 /lib/x86_64-linux-gnu/libcrypt-2.13.so 7f0ee3c4b000-7f0ee3c4c000 rw-p 00008000 fe:00 351283 /lib/x86_64-linux-gnu/libcrypt-2.13.so 7f0ee3c4c000-7f0ee3c7a000 rw-p 00000000 00:00 0 7f0ee3c7a000-7f0ee3ccd000 r-xp 00000000 fe:02 262168 /usr/lib/x86_64-linux-gnu/libcups.so.2 7f0ee3ccd000-7f0ee3ecc000 ---p 00053000 fe:02 262168 /usr/lib/x86_64-linux-gnu/libcups.so.2 7f0ee3ecc000-7f0ee3ed1000 r--p 00052000 fe:02 262168 /usr/lib/x86_64-linux-gnu/libcups.so.2 7f0ee3ed1000-7f0ee3ed2000 rw-p 00057000 fe:02 262168 /usr/lib/x86_64-linux-gnu/libcups.so.2 7f0ee3ed2000-7f0ee3ed5000 r-xp 00000000 fe:00 342121 /lib/libcom_err.so.2.1 7f0ee3ed5000-7f0ee40d4000 ---p 00003000 fe:00 342121 /lib/libcom_err.so.2.1 7f0ee40d4000-7f0ee40d5000 rw-p 00002000 fe:00 342121 /lib/libcom_err.so.2.1 7f0ee40d5000-7f0ee40fb000 r-xp 00000000 fe:02 262670 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 7f0ee40fb000-7f0ee42fb000 ---p 00026000 fe:02 262670 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 7f0ee42fb000-7f0ee42fc000 r--p 00026000 fe:02 262670 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 7f0ee42fc000-7f0ee42fd000 rw-p 00027000 fe:02 262670 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 7f0ee42fd000-7f0ee42fe000 rw-p 00000000 00:00 0 7f0ee42fe000-7f0ee43c7000 r-xp 00000000 fe:02 262672 /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 7f0ee43c7000-7f0ee45c6000 ---p 000c9000 fe:02 262672 /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 7f0ee45c6000-7f0ee45d0000 r--p 000c8000 fe:02 262672 /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 7f0ee45d0000-7f0ee45d2000 rw-p 000d2000 fe:02 262672 /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 7f0ee45d2000-7f0ee460e000 r-xp 00000000 fe:02 262668 /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 7f0ee460e000-7f0ee480e000 ---p 0003c000 fe:02 262668 /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 7f0ee480e000-7f0ee480f000 r--p 0003c000 fe:02 262668 /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 7f0ee480f000-7f0ee4811000 rw-p 0003d000 fe:02 262668 /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 7f0ee4811000-7f0ee481e000 r-xp 00000000 fe:02 213950 /usr/lib/liblber-2.4.so.2.5.6 7f0ee481e000-7f0ee4a1e000 ---p 0000d000 fe:02 213950 /usr/lib/liblber-2.4.so.2.5.6 7f0ee4a1e000-7f0ee4a1f000 rw-p 0000d000 fe:02 213950 /usr/lib/liblber-2.4.so.2.5.6 7f0ee4a1f000-7f0ee4a66000 r-xp 00000000 fe:02 213951 /usr/lib/libldap_r-2.4.so.2.5.6 7f0ee4a66000-7f0ee4c65000 ---p 00047000 fe:02 213951 /usr/lib/libldap_r-2.4.so.2.5.6 7f0ee4c65000-7f0ee4c68000 rw-p 00046000 fe:02 213951 /usr/lib/libldap_r-2.4.so.2.5.6 7f0ee4c68000-7f0ee4c6a000 rw-p 00000000 00:00 0 7f0ee4c6a000-7f0ee4c8a000 r-xp 00000000 fe:00 351302 /lib/x86_64-linux-gnu/ld-2.13.so 7f0ee4c98000-7f0ee4c9b000 rw-s 00000000 fe:03 5046460 /var/run/samba/printer_list.tdb 7f0ee4c9b000-7f0ee4c9d000 rw-s 00000000 fe:03 5046408 /var/run/samba/serverid.tdb 7f0ee4c9d000-7f0ee4ca7000 rw-s 00000000 fe:03 5046437 /var/run/samba/locking.tdb 7f0ee4ca7000-7f0ee4cae000 r--s 00000000 fe:02 270452 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache 7f0ee4caf000-7f0ee4ccf000 r--s 00000000 fe:02 492491 /usr/share/samba/lowcase.dat 7f0ee4ccf000-7f0ee4cef000 r--s 00000000 fe:02 494260 /usr/share/samba/upcase.dat 7f0ee4cef000-7f0ee4e66000 r--p 00000000 fe:02 213047 /usr/lib/locale/locale-archive 7f0ee4e66000-7f0ee4e77000 rw-p 00000000 00:00 0 7f0ee4e77000-7f0ee4e78000 rw-s 00000000 fe:03 5046448 /var/run/samba/notify_onelevel.tdb 7f0ee4e78000-7f0ee4e79000 rw-s 00000000 fe:03 5046444 /var/run/samba/notify.tdb 7f0ee4e84000-7f0ee4e85000 rw-s 00000000 fe:03 5046414 /var/run/samba/sessionid.tdb 7f0ee4e85000-7f0ee4e86000 rw-s 00000000 fe:03 16040034 /var/lib/samba/schannel_store.tdb 7f0ee4e87000-7f0ee4e89000 rw-p 00000000 00:00 0 7f0ee4e89000-7f0ee4e8a000 r--p 0001f000 fe:00 351302 /lib/x86_64-linux-gnu/ld-2.13.so 7f0ee4e8a000-7f0ee4e8b000 rw-p 00020000 fe:00 351302 /lib/x86_64-linux-gnu/ld-2.13.so 7f0ee4e8b000-7f0ee4e8c000 rw-p 00000000 00:00 0 7f0ee4e8c000-7f0ee57f8000 r-xp 00000000 fe:02 131446 /usr/sbin/smbd 7f0ee59f7000-7f0ee5a27000 r--p 0096b000 fe:02 131446 /usr/sbin/smbd 7f0ee5a27000-7f0ee5a34000 rw-p 0099b000 fe:02 131446 /usr/sbin/smbd 7f0ee5a34000-7f0ee5a36000 rw-p 00000000 00:00 0 7f0ee67ea000-7f0ee686b000 rw-p 00000000 00:00 0 [heap] 7fff68000000-7fff68015000 rw-p 00000000 00:00 0 [stack] 7fff68073000-7fff68074000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] [2013/04/29 08:37:06.970457, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:37:06.970576, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 6 in pid 23670 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:37:06.970671, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:37:06.970758, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:37:06.970822, 0] lib/util.c:1117(smb_panic) PANIC (pid 23670): internal error [2013/04/29 08:37:06.973407, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 11 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x35) [0x7f0ee1c4a475] #5 /lib/x86_64-linux-gnu/libc.so.6(abort+0x180) [0x7f0ee1c4d6f0] #6 /lib/x86_64-linux-gnu/libc.so.6(+0x6c2fb) [0x7f0ee1c842fb] #7 /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37) [0x7f0ee1d04f07] #8 /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0) [0x7f0ee1d04ed0] #9 /usr/sbin/smbd(+0x3d42ab) [0x7f0ee52602ab] #10 [0x7f0ee6831320] [2013/04/29 08:37:06.973823, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23670] [2013/04/29 08:37:09.005448, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:37:09.005656, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:37:09.347110, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:37:09.347274, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:37:09.347349, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:37:09.347418, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:37:09.347486, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:37:09.347639, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:37:09.347706, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:37:09.347807, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:37:09.347886, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:37:09.347985, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:37:09.348053, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:37:09.348116, 5] ../lib/util/util.c:415(dump_data) [0000] C3 BF A9 57 AB 88 44 CC ...W..D. [2013/04/29 08:37:09.348228, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:37:09.348316, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:37:09.348383, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:37:09.348453, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:37:09.348663, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:37:09.348747, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.348865, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.348934, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.348999, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.349062, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.349212, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:37:09.349324, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:37:09.349395, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:37:09.349632, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:37:09.349706, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:37:09.351618, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:37:09.351805, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:37:09.352888, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:37:09.353114, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.353187, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:37:09.353325, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:37:09.353399, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.353472, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.353540, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.353607, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.353674, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.353796, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:37:09.354695, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:37:09.354910, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.354985, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:37:09.355059, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.355127, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.355192, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.355257, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.355320, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.355518, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:37:09.355594, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.355660, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.355724, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.355788, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.355851, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.355973, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:37:09.357118, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:37:09.357314, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.357384, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:37:09.357473, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:37:09.357552, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.357621, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.357687, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.357752, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.357816, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.357879, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.358113, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:37:09.359362, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.359549, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:37:09.359638, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:37:09.359725, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:37:09.359849, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:37:09.359951, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:37:09.360032, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:37:09.360371, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:37:09.360448, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.360525, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.360591, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.360656, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.360718, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.360826, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:37:09.360907, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.360973, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.361037, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.361101, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.361163, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.361260, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:37:09.361327, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:09.361391, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:09.361680, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:09.361783, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:37:09.361865, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:37:09.361935, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:09.362007, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:37:09.362080, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:37:09.362187, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.362263, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:09.362328, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:09.362396, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:09.362470, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.362536, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:37:09.362611, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.362676, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.362761, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.362829, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.362891, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.362990, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:37:09.363059, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.363124, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.363188, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.363253, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.363316, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.363412, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:37:09.363478, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:09.363542, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:09.363608, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:09.363672, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:37:09.363739, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:37:09.363805, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:09.363875, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:37:09.363947, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:37:09.364054, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.364127, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:09.364211, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:09.364277, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:09.364351, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.364418, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:37:09.364502, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.364569, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.364632, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.364696, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.364759, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.364858, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:37:09.364928, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.364993, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.365058, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.365142, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.365207, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.365363, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.366651, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:37:09.366858, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:37:09.367936, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:37:09.368188, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.368274, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.368342, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:37:09.368428, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.368503, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.368570, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.368635, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.368698, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.368797, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:37:09.368869, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.368935, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.368999, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.369063, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.369125, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.369275, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.370479, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:37:09.370686, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:37:09.371599, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:37:09.371792, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.371863, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:37:09.371936, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.372002, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:37:09.372113, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.372234, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.372299, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.372364, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.372427, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.372533, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:37:09.372604, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.372669, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.372733, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.372796, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.372860, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.373009, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.374234, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:37:09.374441, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:37:09.375464, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:37:09.375656, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.375726, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:37:09.375797, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.375863, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:37:09.375941, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.376007, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.376072, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.376179, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.376246, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.376364, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:37:09.377314, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:37:09.377499, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.377568, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:37:09.377643, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:37:09.377750, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.377817, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.377881, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.377944, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.378006, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.378124, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:37:09.379030, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:37:09.379220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.379290, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:37:09.379362, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:37:09.379435, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.379501, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.379565, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.379629, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.379692, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.379812, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:37:09.380777, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:37:09.380970, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.381039, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:37:09.381112, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:37:09.381184, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:37:09.381255, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:37:09.381322, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:37:09.381387, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:37:09.381463, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:09.381821, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:09.381946, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:37:09.382042, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:37:09.382110, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:37:09.382193, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:37:09.382257, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:37:09.382599, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:37:09.382669, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:37:09.382734, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:37:09.382848, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:37:09.383023, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.383064, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:37:09.383485, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:37:09.384997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:37:09.385167, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:37:09.385235, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:37:09.385300, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.385339, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:37:09.385760, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:37:09.385969, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23694) conn 0x0 [2013/04/29 08:37:09.386036, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.386102, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.386164, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.386267, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:09.386358, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:37:09.386487, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:37:09.386599, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:37:09.386687, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:09.386755, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:09.387019, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:09.387130, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:09.387202, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:37:09.387314, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:37:09.387392, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:37:09.387470, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:37:09.387542, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:37:09.387608, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:37:09.387676, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:37:09.387742, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:37:09.387805, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:37:09.387873, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:37:09.387975, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:37:09.388179, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 8E5C0000FFFFFFFF2D9A [2013/04/29 08:37:09.388317, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:37:09.388435, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 8E5C0000FFFFFFFF2D9A [2013/04/29 08:37:09.388695, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:09.388778, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:37:09.388853, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:37:09.388938, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:37:09.389014, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:37:09.389093, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:37:09.389158, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:37:09.389228, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.389296, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.389361, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.389426, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.389490, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.389640, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.390423, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:37:09.390607, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.390680, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.390747, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.390812, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.390877, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.390941, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.391065, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:37:09.392025, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:37:09.392231, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.392314, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:37:09.392381, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:37:09.392499, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:37:09.392569, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:37:09.392841, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:37:09.393109, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:37:09.393207, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:37:09.393275, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:37:09.393365, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.393438, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:09.393796, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:09.393926, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:37:09.394003, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.394068, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.394131, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.394231, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:09.394316, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:09.394406, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23694) [2013/04/29 08:37:09.394524, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:37:09.395356, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:37:09.395532, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:37:09.395602, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:37:09.395669, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.395709, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:37:09.396647, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:37:09.396839, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.396921, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:09.396994, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:09.397353, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:09.397490, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:37:09.397571, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:37:09.397661, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:37:09.397742, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:37:09.397831, 5] smbd/files.c:140(file_new) allocated file structure 2459, fnum = 6555 (1 used) [2013/04/29 08:37:09.397921, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:37:09.398019, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:37:09.398118, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:37:09.398185, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:37:09.398266, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:37:09.398340, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:37:09.399289, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:37:09.399484, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:37:09.399555, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:37:09.399620, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.399660, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:37:09.400354, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 9B 19 ED 03 ....... [2013/04/29 08:37:09.400452, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.400530, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.400623, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:37:09.400694, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:37:09.400761, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.400817, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:37:09.401380, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:37:09.402432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:37:09.402594, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:37:09.402662, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:37:09.402727, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.402766, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1024 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:37:09.403426, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 04 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:37:09.404128, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.404214, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.404290, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 199b name: NETLOGON len: 160 [2013/04/29 08:37:09.404360, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:37:09.404429, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:37:09.404504, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:37:09.404571, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:09.404638, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:09.404703, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:37:09.404767, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:37:09.404864, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:09.404929, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:37:09.404993, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:37:09.405065, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:09.405161, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:37:09.406788, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:37:09.406865, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:37:09.406935, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:37:09.407001, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:37:09.407070, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:37:09.407177, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:37:09.408105, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:37:09.408214, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:37:09.409073, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:37:09.409285, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:37:09.409355, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:37:09.409421, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.409459, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:09.410103, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:09.410148, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.410215, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.410296, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:37:09.410369, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:37:09.410441, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:37:09.410542, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:37:09.410610, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:37:09.411655, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:37:09.411817, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:37:09.411886, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:37:09.411950, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.411989, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:37:09.412676, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 73 4C E3 BC 8B C9 53 CB 00 00 FF FF 2F ...sL... .S...../ [0080] 61 a [2013/04/29 08:37:09.413252, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.413321, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.413390, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 199b name: NETLOGON len: 128 [2013/04/29 08:37:09.413459, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:37:09.413527, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:37:09.413591, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:37:09.413657, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:09.413725, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:09.413790, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:09.413883, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:37:09.413953, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:09.414018, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:09.414081, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:37:09.414149, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:09.414226, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 73 4C E3 BC 8B C9 C.O.M.1. ..sL.... [0060] 53 CB 00 00 FF FF 2F 61 S...../a [2013/04/29 08:37:09.415426, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:37:09.415491, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:37:09.415558, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:37:09.415629, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:37:09.415704, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:37:09.415793, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 734ce3bc8bc953cb negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:37:09.417080, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:37:09.417148, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:37:09.418250, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:37:09.418324, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:37:09.418412, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:37:09.419043, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:37:09.419236, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:37:09.419305, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:37:09.419371, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.419410, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:09.420019, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:09.420065, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.420133, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.420232, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:37:09.420305, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:37:09.420398, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:37:09.421257, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:37:09.421346, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:37:09.421414, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:37:09.422434, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 154 [2013/04/29 08:37:09.422597, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9a [2013/04/29 08:37:09.422665, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 158 (0 toread) [2013/04/29 08:37:09.422730, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.422769, 5] lib/util.c:342(show_msg) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2013/04/29 08:37:09.423420, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 05 00 00 ........ .Z...... [0010] 00 42 00 00 00 00 00 04 00 00 00 02 00 08 00 00 .B...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 07 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 00 00 1D 9F AB EC F1 18 E3 BA ........ ... [2013/04/29 08:37:09.423843, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.423912, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.423982, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 199b name: NETLOGON len: 90 [2013/04/29 08:37:09.424051, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 90 [2013/04/29 08:37:09.424119, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 90 [2013/04/29 08:37:09.424199, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 90 [2013/04/29 08:37:09.424266, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:09.424333, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:09.424398, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:37:09.424461, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 74 [2013/04/29 08:37:09.424540, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:09.424603, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:37:09.424667, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 74, incoming data = 74 [2013/04/29 08:37:09.424735, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:09.424828, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005a (90) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000042 (66) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=66 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 00 00 1D 9F AB EC F1 18 C.O.M.1. ........ [0040] E3 BA .. [2013/04/29 08:37:09.425955, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:37:09.426021, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:37:09.426108, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:37:09.426179, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/04/29 08:37:09.426250, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x7f0ee5152500 [2013/04/29 08:37:09.426331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAMBI' computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 1d9fabecf118e3ba [2013/04/29 08:37:09.426640, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 0c65cae0ea13b779 result : NT_STATUS_OK [2013/04/29 08:37:09.426862, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:37:09.426934, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 74 [2013/04/29 08:37:09.427020, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=90 [2013/04/29 08:37:09.427642, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:37:09.427803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:37:09.427872, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2013/04/29 08:37:09.427936, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.427974, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:09.428606, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:09.428651, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.428719, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.428793, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:37:09.428884, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2013/04/29 08:37:09.428971, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 0C 65 CA E0 EA 13 B7 79 00 00 00 00 .e.....y .... [2013/04/29 08:37:09.429698, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:37:09.429786, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2013/04/29 08:37:09.429853, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2013/04/29 08:37:09.430815, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:37:09.430977, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:37:09.431044, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 196 (0 toread) [2013/04/29 08:37:09.431109, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:09.431148, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1408 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6555 (0x199B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:37:09.431800, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 06 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 C1 61 8B 24 6F 96 7E 4D 00 00 FF FF 2F ....a.$o .~M..../ [0080] 61 a [2013/04/29 08:37:09.432368, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23694) conn 0x7f0ee6822210 [2013/04/29 08:37:09.432436, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:09.432505, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 199b name: NETLOGON len: 128 [2013/04/29 08:37:09.432574, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:37:09.432641, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:37:09.432705, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:37:09.432771, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:09.432879, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:09.432945, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:09.433009, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:37:09.433078, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:09.433141, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:09.433204, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:37:09.433304, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:09.433433, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 C1 61 8B 24 6F 96 C.O.M.1. ...a.$o. [0060] 7E 4D 00 00 FF FF 2F 61 ~M..../a [2013/04/29 08:37:09.434614, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:37:09.434679, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:37:09.434746, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:37:09.434816, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:37:09.434888, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:37:09.434965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : c1618b246f967e4d negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:37:09.436201, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/04/29 08:37:09.436287, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/04/29 08:37:09.436353, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/04/29 08:37:09.436431, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/04/29 08:37:09.436502, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.436574, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:09.436639, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.436704, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.436768, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.436948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:37:09.437326, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:37:09.437416, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:37:09.437493, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 15 15 ....m... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.437642, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:37:09.437708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-15158e5c0000 result : NT_STATUS_OK [2013/04/29 08:37:09.438032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-15158e5c0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:37:09.438469, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 15 15 ....m... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.438619, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:37:09.438718, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:09.438799, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:37:09.439061, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-15158e5c0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:09.439703, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 15 15 ....m... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.439852, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:37:09.439924, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:37:09.439997, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 15 15 ....n... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.440161, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:37:09.440231, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-15158e5c0000 result : NT_STATUS_OK [2013/04/29 08:37:09.440540, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-15158e5c0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:37:09.441018, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:37:09.441087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 15 15 ....n... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.441234, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:37:09.441299, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:37:09.441375, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.441442, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.441506, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.441571, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.441634, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.441790, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.442810, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:37:09.442959, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:09.443031, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:09.443098, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:09.443180, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:09.443251, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:09.443355, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:37:09.443433, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:37:09.443510, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:37:09.443587, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:37:09.443661, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:37:09.443738, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:09.443816, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:37:09.443882, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:09.443960, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:37:09.444031, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.444177, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:09.444262, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:37:09.444331, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:09.444396, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:09.444673, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:09.445054, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:09.445175, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:37:09.445248, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.445331, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:09.445427, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:37:09.445508, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:37:09.445587, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:37:09.445677, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.445747, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.445814, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.445881, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.445946, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.446096, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.446189, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:37:09.446291, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:37:09.446372, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:37:09.446449, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:37:09.446562, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:37:09.446644, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:37:09.446710, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:37:09.446793, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.446861, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.446927, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.446993, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.447057, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.447181, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.447255, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:09.447320, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:09.447420, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:09.447530, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:37:09.447598, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.447664, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.447729, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.447793, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.447857, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.447982, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:37:09.448934, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:09.449144, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.449216, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:09.449306, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:37:09.449381, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:37:09.449467, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:37:09.449544, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:37:09.449621, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.449690, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.449756, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.449822, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.449886, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.449985, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:37:09.450058, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:37:09.450123, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:37:09.450189, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:37:09.450254, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.450318, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.450469, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.451670, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:37:09.451879, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:37:09.453104, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:09.453316, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.453391, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:37:09.453465, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.453538, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:37:09.453625, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.453692, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.453758, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.453823, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.453886, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.454025, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.454122, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:09.454189, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:09.454254, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:09.454319, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:09.454389, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.454469, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:09.454536, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:09.454606, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:09.454670, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:09.454940, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:09.455221, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:09.455321, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.455398, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:09.455467, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:37:09.455537, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.455604, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.455669, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.455735, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.455797, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.455920, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.455993, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:09.456066, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:37:09.456277, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:09.456356, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.456424, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.456494, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.456562, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.456625, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.456724, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:37:09.456796, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:37:09.456864, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:37:09.456930, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:37:09.456995, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.457057, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.457203, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:09.458431, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:37:09.458641, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:37:09.459711, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:37:09.459924, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.460006, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.460075, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:37:09.460214, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:37:09.460302, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:09.460387, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:37:09.460453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:37:09.461030, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-15158e5c0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:37:09.461686, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 15 15 ....n... ....~Q.. [0010] 8E 5C 00 00 .\.. [2013/04/29 08:37:09.461840, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:37:09.461915, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:37:09.461983, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.462050, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:09.462115, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.462180, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.462243, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.462345, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.462414, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.462478, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.462543, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.462605, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.462741, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.462815, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.462881, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.462945, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.463009, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.463071, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.463191, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.463278, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:37:09.463346, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:09.463413, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:37:09.463480, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:37:09.463569, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.463653, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:37:09.463723, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:37:09.463792, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:37:09.463856, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:37:09.464161, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:37:09.464449, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:37:09.464558, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:37:09.464638, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:37:09.464707, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:37:09.464777, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.464845, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:37:09.464911, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:37:09.464976, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:09.465040, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:09.465166, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:09.465239, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:37:09.465313, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:37:09.465429, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:37:09.465499, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 23694 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:37:09.465589, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:37:09.465673, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:37:09.465737, 0] lib/util.c:1117(smb_panic) PANIC (pid 23694): internal error [2013/04/29 08:37:09.471685, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /usr/sbin/smbd(tcopy_passwd+0x22) [0x7f0ee5295e22] #5 /usr/sbin/smbd(pdb_copy_sam_account+0x76) [0x7f0ee525ada6] #6 /usr/sbin/smbd(pdb_getsampwsid+0xa5) [0x7f0ee525df85] #7 /usr/sbin/smbd(_samr_OpenUser+0x161) [0x7f0ee5195441] #8 /usr/sbin/smbd(+0x319625) [0x7f0ee51a5625] #9 /usr/sbin/smbd(+0x329f76) [0x7f0ee51b5f76] #10 /usr/sbin/smbd(dcerpc_binding_handle_raw_call_send+0x9e) [0x7f0ee532f4ee] #11 /usr/sbin/smbd(dcerpc_binding_handle_call_send+0x258) [0x7f0ee532fcd8] #12 /usr/sbin/smbd(dcerpc_binding_handle_call+0x77) [0x7f0ee532fe07] #13 /usr/sbin/smbd(dcerpc_samr_OpenUser_r+0x1d) [0x7f0ee522907d] #14 /usr/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x7f0ee52292ad] #15 /usr/sbin/smbd(+0x2bc33b) [0x7f0ee514833b] #16 /usr/sbin/smbd(_netr_ServerAuthenticate3+0x222) [0x7f0ee5149332] #17 /usr/sbin/smbd(+0x2c2826) [0x7f0ee514e826] #18 /usr/sbin/smbd(+0x325e55) [0x7f0ee51b1e55] #19 /usr/sbin/smbd(process_complete_pdu+0x89b) [0x7f0ee51b35bb] #20 /usr/sbin/smbd(process_incoming_data+0x118) [0x7f0ee51b4448] #21 /usr/sbin/smbd(np_write_send+0x150) [0x7f0ee51b4b20] #22 /usr/sbin/smbd(reply_pipe_write_and_X+0x165) [0x7f0ee4fca075] #23 /usr/sbin/smbd(reply_write_and_X+0x348) [0x7f0ee4fd38d8] #24 /usr/sbin/smbd(+0x18a08c) [0x7f0ee501608c] #25 /usr/sbin/smbd(+0x18a492) [0x7f0ee5016492] #26 /usr/sbin/smbd(+0x18a8d1) [0x7f0ee50168d1] #27 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #28 /usr/sbin/smbd(smbd_process+0x84a) [0x7f0ee501803a] #29 /usr/sbin/smbd(+0x69f443) [0x7f0ee552b443] #30 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #31 /usr/sbin/smbd(+0x440eaa) [0x7f0ee52cceaa] #32 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7f0ee52cda10] #33 /usr/sbin/smbd(main+0xf30) [0x7f0ee4f96850] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f0ee1c36ead] #35 /usr/sbin/smbd(+0x10ac8d) [0x7f0ee4f96c8d] [2013/04/29 08:37:09.472002, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23694] [2013/04/29 08:37:10.299233, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:37:10.299444, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:37:10.612396, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:37:10.612574, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:37:10.612648, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:37:10.612718, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:37:10.612787, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:37:10.612866, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:37:10.612931, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:37:10.612995, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:37:10.613064, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:37:10.613129, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:37:10.613194, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:37:10.613258, 5] ../lib/util/util.c:415(dump_data) [0000] 6A 70 56 3B F9 B2 1E FC jpV;.... [2013/04/29 08:37:10.613358, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:37:10.613444, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:37:10.613511, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:37:10.613582, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:37:10.613778, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:37:10.613861, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.613931, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.613995, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.614060, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.614153, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.614303, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:37:10.614413, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:37:10.614483, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:37:10.614709, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:37:10.614781, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:37:10.616810, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:37:10.617009, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:37:10.618053, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:37:10.618273, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.618345, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:37:10.618483, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:37:10.618557, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.618625, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.618690, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.618755, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.618818, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.618935, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:37:10.619914, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:37:10.620106, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.620203, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:37:10.620278, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.620345, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.620410, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.620477, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.620545, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.620737, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:37:10.620812, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.620880, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.620944, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.621009, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.621107, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.621226, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:37:10.622160, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:37:10.622348, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.622418, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:37:10.622506, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:37:10.622584, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.622653, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.622719, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.622784, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.622849, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.622913, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.623149, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:37:10.624377, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.624575, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:37:10.624664, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:37:10.624749, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:37:10.624839, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:37:10.624942, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:37:10.625021, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:37:10.625302, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:37:10.625377, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.625445, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.625509, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.625573, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.625635, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.625739, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:37:10.625818, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.625914, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.625981, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.626046, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.626107, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.626203, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:37:10.626270, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:10.626335, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:10.626632, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:10.626738, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:37:10.626819, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:37:10.626889, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:10.626961, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:37:10.627032, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:37:10.627137, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.627212, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:10.627276, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:10.627343, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:10.627415, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.627480, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:37:10.627554, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.627619, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.627682, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.627746, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.627808, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.627905, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:37:10.627973, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.628037, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.628100, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.628188, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.628252, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.628348, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:37:10.628415, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:10.628478, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:10.628571, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:10.628639, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:37:10.628707, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:37:10.628774, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:37:10.628844, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:37:10.628918, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:37:10.629023, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.629096, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:10.629159, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:10.629225, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:10.629297, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.629364, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:37:10.629443, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.629508, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.629572, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.629637, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.629698, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.629795, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:37:10.629864, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.629929, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.629992, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.630057, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.630119, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.630272, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:10.631532, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:37:10.631740, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:37:10.632941, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:37:10.633161, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.633243, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.633312, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:37:10.633426, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.633496, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.633560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.633624, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.633687, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.633785, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:37:10.633855, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.633919, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.633983, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.634046, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.634108, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.634254, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:10.635455, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:37:10.635661, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:37:10.636694, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:37:10.636910, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.636982, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:37:10.637057, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.637122, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:37:10.637200, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.637266, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.637329, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.637394, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.637455, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.637553, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:37:10.637623, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.637686, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:37:10.637749, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:37:10.637812, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.637873, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.638019, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:10.639272, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:37:10.639475, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:37:10.640403, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:37:10.640604, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.640674, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:37:10.640745, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.640810, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:37:10.640889, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.640954, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.641016, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.641080, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.641141, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.641259, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:37:10.642175, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:37:10.642359, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.642430, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:37:10.642504, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:37:10.642575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.642641, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.642706, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.642770, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.642833, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.642953, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:37:10.643948, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:37:10.644131, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.644226, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:37:10.644298, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:37:10.644367, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.644464, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.644533, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.644597, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.644660, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.644781, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:37:10.645710, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:37:10.645897, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.645967, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:37:10.646040, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:37:10.646112, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:37:10.646184, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:37:10.646252, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:37:10.646318, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:37:10.646397, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:10.646760, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:10.646885, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:37:10.646951, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:37:10.647016, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:37:10.647098, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:37:10.647162, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:37:10.647505, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:37:10.647574, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:37:10.647639, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:37:10.647752, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:37:10.647931, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.648003, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=1536 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:37:10.648426, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:37:10.650032, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:37:10.650214, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:37:10.650283, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:37:10.650349, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.650388, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:37:10.650800, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:37:10.651005, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23712) conn 0x0 [2013/04/29 08:37:10.651072, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.651136, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.651198, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.651301, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:10.651392, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:37:10.651520, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:37:10.651598, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:37:10.651688, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:37:10.651754, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:37:10.652055, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:37:10.652243, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:10.652315, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:37:10.652428, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:37:10.652527, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:37:10.652604, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:37:10.652675, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:37:10.652740, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:37:10.652812, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:37:10.652910, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:37:10.652974, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:37:10.653041, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:37:10.653141, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:37:10.653352, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A05C0000FFFFFFFFFB36 [2013/04/29 08:37:10.653484, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:37:10.653599, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A05C0000FFFFFFFFFB36 [2013/04/29 08:37:10.653838, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:10.653921, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:37:10.653991, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:37:10.654075, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:37:10.654149, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:37:10.654227, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:37:10.654292, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:37:10.654362, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.654430, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.654494, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.654559, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.654621, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.654777, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:37:10.655623, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:37:10.655825, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.655898, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.655965, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:37:10.656030, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:37:10.656095, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.656216, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.656341, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:37:10.657316, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:37:10.657504, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.657584, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:37:10.657682, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:37:10.657774, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:37:10.657838, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:37:10.658095, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:37:10.658348, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:37:10.658444, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:37:10.658511, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:37:10.658600, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.658672, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:10.659023, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:10.659148, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:37:10.659223, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.659287, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:10.659349, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:10.659448, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:10.659532, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:37:10.659622, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23712) [2013/04/29 08:37:10.659711, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:37:10.660647, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:37:10.660816, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:37:10.660888, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:37:10.660953, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.660992, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1664 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:37:10.661882, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:37:10.662070, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.662147, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:10.662219, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:37:10.662571, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:37:10.662703, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:37:10.662781, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:37:10.662868, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:37:10.662948, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:37:10.663035, 5] smbd/files.c:140(file_new) allocated file structure 2486, fnum = 6582 (1 used) [2013/04/29 08:37:10.663112, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:37:10.663205, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:37:10.663301, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:37:10.663366, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:37:10.663445, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:37:10.663517, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:37:10.664403, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:37:10.664589, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:37:10.664658, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:37:10.664722, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.664759, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:37:10.665454, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 B6 19 ED 03 ....... [2013/04/29 08:37:10.665551, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.665619, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.665711, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:37:10.665782, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:37:10.665883, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.665922, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:37:10.666534, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:37:10.667559, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:37:10.667722, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:37:10.667789, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:37:10.667853, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.667891, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1792 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6582 (0x19B6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:37:10.668566, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 07 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:37:10.669277, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.669346, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.669421, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 19b6 name: NETLOGON len: 160 [2013/04/29 08:37:10.669490, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:37:10.669558, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:37:10.669623, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:37:10.669688, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:10.669754, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:10.669818, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:37:10.669881, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:37:10.669981, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:10.670047, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:37:10.670109, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:37:10.670180, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:10.670276, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:37:10.671858, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:37:10.671933, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:37:10.672002, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:37:10.672067, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:37:10.672165, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:37:10.672314, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:37:10.673516, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:37:10.673614, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:37:10.674305, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:37:10.674499, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:37:10.674579, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:37:10.674642, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.674681, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6582 (0x19B6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:10.675384, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:10.675430, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.675497, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.675576, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:37:10.675647, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:37:10.675718, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:37:10.675816, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:37:10.675882, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:37:10.677041, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:37:10.677203, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:37:10.677303, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:37:10.677368, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.677407, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6582 (0x19B6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:37:10.678180, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 07 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 C1 61 8B 24 6F 96 7E 4D 00 00 FF FF 2F ....a.$o .~M..../ [0080] 61 a [2013/04/29 08:37:10.678865, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.678938, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.679009, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 19b6 name: NETLOGON len: 128 [2013/04/29 08:37:10.679080, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:37:10.679150, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:37:10.679225, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:37:10.679293, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:37:10.679363, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:37:10.679430, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:10.679495, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:37:10.679565, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:37:10.679632, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:37:10.679697, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:37:10.679765, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:37:10.679848, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 C1 61 8B 24 6F 96 C.O.M.1. ...a.$o. [0060] 7E 4D 00 00 FF FF 2F 61 ~M..../a [2013/04/29 08:37:10.681153, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:37:10.681219, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:37:10.681286, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:37:10.681357, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:37:10.681431, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:37:10.681519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : c1618b246f967e4d negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:37:10.682744, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:37:10.682831, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:37:10.683928, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:37:10.684000, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:37:10.684088, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:37:10.684730, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:37:10.684916, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:37:10.684986, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:37:10.685050, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.685087, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6582 (0x19B6) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:10.685688, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:10.685732, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.685799, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.685882, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:37:10.685955, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:37:10.686079, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:37:10.686844, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:37:10.686931, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:37:10.686998, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:37:10.688733, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2013/04/29 08:37:10.688920, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2013/04/29 08:37:10.688988, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 45 (0 toread) [2013/04/29 08:37:10.689053, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.689091, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=3 smb_vwv[ 0]= 6582 (0x19B6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2013/04/29 08:37:10.689474, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:10.689518, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:10.689585, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:37:10.689657, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=6582 (numopen=1) [2013/04/29 08:37:10.689730, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2013/04/29 08:37:10.689868, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \netlogon [2013/04/29 08:37:10.689950, 5] smbd/files.c:482(file_free) freed files structure 6582 (0 used) [2013/04/29 08:37:10.690021, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:10.690060, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2013/04/29 08:37:10.690374, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:24.952765, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2013/04/29 08:37:24.952970, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2013/04/29 08:37:24.953040, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 39 (0 toread) [2013/04/29 08:37:24.953106, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:24.953144, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:37:24.953458, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:24.953533, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 23712) conn 0x7f0ee67f4800 [2013/04/29 08:37:24.953603, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:24.953669, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:24.953731, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:24.953841, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:24.953915, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:24.953981, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:24.954044, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:24.954143, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:24.954211, 3] smbd/service.c:1378(close_cnum) pccom1 (172.20.2.200) closed connection to service IPC$ [2013/04/29 08:37:24.954289, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2013/04/29 08:37:24.954501, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key A05C0000FFFFFFFFFB36 [2013/04/29 08:37:24.954590, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee683adc0 [2013/04/29 08:37:24.954673, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key A05C0000FFFFFFFFFB36 [2013/04/29 08:37:24.954892, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2013/04/29 08:37:24.954966, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:24.955031, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:24.955093, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:24.955189, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:24.955271, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:24.955311, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:37:24.955630, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:24.956419, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 39 [2013/04/29 08:37:24.956583, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x27 [2013/04/29 08:37:24.956651, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 43 (0 toread) [2013/04/29 08:37:24.956716, 5] lib/util.c:332(show_msg) [2013/04/29 08:37:24.956754, 5] lib/util.c:342(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=689 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2013/04/29 08:37:24.957155, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:37:24.957199, 3] smbd/process.c:1467(switch_message) switch message SMBulogoffX (pid 23712) conn 0x0 [2013/04/29 08:37:24.957266, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:24.957331, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:24.957393, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:24.957497, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:24.957587, 3] smbd/reply.c:2096(reply_ulogoffX) ulogoffX vuid=100 [2013/04/29 08:37:24.958298, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 172.20.2.200 read error = NT_STATUS_CONNECTION_RESET. [2013/04/29 08:37:24.958457, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:37:24.958524, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:37:24.958591, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:37:24.958695, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:37:24.958876, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2013/04/29 08:38:08.503128, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:08.503300, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:08.503376, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:08.503448, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:08.503518, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:08.503585, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:08.503652, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:08.503717, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:08.503787, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:08.503854, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:08.503920, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:08.503985, 5] ../lib/util/util.c:415(dump_data) [0000] 94 16 F1 B4 97 A2 93 87 ........ [2013/04/29 08:38:08.504084, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:08.504191, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:08.504263, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:08.504335, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:08.504542, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:08.504626, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.504698, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.504765, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.504850, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.504914, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.505065, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:08.505173, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:08.505243, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:08.505473, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:08.505580, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:08.507404, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:08.507588, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:08.508769, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:08.509003, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.509076, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:08.509213, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:08.509287, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.509356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.509421, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.509486, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.509550, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.509669, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:08.510590, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:08.510783, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.510855, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:08.510929, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.510996, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.511061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.511126, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.511189, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.511383, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:08.511458, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.511524, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.511589, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.511653, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.511716, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.511836, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:08.512800, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:08.512995, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.513106, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:08.513196, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:08.513273, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.513342, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.513407, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.513471, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.513535, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.513598, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.513806, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:08.515004, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.515192, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:08.515283, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:08.515368, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:08.515456, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:08.515558, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:08.515638, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:08.515919, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:08.515993, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.516062, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.516127, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.516194, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.516258, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.516361, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:08.516440, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.516526, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.516591, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.516655, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.516717, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.516819, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:08.516888, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:08.516994, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:08.517290, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:08.517393, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:08.517475, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:08.517544, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:08.517616, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:08.517689, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:08.517795, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.517870, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:08.517936, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:08.518002, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:08.518075, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.518141, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:08.518216, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.518280, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.518344, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.518408, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.518471, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.518567, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:08.518635, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.518699, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.518762, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.518826, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.518887, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.518983, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:08.519047, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:08.519110, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:08.519175, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:08.519239, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:08.519305, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:08.519370, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:08.519439, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:08.519532, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:08.519637, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.519710, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:08.519772, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:08.519838, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:08.519911, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.519977, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:08.520055, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.520121, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.520189, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.520254, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.520316, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.520413, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:08.520517, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.520586, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.520650, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.520715, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.520777, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.520933, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.522211, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:08.522409, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:08.523498, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:08.523713, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.523795, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.523863, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:08.523948, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.524016, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.524080, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.524145, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.524210, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.524310, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:08.524414, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.524513, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.524580, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.524645, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.524707, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.524861, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.526141, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:08.526356, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:08.527311, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:08.527509, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.527580, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:08.527652, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.527719, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:08.527798, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.527866, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.527930, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.527995, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.528058, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.528163, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:08.528235, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.528299, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.528362, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.528425, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.528508, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.528656, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.529889, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:08.530098, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:08.531009, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:08.531232, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.531302, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:08.531372, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.531438, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:08.531517, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.531582, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.531646, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.531709, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.531771, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.531890, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:08.532905, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:08.533100, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.533172, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:08.533246, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:08.533317, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.533385, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.533449, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.533514, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.533577, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.533697, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:08.534602, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:08.534790, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.534859, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:08.534932, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:08.535002, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.535068, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.535133, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.535197, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.535260, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.535381, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:08.536423, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:08.536625, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.536695, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:08.536770, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:08.536845, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:08.536918, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:08.536986, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:08.537053, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:08.537130, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:08.537498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:08.537626, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:08.537693, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:08.537758, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:08.537842, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:08.537907, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:08.538251, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:08.538320, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:08.538385, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:08.538500, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:08.538676, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.538717, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:08.539149, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:08.540682, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:08.540891, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:08.540964, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:08.541031, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.541070, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:08.541491, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:08.541698, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23829) conn 0x0 [2013/04/29 08:38:08.541767, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.541834, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.541898, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.542002, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:08.542095, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:08.542225, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:08.542304, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:08.542394, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:08.542461, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:08.542775, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:08.542959, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:08.543031, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:08.543146, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:08.543225, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:08.543303, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:08.543374, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:08.543439, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:08.543507, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:08.543572, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:08.543634, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:08.543700, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:08.543800, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:08.544011, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 155D0000FFFFFFFF2821 [2013/04/29 08:38:08.544196, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:08.544314, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 155D0000FFFFFFFF2821 [2013/04/29 08:38:08.544601, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:08.544685, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:08.544755, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:08.544840, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:08.544917, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:08.544997, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:08.545061, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:08.545131, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.545198, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.545263, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.545328, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.545391, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.545548, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.546309, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:08.546491, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.546565, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.546633, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.546698, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.546764, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.546828, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.546954, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:08.547969, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:08.548164, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.548247, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:08.548313, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:08.548403, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:08.548500, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:08.557271, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:08.566357, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:08.566565, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:08.566642, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:08.566739, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.566814, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:08.567174, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:08.567309, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:08.567387, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.567453, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.567517, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.567621, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:08.567707, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:08.567800, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23829) [2013/04/29 08:38:08.567890, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:08.569011, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:08.569173, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:08.569243, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:08.569309, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.569348, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:08.570267, 10] ../lib/util/util.c:415(dump_data) [0000] 30 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F 0\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:08.570424, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.570501, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:08.570574, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:08.570968, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:08.571105, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:08.571184, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:08.571273, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:08.571354, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:08.571443, 5] smbd/files.c:140(file_new) allocated file structure 2117, fnum = 6213 (1 used) [2013/04/29 08:38:08.571522, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:08.571617, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:08.571714, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:08.571781, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:08.571861, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:08.571934, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:08.572856, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:08.573019, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:08.573089, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:08.573155, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.573193, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=320 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:08.573878, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 45 18 ED 03 ...E... [2013/04/29 08:38:08.573975, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.574044, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.574136, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:08.574208, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:08.574275, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.574314, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:08.574885, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:08.576069, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:08.576250, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:08.576319, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:08.576384, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.576423, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6213 (0x1845) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:08.577122, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:08.577791, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.577860, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.577936, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1845 name: NETLOGON len: 160 [2013/04/29 08:38:08.578006, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:08.578075, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:08.578139, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:08.578205, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:08.578272, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:08.578337, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:08.578400, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:08.578473, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:08.578537, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:08.578600, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:08.578672, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:08.578770, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:08.580536, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:08.580667, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:08.580740, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:08.580836, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:08.580912, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:08.581008, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:08.581974, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:08.582072, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:08.582839, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:08.583002, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:08.583070, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:08.583135, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.583174, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6213 (0x1845) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:08.583792, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:08.583838, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.583906, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.583986, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:08.584058, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:08.584130, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:08.584255, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:08.584326, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:08.585207, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 154 [2013/04/29 08:38:08.585369, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9a [2013/04/29 08:38:08.585440, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 158 (0 toread) [2013/04/29 08:38:08.585505, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.585544, 5] lib/util.c:342(show_msg) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6213 (0x1845) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2013/04/29 08:38:08.586241, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 02 00 00 ........ .Z...... [0010] 00 42 00 00 00 00 00 04 00 00 00 02 00 08 00 00 .B...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 07 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 00 00 03 63 8C 09 D7 E3 07 95 ....c... ... [2013/04/29 08:38:08.586631, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.586700, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.586770, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1845 name: NETLOGON len: 90 [2013/04/29 08:38:08.586839, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 90 [2013/04/29 08:38:08.586906, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 90 [2013/04/29 08:38:08.586971, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 90 [2013/04/29 08:38:08.587036, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:08.587104, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:08.587168, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:08.587231, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 74 [2013/04/29 08:38:08.587299, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:08.587363, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:08.587425, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 74, incoming data = 74 [2013/04/29 08:38:08.587494, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:08.587571, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005a (90) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000042 (66) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=66 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 00 00 03 63 8C 09 D7 E3 C.O.M.1. ...c.... [0040] 07 95 .. [2013/04/29 08:38:08.588646, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:08.588713, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:08.588779, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:08.588870, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/04/29 08:38:08.588945, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x7f0ee5152500 [2013/04/29 08:38:08.589030, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAMBI' computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 03638c09d7e30795 [2013/04/29 08:38:08.589357, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 62d29218a557ff4c result : NT_STATUS_OK [2013/04/29 08:38:08.589582, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:08.589654, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 74 [2013/04/29 08:38:08.589740, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=90 [2013/04/29 08:38:08.590360, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:08.590521, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:08.590589, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:08.590654, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.590692, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6213 (0x1845) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:08.591301, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:08.591346, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.591414, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.591496, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:08.591570, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2013/04/29 08:38:08.591661, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 62 D2 92 18 A5 57 FF 4C 00 00 00 00 b....W.L .... [2013/04/29 08:38:08.592406, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:08.592502, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2013/04/29 08:38:08.592573, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2013/04/29 08:38:08.593590, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:08.593751, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:08.593818, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 196 (0 toread) [2013/04/29 08:38:08.593883, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:08.593921, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6213 (0x1845) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:08.594578, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 71 71 F0 D7 7B 22 45 36 00 00 FF FF 2F ...qq..{ "E6..../ [0080] 61 a [2013/04/29 08:38:08.595129, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23829) conn 0x7f0ee682df00 [2013/04/29 08:38:08.595197, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:08.595266, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1845 name: NETLOGON len: 128 [2013/04/29 08:38:08.595335, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:08.595402, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:08.595466, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:08.595532, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:08.595598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:08.595662, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:08.595724, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:08.595792, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:08.595855, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:08.595949, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:08.596018, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:08.596096, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 71 71 F0 D7 7B 22 C.O.M.1. ..qq..{" [0060] 45 36 00 00 FF FF 2F 61 E6..../a [2013/04/29 08:38:08.597333, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:08.597399, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:08.597466, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:08.597538, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:08.597609, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:08.597697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 7171f0d77b224536 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:08.598945, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/04/29 08:38:08.599029, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/04/29 08:38:08.599095, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/04/29 08:38:08.599171, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/04/29 08:38:08.599243, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.599315, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:08.599381, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.599446, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.599509, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.599674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:38:08.600045, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:38:08.600135, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:38:08.600221, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 50 15 ....m... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.600370, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:38:08.600435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5015155d0000 result : NT_STATUS_OK [2013/04/29 08:38:08.600766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5015155d0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:38:08.601279, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 50 15 ....m... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.601431, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:08.601531, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:08.601612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:38:08.601873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5015155d0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:08.602507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 50 15 ....m... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.602657, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:08.602730, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:38:08.602802, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 50 15 ....n... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.602953, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:38:08.603020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5015155d0000 result : NT_STATUS_OK [2013/04/29 08:38:08.603327, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5015155d0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:38:08.603792, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:38:08.603862, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 50 15 ....n... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.604008, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:08.604073, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:08.604163, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.604230, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.604295, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.604359, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.604421, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.604588, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.605667, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:38:08.605829, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:08.605902, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:08.605969, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:08.606050, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:08.606122, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:08.606224, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:38:08.606301, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:38:08.606378, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:38:08.606454, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:38:08.606529, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:38:08.606606, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:08.606683, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:38:08.606748, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:08.606857, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:38:08.606930, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.607010, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:08.607088, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:38:08.607157, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:08.607221, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:08.607497, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:08.607769, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:08.607880, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:38:08.607949, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.608025, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:08.608114, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:38:08.608241, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:38:08.608319, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:38:08.608406, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.608478, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.608546, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.608612, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.608676, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.608834, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 (-1367217488 seconds in the past) [2013/04/29 08:38:08.609006, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2013/04/29 08:38:08.609081, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=WEBDEALAUTO,dc=webdealauto,dc=com], filter => [(objectClass=sambaDomain)], scope => [0] [2013/04/29 08:38:08.609802, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2013/04/29 08:38:08.609961, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Mon Apr 29 08:39:08 2013 (60 seconds ahead) [2013/04/29 08:38:08.610126, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.610217, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:38:08.610325, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:38:08.610404, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:38:08.610479, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:38:08.610589, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:38:08.610667, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:38:08.610766, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:38:08.610850, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.610917, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.610982, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.611047, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.611110, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.611232, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Jan 1 01:00:00 1970 (-1367217488 seconds in the past) [2013/04/29 08:38:08.611367, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2013/04/29 08:38:08.611439, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=WEBDEALAUTO,dc=webdealauto,dc=com], filter => [(objectClass=sambaDomain)], scope => [0] [2013/04/29 08:38:08.612110, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2013/04/29 08:38:08.612298, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Mon Apr 29 08:39:08 2013 (60 seconds ahead) [2013/04/29 08:38:08.612464, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.612547, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:08.612615, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:08.612687, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:08.612797, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:38:08.612870, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.612938, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.613003, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.613068, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.613131, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.613256, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:38:08.614160, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:08.614371, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.614442, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:08.614531, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:38:08.614605, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:38:08.614688, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:38:08.614763, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:38:08.614840, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.614940, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.615006, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.615071, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.615134, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.615233, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:08.615304, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:08.615370, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:08.615434, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:08.615498, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.615560, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.615707, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.616963, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:08.617179, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:08.618258, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:08.618472, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.618545, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:38:08.618618, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.618688, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:38:08.618776, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.618843, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.618907, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.618972, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.619035, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.619165, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.619263, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:08.619331, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:08.619396, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:08.619460, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:08.619530, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.619609, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:08.619675, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:08.619777, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:08.619841, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:08.620122, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:08.620346, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:08.620422, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.620534, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:08.620606, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:08.620677, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.620743, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.620809, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.620875, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.620937, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.621058, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.621130, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:08.621203, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:08.621355, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:08.621433, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.621499, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.621563, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.621627, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.621688, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.621786, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:08.621856, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:08.621921, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:08.621985, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:08.622049, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.622111, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.622254, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:08.623481, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:08.623690, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:08.624823, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:08.625039, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.625120, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.625186, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:38:08.625269, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:08.625354, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:08.625439, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:38:08.625505, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:38:08.626068, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5015155d0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:38:08.626674, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 50 15 ....n... ....~QP. [0010] 15 5D 00 00 .].. [2013/04/29 08:38:08.626827, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:08.626900, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:38:08.626967, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.627034, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:08.627098, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.627162, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.627223, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.627355, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.627426, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.627490, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.627554, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.627616, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.627747, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.627819, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.627885, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.627948, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.628011, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.628073, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.628189, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.628276, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:08.628343, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:08.628409, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:08.628515, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:08.628593, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.628674, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:08.628742, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:08.628815, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:08.628880, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:08.629163, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:08.629440, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:08.629543, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:08.629619, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:08.629688, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:08.629756, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.629821, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:08.629885, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:08.629950, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:08.630012, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:08.630131, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:08.630203, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:08.630298, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:08.630415, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:38:08.630485, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 23829 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:38:08.630573, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:38:08.630656, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:38:08.630719, 0] lib/util.c:1117(smb_panic) PANIC (pid 23829): internal error [2013/04/29 08:38:08.642173, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /usr/sbin/smbd(tcopy_passwd+0x22) [0x7f0ee5295e22] #5 /usr/sbin/smbd(pdb_copy_sam_account+0x76) [0x7f0ee525ada6] #6 /usr/sbin/smbd(pdb_getsampwsid+0xa5) [0x7f0ee525df85] #7 /usr/sbin/smbd(_samr_OpenUser+0x161) [0x7f0ee5195441] #8 /usr/sbin/smbd(+0x319625) [0x7f0ee51a5625] #9 /usr/sbin/smbd(+0x329f76) [0x7f0ee51b5f76] #10 /usr/sbin/smbd(dcerpc_binding_handle_raw_call_send+0x9e) [0x7f0ee532f4ee] #11 /usr/sbin/smbd(dcerpc_binding_handle_call_send+0x258) [0x7f0ee532fcd8] #12 /usr/sbin/smbd(dcerpc_binding_handle_call+0x77) [0x7f0ee532fe07] #13 /usr/sbin/smbd(dcerpc_samr_OpenUser_r+0x1d) [0x7f0ee522907d] #14 /usr/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x7f0ee52292ad] #15 /usr/sbin/smbd(+0x2bc33b) [0x7f0ee514833b] #16 /usr/sbin/smbd(_netr_ServerAuthenticate3+0x222) [0x7f0ee5149332] #17 /usr/sbin/smbd(+0x2c2826) [0x7f0ee514e826] #18 /usr/sbin/smbd(+0x325e55) [0x7f0ee51b1e55] #19 /usr/sbin/smbd(process_complete_pdu+0x89b) [0x7f0ee51b35bb] #20 /usr/sbin/smbd(process_incoming_data+0x118) [0x7f0ee51b4448] #21 /usr/sbin/smbd(np_write_send+0x150) [0x7f0ee51b4b20] #22 /usr/sbin/smbd(reply_pipe_write_and_X+0x165) [0x7f0ee4fca075] #23 /usr/sbin/smbd(reply_write_and_X+0x348) [0x7f0ee4fd38d8] #24 /usr/sbin/smbd(+0x18a08c) [0x7f0ee501608c] #25 /usr/sbin/smbd(+0x18a492) [0x7f0ee5016492] #26 /usr/sbin/smbd(+0x18a8d1) [0x7f0ee50168d1] #27 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #28 /usr/sbin/smbd(smbd_process+0x84a) [0x7f0ee501803a] #29 /usr/sbin/smbd(+0x69f443) [0x7f0ee552b443] #30 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #31 /usr/sbin/smbd(+0x440eaa) [0x7f0ee52cceaa] #32 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7f0ee52cda10] #33 /usr/sbin/smbd(main+0xf30) [0x7f0ee4f96850] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f0ee1c36ead] #35 /usr/sbin/smbd(+0x10ac8d) [0x7f0ee4f96c8d] [2013/04/29 08:38:08.642477, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23829] [2013/04/29 08:38:09.502700, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:38:09.502888, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:38:09.853196, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:09.853360, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:09.853434, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:09.853503, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:09.853572, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:09.853669, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:09.853737, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:09.853801, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:09.853870, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:09.853935, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:09.854000, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:09.854063, 5] ../lib/util/util.c:415(dump_data) [0000] 17 AF BC 9A 1C 5B 85 F1 .....[.. [2013/04/29 08:38:09.854162, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:09.854256, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:09.854325, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:09.854395, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:09.854591, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:09.854674, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.854743, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.854807, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.854871, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.854933, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.855080, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:09.855189, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:09.855259, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:09.855490, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:09.855562, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:09.857457, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:09.857644, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:09.859038, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:09.859264, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.859336, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:09.859475, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:09.859549, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.859617, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.859682, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.859746, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.859845, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.859965, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:09.860888, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:09.861087, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.861159, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:09.861232, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.861298, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.861362, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.861426, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.861489, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.861682, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:09.861758, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.861823, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.861888, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.861952, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.862015, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.862134, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:09.863100, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:09.863292, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.863364, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:09.863451, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:09.863527, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.863596, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.863662, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.863726, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.863791, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.863853, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.864087, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:09.865339, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.865563, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:09.865654, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:09.865740, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:09.865830, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:09.865933, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:09.866014, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:09.866297, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:09.866372, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.866440, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.866507, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.866573, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.866636, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.866738, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:09.866818, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.866883, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.866947, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.867012, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.867074, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.867171, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:09.867238, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:09.867303, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:09.867595, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:09.867698, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:09.867785, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:09.867856, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:09.867927, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:09.868000, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:09.868103, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.868180, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:09.868245, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:09.868311, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:09.868405, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.868493, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:09.868573, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.868639, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.868703, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.868767, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.868834, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.868934, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:09.869004, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.869068, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.869131, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.869194, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.869255, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.869350, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:09.869414, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:09.869477, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:09.869542, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:09.869606, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:09.869672, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:09.869738, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:09.869807, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:09.869878, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:09.869979, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.870052, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:09.870114, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:09.870179, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:09.870251, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.870317, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:09.870395, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.870460, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.870524, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.870587, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.870648, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.870763, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:09.870833, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.870897, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.870959, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.871023, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.871084, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.871235, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.872712, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:09.872932, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:09.874024, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:09.874238, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.874319, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.874388, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:09.874472, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.874540, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.874604, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.874668, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.874729, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.874828, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:09.874898, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.874963, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.875026, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.875090, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.875152, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.875300, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.876611, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:09.876825, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:09.877751, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:09.877973, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.878045, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:09.878117, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.878182, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:09.878260, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.878326, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.878390, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.878455, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.878517, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.878615, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:09.878684, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.878748, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.878811, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.878874, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.878936, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.879080, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.880305, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:09.880525, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:09.881456, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:09.881647, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.881716, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:09.881786, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.881852, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:09.881931, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.881996, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.882059, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.882123, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.882184, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.882300, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:09.883258, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:09.883448, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.883520, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:09.883595, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:09.883667, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.883734, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.883798, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.883863, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.883925, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.884046, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:09.884959, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:09.885156, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.885225, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:09.885297, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:09.885366, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.885433, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.885497, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.885561, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.885624, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.885743, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:09.886749, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:09.886938, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.887007, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:09.887081, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:09.887153, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:09.887225, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:09.887293, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:09.887360, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:09.887439, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:09.887836, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:09.887964, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:09.888030, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:09.888095, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:09.888222, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:09.888288, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:09.888633, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:09.888702, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:09.888767, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:09.888888, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:09.889063, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.889104, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:09.889519, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:09.891139, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:09.891320, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:09.891390, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:09.891455, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.891494, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:09.891912, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:09.892120, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23849) conn 0x0 [2013/04/29 08:38:09.892205, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.892270, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.892367, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.892480, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:09.892575, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:09.892707, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:09.892787, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:09.892898, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:09.892965, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:09.893285, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:09.893472, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:09.893543, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:09.893658, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:09.893737, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:09.893814, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:09.893885, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:09.893950, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:09.894018, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:09.894082, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:09.894146, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:09.894212, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:09.894312, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:09.894523, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 295D0000FFFFFFFFAB1D [2013/04/29 08:38:09.894657, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:09.894770, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 295D0000FFFFFFFFAB1D [2013/04/29 08:38:09.895010, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:09.895092, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:09.895161, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:09.895244, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:09.895319, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:09.895396, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:09.895461, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:09.895531, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.895598, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.895662, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.895759, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.895823, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.895978, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.896791, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:09.896982, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.897055, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.897121, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.897186, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.897249, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.897312, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.897436, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:09.898412, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:09.898602, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.898682, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:09.898746, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:09.898837, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:09.898902, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:09.899158, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:09.899422, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:09.899520, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:09.899588, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:09.899677, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.899748, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:09.900100, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:09.900237, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:09.900313, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.900377, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.900440, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.900623, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:09.900709, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:09.900799, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23849) [2013/04/29 08:38:09.900891, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:09.901802, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:09.901975, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:09.902044, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:09.902110, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.902149, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:09.903059, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:09.903213, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.903290, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:09.903362, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:09.903719, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:09.903858, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:09.903938, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:09.904028, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:09.904110, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:09.904215, 5] smbd/files.c:140(file_new) allocated file structure 2168, fnum = 6264 (1 used) [2013/04/29 08:38:09.904294, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:09.904388, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:09.904494, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:09.904562, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:09.904676, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:09.904750, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:09.906391, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:09.906556, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:09.906624, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:09.906689, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.906728, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:09.907408, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 78 18 ED 03 ...x... [2013/04/29 08:38:09.907504, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.907573, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.907664, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:09.907737, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:09.907803, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.907842, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:09.908419, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:09.909882, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:09.910045, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:09.910112, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:09.910177, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.910215, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1024 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:09.910871, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 04 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:09.911576, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.911646, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.911721, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1878 name: NETLOGON len: 160 [2013/04/29 08:38:09.911790, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:09.911859, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:09.911924, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:09.911990, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:09.912058, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:09.912122, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:09.912203, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:09.912276, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:09.912340, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:09.912404, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:09.912482, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:09.912581, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:09.914254, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:09.914331, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:09.914401, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:09.914466, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:09.914534, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:09.914628, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:09.915552, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:09.915648, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:09.916411, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:09.916591, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:09.916691, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:09.916755, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.916792, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:09.917413, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:09.917457, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.917525, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.917604, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:09.917675, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:09.917746, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:09.917845, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:09.917912, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:09.918854, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:09.919017, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:09.919083, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:38:09.919146, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.919184, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:09.919842, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 71 71 F0 D7 7B 22 45 36 00 00 FF FF 2F ...qq..{ "E6..../ [0080] 61 a [2013/04/29 08:38:09.920405, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.920471, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.920548, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1878 name: NETLOGON len: 128 [2013/04/29 08:38:09.920616, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:09.920681, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:09.920774, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:09.920869, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:09.920936, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:09.920998, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:09.921060, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:09.921126, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:09.921189, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:09.921251, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:09.921318, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:09.921395, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 71 71 F0 D7 7B 22 C.O.M.1. ..qq..{" [0060] 45 36 00 00 FF FF 2F 61 E6..../a [2013/04/29 08:38:09.922574, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:09.922638, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:09.922704, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:09.922775, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:09.922849, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:09.922936, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 7171f0d77b224536 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:09.924183, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:38:09.924248, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:38:09.925386, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:09.925459, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:38:09.925546, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:38:09.926182, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:09.926345, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:09.926412, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:09.926475, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.926512, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:09.927106, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:09.927149, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.927216, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.927297, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:09.927369, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:38:09.927460, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:38:09.928233, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:09.928319, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:38:09.928387, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:38:09.929584, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 154 [2013/04/29 08:38:09.929748, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9a [2013/04/29 08:38:09.929815, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 158 (0 toread) [2013/04/29 08:38:09.929880, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.929919, 5] lib/util.c:342(show_msg) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2013/04/29 08:38:09.930613, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 05 00 00 ........ .Z...... [0010] 00 42 00 00 00 00 00 04 00 00 00 02 00 08 00 00 .B...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 07 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 00 00 03 63 8C 09 D7 E3 07 95 ....c... ... [2013/04/29 08:38:09.931002, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.931071, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.931140, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1878 name: NETLOGON len: 90 [2013/04/29 08:38:09.931209, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 90 [2013/04/29 08:38:09.931276, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 90 [2013/04/29 08:38:09.931340, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 90 [2013/04/29 08:38:09.931406, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:09.931473, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:09.931536, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:09.931599, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 74 [2013/04/29 08:38:09.931667, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:09.931730, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:09.931793, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 74, incoming data = 74 [2013/04/29 08:38:09.931861, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:09.931937, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005a (90) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000042 (66) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=66 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 00 00 03 63 8C 09 D7 E3 C.O.M.1. ...c.... [0040] 07 95 .. [2013/04/29 08:38:09.933024, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:09.933089, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:09.933157, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:09.933227, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/04/29 08:38:09.933298, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x7f0ee5152500 [2013/04/29 08:38:09.933379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAMBI' computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 03638c09d7e30795 [2013/04/29 08:38:09.933688, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : e41d5a830c3ea71d result : NT_STATUS_OK [2013/04/29 08:38:09.933906, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:09.933976, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 74 [2013/04/29 08:38:09.934062, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=90 [2013/04/29 08:38:09.934899, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:09.935060, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:09.935127, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2013/04/29 08:38:09.935191, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.935230, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:09.935828, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:09.935872, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.935939, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.936013, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:09.936085, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2013/04/29 08:38:09.936188, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] E4 1D 5A 83 0C 3E A7 1D 00 00 00 00 ..Z..>.. .... [2013/04/29 08:38:09.936966, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:09.937054, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2013/04/29 08:38:09.937121, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2013/04/29 08:38:09.938221, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:09.938384, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:09.938452, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 196 (0 toread) [2013/04/29 08:38:09.938516, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:09.938555, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1408 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6264 (0x1878) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:09.939212, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 06 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 C0 F2 A1 8A F4 38 B4 DF 00 00 FF FF 2F ........ 8....../ [0080] 61 a [2013/04/29 08:38:09.939763, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23849) conn 0x7f0ee682df00 [2013/04/29 08:38:09.939830, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:09.939899, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1878 name: NETLOGON len: 128 [2013/04/29 08:38:09.939967, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:09.940034, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:09.940098, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:09.940179, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:09.940246, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:09.940309, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:09.940401, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:09.940472, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:09.940535, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:09.940598, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:09.940665, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:09.940742, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 C0 F2 A1 8A F4 38 C.O.M.1. .......8 [0060] B4 DF 00 00 FF FF 2F 61 ....../a [2013/04/29 08:38:09.941943, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:09.942008, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:09.942074, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:09.942144, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:09.942215, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:09.942293, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : c0f2a18af438b4df negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:09.943507, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/04/29 08:38:09.943592, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/04/29 08:38:09.943658, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/04/29 08:38:09.943733, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/04/29 08:38:09.943803, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.943873, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:09.943937, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.944001, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.944064, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.944247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:38:09.944618, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:38:09.944709, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:38:09.944784, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 51 15 ....m... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.944944, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:38:09.945009, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5115295d0000 result : NT_STATUS_OK [2013/04/29 08:38:09.945350, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5115295d0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:38:09.945766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 51 15 ....m... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.945913, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:09.946010, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:09.946090, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:38:09.946349, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-5115295d0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:09.946983, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 51 15 ....m... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.947131, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:09.947201, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:38:09.947272, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 51 15 ....n... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.947422, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:38:09.947488, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5115295d0000 result : NT_STATUS_OK [2013/04/29 08:38:09.947815, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5115295d0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:38:09.948277, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:38:09.948345, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 51 15 ....n... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.948492, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:09.948556, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:09.948631, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.948696, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.948760, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.948860, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.948924, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.949076, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.950162, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:38:09.950311, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:09.950382, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:09.950449, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:09.950530, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:09.950601, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:09.950705, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:38:09.950782, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:38:09.950859, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:38:09.950934, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:38:09.951010, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:38:09.951085, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:09.951197, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:38:09.951263, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:09.951341, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:38:09.951411, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.951491, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:09.951569, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:38:09.951638, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:09.951702, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:09.951975, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:09.952305, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:09.952420, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:38:09.952506, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.952585, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:09.952674, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:38:09.952751, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:38:09.952846, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:38:09.952934, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.953003, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.953068, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.953133, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.953196, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.953343, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.953435, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:38:09.953532, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:38:09.953610, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:38:09.953686, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:38:09.953795, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:38:09.953874, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:38:09.953937, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:38:09.954017, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.954083, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.954147, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.954211, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.954300, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.954421, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.954494, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:09.954557, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:09.954626, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:09.954731, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:38:09.954798, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.954863, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.954927, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.954990, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.955051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.955169, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:38:09.956205, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:09.956432, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.956530, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:09.956623, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:38:09.956699, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:38:09.956788, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:38:09.956867, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:38:09.956943, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.957009, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.957074, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.957138, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.957200, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.957298, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:09.957368, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:09.957433, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:09.957498, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:09.957562, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.957625, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.957772, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.959020, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:09.959229, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:09.960421, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:09.960653, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.960727, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:38:09.960800, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.960879, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:38:09.960965, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.961032, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.961097, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.961161, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.961223, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.961359, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.961455, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:09.961522, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:09.961587, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:09.961652, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:09.961721, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.961801, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:09.961868, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:09.961936, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:09.962000, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:09.962274, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:09.962553, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:09.962655, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.962731, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:09.962801, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:09.962871, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.962935, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.963000, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.963064, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.963126, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.963286, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.963359, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:09.963432, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:09.963582, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:09.963660, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.963726, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.963791, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.963855, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.963917, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.964014, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:09.964085, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:09.964199, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:09.964267, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:09.964332, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.964394, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.964554, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:09.965802, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:09.966012, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:09.967117, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:09.967340, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.967423, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.967491, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:38:09.967574, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:09.967660, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:09.967744, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:38:09.967810, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:38:09.968426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-5115295d0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:38:09.969045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 51 15 ....n... ....~QQ. [0010] 29 5D 00 00 )].. [2013/04/29 08:38:09.969198, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:09.969271, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:38:09.969339, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.969407, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:09.969471, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.969535, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.969598, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.969699, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.969765, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.969829, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.969892, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.969953, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.970087, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.970159, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.970224, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.970287, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.970350, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.970412, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.970530, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.970637, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:09.970706, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:09.970775, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:09.970841, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:09.970913, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.970991, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:09.971060, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:09.971130, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:09.971193, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:09.971468, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:09.971749, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:09.971850, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:09.971926, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:09.971995, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:09.972062, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.972127, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:09.972244, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:09.972310, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:09.972372, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:09.972502, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:09.972577, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:09.972651, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:09.972765, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:38:09.972837, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 23849 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:38:09.972925, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:38:09.973008, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:38:09.973071, 0] lib/util.c:1117(smb_panic) PANIC (pid 23849): internal error [2013/04/29 08:38:09.988569, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /usr/sbin/smbd(tcopy_passwd+0x22) [0x7f0ee5295e22] #5 /usr/sbin/smbd(pdb_copy_sam_account+0x76) [0x7f0ee525ada6] #6 /usr/sbin/smbd(pdb_getsampwsid+0xa5) [0x7f0ee525df85] #7 /usr/sbin/smbd(_samr_OpenUser+0x161) [0x7f0ee5195441] #8 /usr/sbin/smbd(+0x319625) [0x7f0ee51a5625] #9 /usr/sbin/smbd(+0x329f76) [0x7f0ee51b5f76] #10 /usr/sbin/smbd(dcerpc_binding_handle_raw_call_send+0x9e) [0x7f0ee532f4ee] #11 /usr/sbin/smbd(dcerpc_binding_handle_call_send+0x258) [0x7f0ee532fcd8] #12 /usr/sbin/smbd(dcerpc_binding_handle_call+0x77) [0x7f0ee532fe07] #13 /usr/sbin/smbd(dcerpc_samr_OpenUser_r+0x1d) [0x7f0ee522907d] #14 /usr/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x7f0ee52292ad] #15 /usr/sbin/smbd(+0x2bc33b) [0x7f0ee514833b] #16 /usr/sbin/smbd(_netr_ServerAuthenticate3+0x222) [0x7f0ee5149332] #17 /usr/sbin/smbd(+0x2c2826) [0x7f0ee514e826] #18 /usr/sbin/smbd(+0x325e55) [0x7f0ee51b1e55] #19 /usr/sbin/smbd(process_complete_pdu+0x89b) [0x7f0ee51b35bb] #20 /usr/sbin/smbd(process_incoming_data+0x118) [0x7f0ee51b4448] #21 /usr/sbin/smbd(np_write_send+0x150) [0x7f0ee51b4b20] #22 /usr/sbin/smbd(reply_pipe_write_and_X+0x165) [0x7f0ee4fca075] #23 /usr/sbin/smbd(reply_write_and_X+0x348) [0x7f0ee4fd38d8] #24 /usr/sbin/smbd(+0x18a08c) [0x7f0ee501608c] #25 /usr/sbin/smbd(+0x18a492) [0x7f0ee5016492] #26 /usr/sbin/smbd(+0x18a8d1) [0x7f0ee50168d1] #27 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #28 /usr/sbin/smbd(smbd_process+0x84a) [0x7f0ee501803a] #29 /usr/sbin/smbd(+0x69f443) [0x7f0ee552b443] #30 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #31 /usr/sbin/smbd(+0x440eaa) [0x7f0ee52cceaa] #32 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7f0ee52cda10] #33 /usr/sbin/smbd(main+0xf30) [0x7f0ee4f96850] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f0ee1c36ead] #35 /usr/sbin/smbd(+0x10ac8d) [0x7f0ee4f96c8d] [2013/04/29 08:38:09.988906, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23849] [2013/04/29 08:38:10.841236, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:38:10.841447, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:38:11.275776, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:11.275945, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:11.276019, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:11.276088, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:11.276168, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:11.276234, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:11.276299, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:11.276364, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:11.276433, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:11.276507, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:11.276572, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:11.276636, 5] ../lib/util/util.c:415(dump_data) [0000] AD 06 E1 50 0F 85 7C F6 ...P..|. [2013/04/29 08:38:11.276735, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:11.276845, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:11.276917, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:11.276988, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:11.277184, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:11.277296, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.277367, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.277432, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.277498, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.277561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.277708, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:11.277820, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:11.277891, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:11.278123, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:11.278197, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:11.280051, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:11.280267, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:11.281366, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:11.281589, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.281663, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:11.281802, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:11.281877, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.281946, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.282012, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.282078, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.282142, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.282261, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:11.283170, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:11.283365, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.283467, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:11.283544, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.283613, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.283680, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.283747, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.283811, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.284008, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:11.284122, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.284231, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.284298, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.284364, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.284428, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.284553, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:11.285499, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:11.285688, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.285760, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:11.285849, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:11.285928, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.285996, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.286063, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.286128, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.286194, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.286258, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.286493, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:11.287678, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.287867, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:11.287958, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:11.288046, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:11.288162, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:11.288271, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:11.288354, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:11.288647, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:11.288723, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.288794, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.288863, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.288963, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.289031, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.289137, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:11.289220, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.289287, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.289353, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.289419, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.289482, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.289581, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:11.289650, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:11.289717, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:11.290014, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:11.290117, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:11.290205, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:11.290276, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:11.290349, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:11.290422, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:11.290528, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.290603, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:11.290668, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:11.290735, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:11.290809, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.290876, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:11.290951, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.291016, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.291081, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.291146, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.291210, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.291308, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:11.291377, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.291443, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.291507, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.291572, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.291658, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.291756, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:11.291822, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:11.291886, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:11.291952, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:11.292017, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:11.292085, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:11.292176, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:11.292247, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:11.292319, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:11.292421, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.292499, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:11.292566, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:11.292632, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:11.292705, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.292772, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:11.292852, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.292919, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.292983, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.293048, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.293110, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.293208, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:11.293277, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.293343, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.293407, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.293471, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.293534, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.293684, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:11.294956, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:11.295166, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:11.296295, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:11.296554, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.296639, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.296708, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:11.296795, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.296864, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.296929, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.296995, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.297057, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.297159, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:11.297230, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.297295, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.297359, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.297423, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.297485, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.297635, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:11.298842, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:11.299066, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:11.299993, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:11.300234, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.300307, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:11.300380, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.300447, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:11.300538, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.300606, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.300671, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.300736, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.300799, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.300901, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:11.300972, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.301037, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:11.301136, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:11.301202, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.301265, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.301414, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:11.302641, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:11.302848, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:11.303752, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:11.303944, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.304015, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:11.304087, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.304181, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:11.304261, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.304328, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.304393, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.304457, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.304521, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.304643, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:11.305578, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:11.305766, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.305836, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:11.305911, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:11.305983, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.306049, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.306114, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.306179, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.306242, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.306362, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:11.307263, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:11.307486, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.307560, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:11.307636, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:11.307707, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.307774, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.307839, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.307903, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.307966, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.308087, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:11.309085, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:11.309275, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.309344, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:11.309418, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:11.309489, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:11.309563, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:11.309630, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:11.309697, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:11.309775, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:11.310140, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:11.310267, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:11.310333, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:11.310398, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:11.310482, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:11.310546, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:11.310890, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:11.310959, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:11.311060, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:11.311177, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:11.311353, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.311395, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=1536 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:11.311824, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:11.313417, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:11.313595, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:11.313666, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:11.313731, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.313770, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:11.314189, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:11.314397, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23867) conn 0x0 [2013/04/29 08:38:11.314464, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.314529, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.314592, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.314698, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:11.314791, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:11.314921, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:11.315088, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:11.315179, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:11.315246, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:11.315565, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:11.315750, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:11.315823, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:11.315939, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:11.316019, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:11.316131, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:11.316210, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:11.316277, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:11.316346, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:11.316413, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:11.316523, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:11.316597, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:11.316700, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:11.316914, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 3B5D0000FFFFFFFF76D7 [2013/04/29 08:38:11.317041, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:11.317154, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 3B5D0000FFFFFFFF76D7 [2013/04/29 08:38:11.317398, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:11.317482, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:11.317553, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:11.317638, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:11.317714, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:11.317793, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:11.317859, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:11.317929, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.317997, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.318063, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.318129, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.318193, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.318349, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:11.319111, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:11.319295, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.319369, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.319436, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:11.319501, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:11.319566, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.319630, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.319755, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:11.320780, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:11.320980, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.321061, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:11.321126, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:11.321217, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:11.321283, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:11.321541, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:11.321794, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:11.321890, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:11.321958, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:11.322048, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.322121, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:11.322479, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:11.322607, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:11.322683, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.322749, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:11.322812, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:11.322914, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:11.322999, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:11.323089, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23867) [2013/04/29 08:38:11.323177, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:11.323997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:11.324184, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:11.324254, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:11.324318, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.324356, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1664 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:11.325324, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:11.325477, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.325554, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:11.325625, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:11.325980, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:11.326114, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:11.326193, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:11.326281, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:11.326362, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:11.326448, 5] smbd/files.c:140(file_new) allocated file structure 2152, fnum = 6248 (1 used) [2013/04/29 08:38:11.326525, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:11.326620, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:11.326717, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:11.326783, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:11.326863, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:11.326934, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:11.327846, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:11.328009, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:11.328077, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:11.328157, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.328197, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:11.328927, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 68 18 ED 03 ...h... [2013/04/29 08:38:11.329059, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.329129, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.329305, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:11.329392, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:11.329459, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.329498, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:11.330057, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:11.331156, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:11.331319, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:11.331386, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:11.331451, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.331489, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1792 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6248 (0x1868) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:11.332155, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 07 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:11.332855, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.332924, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.332998, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1868 name: NETLOGON len: 160 [2013/04/29 08:38:11.333068, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:11.333136, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:11.333200, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:11.333266, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:11.333368, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:11.333432, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:11.333495, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:11.333567, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:11.333632, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:11.333695, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:11.333767, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:11.333864, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:11.335486, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:11.335563, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:11.335633, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:11.335698, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:11.335767, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:11.335861, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:11.336834, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:11.336933, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:11.337578, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:11.337751, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:11.337820, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:11.337884, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.337923, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6248 (0x1868) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:11.338533, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:11.338577, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.338646, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.338726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:11.338799, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:11.338871, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:11.339003, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:11.339073, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:11.339958, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:11.340122, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:11.340207, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:38:11.340272, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.340311, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6248 (0x1868) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:11.341034, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 07 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 C0 F2 A1 8A F4 38 B4 DF 00 00 FF FF 2F ........ 8....../ [0080] 61 a [2013/04/29 08:38:11.341596, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.341665, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.341735, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1868 name: NETLOGON len: 128 [2013/04/29 08:38:11.341804, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:11.341872, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:11.341938, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:11.342004, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:11.342072, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:11.342137, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:11.342201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:11.342270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:11.342335, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:11.342399, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:11.342468, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:11.342545, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 C0 F2 A1 8A F4 38 C.O.M.1. .......8 [0060] B4 DF 00 00 FF FF 2F 61 ....../a [2013/04/29 08:38:11.343784, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:11.343851, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:11.343919, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:11.343991, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:11.344066, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:11.344167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : c0f2a18af438b4df negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:11.345579, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:38:11.345647, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:38:11.346748, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:11.346821, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:38:11.346909, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:38:11.347719, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:11.347898, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:11.347970, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:11.348035, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.348074, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6248 (0x1868) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:11.348703, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:11.348778, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.348872, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.348957, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:11.349031, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:38:11.349124, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:38:11.349904, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:11.349991, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:38:11.350060, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:38:11.350864, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2013/04/29 08:38:11.351026, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2013/04/29 08:38:11.351094, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 45 (0 toread) [2013/04/29 08:38:11.351159, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.351198, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=3 smb_vwv[ 0]= 6248 (0x1868) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2013/04/29 08:38:11.351590, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:11.351635, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:11.351703, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:11.351776, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=6248 (numopen=1) [2013/04/29 08:38:11.351848, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2013/04/29 08:38:11.351988, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \netlogon [2013/04/29 08:38:11.352071, 5] smbd/files.c:482(file_free) freed files structure 6248 (0 used) [2013/04/29 08:38:11.352156, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:11.352197, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:11.352526, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:25.952831, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2013/04/29 08:38:25.953011, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2013/04/29 08:38:25.953118, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 39 (0 toread) [2013/04/29 08:38:25.953187, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:25.953227, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:25.953556, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:25.953602, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 23867) conn 0x7f0ee682df00 [2013/04/29 08:38:25.953671, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:25.953739, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:25.953803, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:25.953917, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:25.953993, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:25.954060, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:25.954125, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:25.954223, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:25.954292, 3] smbd/service.c:1378(close_cnum) pccom1 (172.20.2.200) closed connection to service IPC$ [2013/04/29 08:38:25.954371, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2013/04/29 08:38:25.954586, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 3B5D0000FFFFFFFF76D7 [2013/04/29 08:38:25.954676, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee683adc0 [2013/04/29 08:38:25.954779, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 3B5D0000FFFFFFFF76D7 [2013/04/29 08:38:25.955002, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2013/04/29 08:38:25.955077, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:25.955144, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:25.955208, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:25.955305, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:25.955389, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:25.955431, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:25.955758, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:25.956534, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 39 [2013/04/29 08:38:25.956699, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x27 [2013/04/29 08:38:25.956768, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 43 (0 toread) [2013/04/29 08:38:25.956884, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:25.956924, 5] lib/util.c:342(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:25.957306, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:25.957352, 3] smbd/process.c:1467(switch_message) switch message SMBulogoffX (pid 23867) conn 0x0 [2013/04/29 08:38:25.957420, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:25.957518, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:25.957586, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:25.957692, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:25.957784, 3] smbd/reply.c:2096(reply_ulogoffX) ulogoffX vuid=100 [2013/04/29 08:38:25.958971, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 172.20.2.200 read error = NT_STATUS_CONNECTION_RESET. [2013/04/29 08:38:25.959130, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:25.959198, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:25.959262, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:25.959368, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:25.959552, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2013/04/29 08:38:32.583752, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:32.583800, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:32.583820, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:32.583839, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:32.583856, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:32.583873, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:32.583890, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:32.583906, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:32.583924, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:32.583941, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:32.583957, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:32.583974, 5] ../lib/util/util.c:415(dump_data) [0000] D3 67 95 D9 2F 11 17 2F .g../../ [2013/04/29 08:38:32.584001, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:32.584026, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:32.584044, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:32.584063, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:32.584131, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:32.584168, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.584187, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.584203, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.584220, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.584236, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.584288, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:32.584323, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:32.584341, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:32.584424, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:32.584444, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:32.586084, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:32.586285, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:32.587185, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:32.587389, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.587461, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:32.587599, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:32.587673, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.587742, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.587809, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.587874, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.587938, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.588059, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:32.589007, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:32.589201, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.589274, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:32.589348, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.589414, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.589479, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.589543, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.589606, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.589802, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:32.589876, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.589942, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.590007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.590071, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.590133, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.590289, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:32.591005, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:32.591180, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.591252, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:32.591341, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:32.591419, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.591487, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.591553, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.591619, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.591685, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.591749, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.591985, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:32.593231, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.593428, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:32.593519, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:32.593605, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:32.593694, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:32.593797, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:32.593877, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:32.594159, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:32.594234, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.594304, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.594370, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.594436, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.594500, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.594603, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:32.594684, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.594750, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.594814, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.594915, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.594980, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.595077, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:32.595146, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:32.595212, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:32.595508, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:32.595612, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:32.595695, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:32.595764, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:32.595837, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:32.595910, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:32.596016, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.596091, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:32.596157, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:32.596225, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:32.596300, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.596367, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:32.596442, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.596535, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.596600, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.596664, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.596727, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.596831, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:32.596901, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.596967, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.597031, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.597096, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.597159, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.597256, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:32.597322, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:32.597385, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:32.597452, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:32.597517, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:32.597611, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:32.597678, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:32.597749, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:32.597827, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:32.597980, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.598055, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:32.598118, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:32.598185, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:32.598258, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.598326, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:32.598406, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.598473, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.598538, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.598602, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.598666, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.598763, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:32.598832, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.598898, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.598962, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.599027, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.599095, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.599254, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.600558, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:32.600761, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:32.601861, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:32.602076, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.602158, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.602226, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:32.602313, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.602381, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.602477, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.602546, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.602609, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.602709, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:32.602780, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.602846, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.602911, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.602975, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.603039, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.603187, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.604060, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:32.604329, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:32.605280, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:32.605463, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.605533, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:32.605607, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.605673, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:32.605751, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.605817, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.605882, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.605948, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.606011, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.606110, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:32.606181, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.606246, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.606310, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.606374, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.606437, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.606587, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.607920, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:32.608129, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:32.609098, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:32.609291, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.609362, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:32.609434, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.609500, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:32.609580, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.609647, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.609711, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.609776, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.609838, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.609956, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:32.610894, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:32.611069, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.611140, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:32.611215, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:32.611287, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.611353, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.611417, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.611482, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.611545, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.611665, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:32.612631, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:32.612819, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.612890, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:32.612963, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:32.613034, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.613099, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.613164, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.613263, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.613329, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.613460, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:32.614476, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:32.614666, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.614737, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:32.614811, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:32.614884, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:32.614956, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:32.615024, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:32.615090, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:32.615167, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:32.615533, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:32.615661, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:32.615727, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:32.615792, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:32.615875, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:32.615939, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:32.616337, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:32.616408, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:32.616476, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:32.616594, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:32.616769, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.616811, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:32.617277, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:32.618966, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:32.619151, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:32.619223, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:32.619289, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.619329, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:32.619754, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:32.619966, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23903) conn 0x0 [2013/04/29 08:38:32.620035, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.620101, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.620181, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.620287, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:32.620380, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:32.620519, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:32.620599, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:32.620689, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:32.620756, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:32.621089, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:32.621276, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:32.621348, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:32.621463, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:32.621542, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:32.621621, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:32.621693, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:32.621759, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:32.621826, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:32.621892, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:32.621986, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:32.622057, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:32.622160, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:32.622364, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5F5D0000FFFFFFFF830B [2013/04/29 08:38:32.622495, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:32.622609, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5F5D0000FFFFFFFF830B [2013/04/29 08:38:32.622851, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:32.622933, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:32.623004, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:32.623088, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:32.623162, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:32.623241, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:32.623306, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:32.623377, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.623445, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.623510, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.623575, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.623638, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.623791, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.624562, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:32.624748, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.624825, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.624892, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.624957, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.625022, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.625086, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.625210, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:32.626273, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:32.626462, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.626543, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:32.626608, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:32.626733, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:32.626800, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:32.635728, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:32.644887, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:32.645059, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:32.645134, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:32.645231, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.645304, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:32.645661, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:32.645795, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:32.645870, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.645935, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.645998, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.646100, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:32.646186, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:32.646278, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23903) [2013/04/29 08:38:32.646367, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:32.647631, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:32.647794, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:32.647863, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:32.647944, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.647983, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:32.648944, 10] ../lib/util/util.c:415(dump_data) [0000] 6C 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F l\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:32.649101, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.649214, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:32.649287, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:32.649645, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:32.649779, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:32.649858, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:32.649948, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:32.650029, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:32.650117, 5] smbd/files.c:140(file_new) allocated file structure 2103, fnum = 6199 (1 used) [2013/04/29 08:38:32.650195, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:32.650290, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:32.650386, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:32.650452, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:32.650532, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:32.650604, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:32.651864, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:32.652027, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:32.652095, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:32.652177, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.652217, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=320 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:32.652952, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 37 18 ED 03 ...7... [2013/04/29 08:38:32.653050, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.653118, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.653209, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:32.653282, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:32.653348, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.653387, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:32.653986, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:32.655636, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:32.655799, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:32.655867, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:32.655932, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.655970, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6199 (0x1837) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:32.656660, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:32.657381, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.657451, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.657525, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1837 name: NETLOGON len: 160 [2013/04/29 08:38:32.657595, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:32.657663, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:32.657727, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:32.657793, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:32.657859, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:32.657922, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:32.657985, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:32.658056, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:32.658119, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:32.658214, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:32.658287, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:32.658384, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:32.659980, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:32.660056, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:32.660126, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:32.660204, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:32.660273, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:32.660368, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:32.661333, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:32.661430, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:32.662473, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:32.662636, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:32.662703, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:32.662768, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.662806, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6199 (0x1837) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:32.663415, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:32.663460, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.663528, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.663609, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:32.663681, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:32.663752, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:32.663852, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:32.663921, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:32.665010, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 154 [2013/04/29 08:38:32.665171, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9a [2013/04/29 08:38:32.665238, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 158 (0 toread) [2013/04/29 08:38:32.665303, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.665371, 5] lib/util.c:342(show_msg) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6199 (0x1837) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2013/04/29 08:38:32.666036, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 02 00 00 ........ .Z...... [0010] 00 42 00 00 00 00 00 04 00 00 00 02 00 08 00 00 .B...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 07 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 00 00 82 3F EB A9 6F 11 85 3D ....?..o ..= [2013/04/29 08:38:32.666429, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.666497, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.666566, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1837 name: NETLOGON len: 90 [2013/04/29 08:38:32.666634, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 90 [2013/04/29 08:38:32.666702, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 90 [2013/04/29 08:38:32.666767, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 90 [2013/04/29 08:38:32.666833, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:32.666901, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:32.666964, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:32.667027, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 74 [2013/04/29 08:38:32.667095, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:32.667158, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:32.667222, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 74, incoming data = 74 [2013/04/29 08:38:32.667290, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:32.667368, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005a (90) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000042 (66) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=66 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 00 00 82 3F EB A9 6F 11 C.O.M.1. ...?..o. [0040] 85 3D .= [2013/04/29 08:38:32.668440, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:32.668514, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:32.668582, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:32.668652, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/04/29 08:38:32.668727, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x7f0ee5152500 [2013/04/29 08:38:32.668825, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAMBI' computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 823feba96f11853d [2013/04/29 08:38:32.669154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : bf7d781753e8a103 result : NT_STATUS_OK [2013/04/29 08:38:32.669379, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:32.669451, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 74 [2013/04/29 08:38:32.669536, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=90 [2013/04/29 08:38:32.670507, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:32.670669, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:32.670737, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:32.670802, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.670840, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6199 (0x1837) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:32.671447, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:32.671491, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.671559, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.671642, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:32.671715, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2013/04/29 08:38:32.671807, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] BF 7D 78 17 53 E8 A1 03 00 00 00 00 .}x.S... .... [2013/04/29 08:38:32.672570, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:32.672657, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2013/04/29 08:38:32.672725, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2013/04/29 08:38:32.674124, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:32.674287, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:32.674355, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 196 (0 toread) [2013/04/29 08:38:32.674420, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:32.674458, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6199 (0x1837) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:32.675129, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 CA C8 26 B6 C2 EE 96 67 00 00 FF FF 2F .....&.. ..g..../ [0080] 61 a [2013/04/29 08:38:32.675682, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23903) conn 0x7f0ee68265c0 [2013/04/29 08:38:32.675750, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:32.675820, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 1837 name: NETLOGON len: 128 [2013/04/29 08:38:32.675889, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:32.675956, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:32.676020, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:32.676085, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:32.676169, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:32.676266, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:32.676330, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:32.676398, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:32.676462, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:32.676535, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:32.676605, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:32.676683, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 CA C8 26 B6 C2 EE C.O.M.1. ....&... [0060] 96 67 00 00 FF FF 2F 61 .g..../a [2013/04/29 08:38:32.677913, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:32.677980, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:32.678048, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:32.678118, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:32.678190, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:32.678278, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : cac826b6c2ee9667 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:32.679522, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/04/29 08:38:32.679604, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/04/29 08:38:32.679671, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/04/29 08:38:32.679748, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/04/29 08:38:32.679818, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.679889, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:32.679955, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.680020, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.680084, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.680261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:38:32.680647, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:38:32.680738, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:38:32.680825, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 68 15 ....m... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.680976, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:38:32.681041, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-68155f5d0000 result : NT_STATUS_OK [2013/04/29 08:38:32.681386, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-68155f5d0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:38:32.681805, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 68 15 ....m... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.681956, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:32.682054, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:32.682135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:38:32.682396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-68155f5d0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:32.683042, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 68 15 ....m... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.683192, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:32.683264, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:38:32.683336, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 68 15 ....n... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.683486, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:38:32.683556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-68155f5d0000 result : NT_STATUS_OK [2013/04/29 08:38:32.683889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-68155f5d0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:38:32.684353, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:38:32.684423, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 68 15 ....n... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.684579, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:32.684645, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:32.684720, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.684787, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.684866, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.684932, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.684995, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.685151, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.686223, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:38:32.686373, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:32.686445, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:32.686513, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:32.686596, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:32.686668, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:32.686772, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:38:32.686852, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:38:32.686930, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:38:32.687007, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:38:32.687083, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:38:32.687194, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:32.687274, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:38:32.687341, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:32.687420, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:38:32.687491, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.687572, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:32.687651, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:38:32.687721, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:32.687786, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:32.688108, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:32.688559, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:32.688683, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:38:32.688755, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.688840, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:32.688935, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:38:32.689013, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:38:32.689090, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:38:32.689177, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.689247, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.689314, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.689379, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.689444, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.689596, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.689689, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:38:32.689786, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:38:32.689866, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:38:32.689943, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:38:32.690052, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:38:32.690133, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:38:32.690199, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:38:32.690280, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.690348, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.690413, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.690517, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.690582, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.690705, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.690779, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:32.690844, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:32.690914, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:32.691018, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:38:32.691085, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.691152, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.691218, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.691283, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.691346, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.691465, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:38:32.692427, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:32.692665, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.692738, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:32.692831, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:38:32.692905, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:38:32.692992, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:38:32.693068, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:38:32.693145, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.693212, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.693277, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.693342, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.693405, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.693505, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:32.693576, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:32.693642, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:32.693707, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:32.693772, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.693835, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.694013, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.695220, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:32.695430, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:32.696647, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:32.696871, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.696946, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:38:32.697018, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.697091, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:38:32.697178, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.697245, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.697311, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.697376, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.697439, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.697577, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.697676, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:32.697744, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:32.697810, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:32.697876, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:32.697950, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.698031, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:32.698099, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:32.698170, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:32.698234, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:32.698507, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:32.698786, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:32.698887, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.698964, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:32.699034, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:32.699105, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.699171, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.699235, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.699330, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.699397, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.699520, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.699592, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:32.699665, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:32.699816, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:32.699893, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.699959, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.700023, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.700087, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.700202, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.700305, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:32.700376, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:32.700441, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:32.700508, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:32.700575, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.700638, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.700784, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:32.702068, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:32.702276, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:32.703363, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:32.703576, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.703659, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.703728, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:38:32.703813, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:32.703899, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:32.703982, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:38:32.704048, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:38:32.704686, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-68155f5d0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:38:32.705302, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 68 15 ....n... ....~Qh. [0010] 5F 5D 00 00 _].. [2013/04/29 08:38:32.705455, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:32.705529, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:38:32.705597, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.705664, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:32.705730, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.705796, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.705859, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.705960, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.706028, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.706093, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.706158, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.706221, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.706357, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.706430, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.706495, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.706560, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.706625, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.706687, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.706826, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.706913, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:32.706981, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:32.707048, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:32.707114, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:32.707185, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.707264, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:32.707333, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:32.707404, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:32.707468, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:32.707745, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:32.708029, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:32.708131, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:32.708213, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:32.708282, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:32.708351, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.708416, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:32.708495, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:32.708560, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:32.708624, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:32.708749, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:32.708826, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:32.708901, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:32.709016, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:38:32.709085, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 23903 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:38:32.709173, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:38:32.709257, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:38:32.709321, 0] lib/util.c:1117(smb_panic) PANIC (pid 23903): internal error [2013/04/29 08:38:32.724869, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /usr/sbin/smbd(tcopy_passwd+0x22) [0x7f0ee5295e22] #5 /usr/sbin/smbd(pdb_copy_sam_account+0x76) [0x7f0ee525ada6] #6 /usr/sbin/smbd(pdb_getsampwsid+0xa5) [0x7f0ee525df85] #7 /usr/sbin/smbd(_samr_OpenUser+0x161) [0x7f0ee5195441] #8 /usr/sbin/smbd(+0x319625) [0x7f0ee51a5625] #9 /usr/sbin/smbd(+0x329f76) [0x7f0ee51b5f76] #10 /usr/sbin/smbd(dcerpc_binding_handle_raw_call_send+0x9e) [0x7f0ee532f4ee] #11 /usr/sbin/smbd(dcerpc_binding_handle_call_send+0x258) [0x7f0ee532fcd8] #12 /usr/sbin/smbd(dcerpc_binding_handle_call+0x77) [0x7f0ee532fe07] #13 /usr/sbin/smbd(dcerpc_samr_OpenUser_r+0x1d) [0x7f0ee522907d] #14 /usr/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x7f0ee52292ad] #15 /usr/sbin/smbd(+0x2bc33b) [0x7f0ee514833b] #16 /usr/sbin/smbd(_netr_ServerAuthenticate3+0x222) [0x7f0ee5149332] #17 /usr/sbin/smbd(+0x2c2826) [0x7f0ee514e826] #18 /usr/sbin/smbd(+0x325e55) [0x7f0ee51b1e55] #19 /usr/sbin/smbd(process_complete_pdu+0x89b) [0x7f0ee51b35bb] #20 /usr/sbin/smbd(process_incoming_data+0x118) [0x7f0ee51b4448] #21 /usr/sbin/smbd(np_write_send+0x150) [0x7f0ee51b4b20] #22 /usr/sbin/smbd(reply_pipe_write_and_X+0x165) [0x7f0ee4fca075] #23 /usr/sbin/smbd(reply_write_and_X+0x348) [0x7f0ee4fd38d8] #24 /usr/sbin/smbd(+0x18a08c) [0x7f0ee501608c] #25 /usr/sbin/smbd(+0x18a492) [0x7f0ee5016492] #26 /usr/sbin/smbd(+0x18a8d1) [0x7f0ee50168d1] #27 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #28 /usr/sbin/smbd(smbd_process+0x84a) [0x7f0ee501803a] #29 /usr/sbin/smbd(+0x69f443) [0x7f0ee552b443] #30 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #31 /usr/sbin/smbd(+0x440eaa) [0x7f0ee52cceaa] #32 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7f0ee52cda10] #33 /usr/sbin/smbd(main+0xf30) [0x7f0ee4f96850] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f0ee1c36ead] #35 /usr/sbin/smbd(+0x10ac8d) [0x7f0ee4f96c8d] [2013/04/29 08:38:32.725189, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23903] [2013/04/29 08:38:33.570138, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:38:33.570350, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:38:33.861103, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:33.861270, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:33.861346, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:33.861416, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:33.861487, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:33.861554, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:33.861620, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:33.861684, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:33.861754, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:33.861820, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:33.861886, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:33.861949, 5] ../lib/util/util.c:415(dump_data) [0000] 14 1D E4 F3 A4 3C 9D 99 .....<.. [2013/04/29 08:38:33.862055, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:33.862143, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:33.862212, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:33.862315, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:33.862517, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:33.862601, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.862674, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.862739, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.862804, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.862867, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.863016, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:33.863126, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:33.863196, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:33.863431, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:33.863505, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:33.865453, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:33.865644, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:33.866824, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:33.867042, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.867115, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:33.867252, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:33.867326, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.867394, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.867459, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.867523, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.867586, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.867704, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:33.868689, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:33.868891, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.868961, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:33.869034, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.869100, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.869165, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.869230, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.869294, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.869525, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:33.869600, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.869666, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.869730, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.869795, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.869856, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.869975, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:33.870961, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:33.871149, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.871219, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:33.871305, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:33.871383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.871450, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.871516, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.871580, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.871644, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.871706, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.871915, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:33.873483, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.873673, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:33.873765, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:33.873853, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:33.873943, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:33.874046, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:33.874129, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:33.874415, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:33.874490, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.874560, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.874662, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.874730, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.874795, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.874901, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:33.874983, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.875051, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.875116, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.875181, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.875244, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.875343, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:33.875412, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:33.875479, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:33.875771, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:33.875877, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:33.875959, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:33.876029, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:33.876109, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:33.876187, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:33.876298, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.876374, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:33.876441, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:33.876557, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:33.876636, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.876705, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:33.876782, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.876852, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.876920, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.876986, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.877051, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.877153, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:33.877224, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.877291, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.877356, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.877445, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.877510, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.877607, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:33.877673, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:33.877738, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:33.877805, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:33.877872, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:33.877940, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:33.878007, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:33.878078, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:33.878151, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:33.878255, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.878328, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:33.878392, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:33.878458, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:33.878531, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.878599, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:33.878679, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.878747, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.878812, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.878877, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.878940, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.879038, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:33.879108, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.879174, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.879238, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.879303, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.879367, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.879522, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.880871, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:33.881083, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:33.882237, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:33.882447, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.882530, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.882600, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:33.882688, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.882756, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.882823, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.882888, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.882951, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.883051, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:33.883122, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.883188, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.883252, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.883317, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.883380, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.883530, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.884824, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:33.885033, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:33.886016, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:33.886205, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.886275, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:33.886349, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.886417, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:33.886496, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.886563, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.886627, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.886692, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.886755, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.886854, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:33.886956, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.887023, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.887087, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.887151, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.887213, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.887375, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.888673, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:33.888889, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:33.889813, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:33.890003, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.890074, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:33.890147, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.890214, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:33.890294, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.890361, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.890426, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.890490, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.890553, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.890672, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:33.891673, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:33.891863, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.891933, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:33.892006, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:33.892077, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.892170, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.892236, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.892299, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.892361, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.892491, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:33.893468, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:33.893659, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.893730, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:33.893804, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:33.893874, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.893942, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.894007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.894073, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.894136, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.894259, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:33.895251, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:33.895442, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.895511, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:33.895585, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:33.895658, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:33.895731, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:33.895799, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:33.895866, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:33.895944, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:33.896346, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:33.896478, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:33.896546, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:33.896612, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:33.896696, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:33.896761, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:33.897146, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:33.897219, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:33.897285, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:33.897401, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:33.897578, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.897620, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:33.898055, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:33.899558, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:33.899742, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:33.899812, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:33.899878, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.899917, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:33.900355, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:33.900577, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23923) conn 0x0 [2013/04/29 08:38:33.900646, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.900711, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.900774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.900922, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:33.901016, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:33.901147, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:33.901225, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:33.901314, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:33.901381, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:33.901696, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:33.901882, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:33.901956, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:33.902072, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:33.902186, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:33.902267, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:33.902339, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:33.902407, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:33.902476, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:33.902544, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:33.902609, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:33.902678, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:33.902781, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:33.902987, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 735D0000FFFFFFFF378A [2013/04/29 08:38:33.903117, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:33.903230, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 735D0000FFFFFFFF378A [2013/04/29 08:38:33.903473, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:33.903557, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:33.903629, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:33.903715, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:33.903791, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:33.903870, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:33.903937, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:33.904009, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.904079, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.904146, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.904215, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.904280, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.904439, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.905347, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:33.905539, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.905613, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.905681, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.905746, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.905811, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.905876, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.906035, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:33.907069, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:33.907260, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.907341, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:33.907406, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:33.907499, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:33.907565, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:33.907821, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:33.908078, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:33.908206, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:33.908275, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:33.908367, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.908441, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:33.908807, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:33.908940, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:33.909017, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.909083, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.909146, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.909247, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:33.909333, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:33.909424, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23923) [2013/04/29 08:38:33.909514, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:33.910672, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:33.910848, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:33.910917, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:33.910982, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.911022, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:33.911969, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:33.912125, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.912221, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:33.912294, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:33.912667, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:33.912843, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:33.912928, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:33.913018, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:33.913100, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:33.913189, 5] smbd/files.c:140(file_new) allocated file structure 2074, fnum = 6170 (1 used) [2013/04/29 08:38:33.913268, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:33.913365, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:33.913462, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:33.913529, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:33.913609, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:33.913682, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:33.914783, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:33.914947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:33.915016, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:33.915081, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.915119, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:33.915828, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 1A 18 ED 03 ....... [2013/04/29 08:38:33.915927, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.915996, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.916088, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:33.916178, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:33.916244, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.916284, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:33.916879, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:33.918009, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:33.918173, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:33.918240, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:33.918305, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.918344, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1024 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:33.919003, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 04 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:33.919670, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.919739, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.919813, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 181a name: NETLOGON len: 160 [2013/04/29 08:38:33.919883, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:33.919951, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:33.920017, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:33.920116, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:33.920202, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:33.920266, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:33.920329, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:33.920401, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:33.920464, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:33.920537, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:33.920609, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:33.920705, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:33.922361, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:33.922438, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:33.922509, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:33.922574, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:33.922644, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:33.922738, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:33.923659, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:33.923755, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:33.924613, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:33.924778, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:33.924896, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:33.924961, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.925000, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:33.925613, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:33.925658, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.925725, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.925806, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:33.925880, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:33.925985, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:33.926087, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:33.926156, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:33.927273, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:33.927435, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:33.927504, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:38:33.927569, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.927608, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:33.928285, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 04 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 CA C8 26 B6 C2 EE 96 67 00 00 FF FF 2F .....&.. ..g..../ [0080] 61 a [2013/04/29 08:38:33.928876, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.928946, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.929017, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 181a name: NETLOGON len: 128 [2013/04/29 08:38:33.929087, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:33.929154, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:33.929218, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:33.929285, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:33.929352, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:33.929416, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:33.929479, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:33.929547, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:33.929610, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:33.929732, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:33.929803, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:33.929910, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 CA C8 26 B6 C2 EE C.O.M.1. ....&... [0060] 96 67 00 00 FF FF 2F 61 .g..../a [2013/04/29 08:38:33.931103, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:33.931168, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:33.931235, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:33.931307, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:33.931382, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:33.931472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : cac826b6c2ee9667 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:33.932743, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:38:33.932821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:38:33.933911, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:33.933985, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:38:33.934072, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:38:33.935010, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:33.935173, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:33.935241, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:33.935306, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.935345, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:33.935989, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:33.936035, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.936104, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.936207, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:33.936282, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:38:33.936376, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:38:33.937299, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:33.937390, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:38:33.937459, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:38:33.938665, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 154 [2013/04/29 08:38:33.938827, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x9a [2013/04/29 08:38:33.938896, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 158 (0 toread) [2013/04/29 08:38:33.938961, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.939000, 5] lib/util.c:342(show_msg) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2013/04/29 08:38:33.939649, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 05 00 00 ........ .Z...... [0010] 00 42 00 00 00 00 00 04 00 00 00 02 00 08 00 00 .B...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 07 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 00 00 82 3F EB A9 6F 11 85 3D ....?..o ..= [2013/04/29 08:38:33.940038, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.940106, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.940193, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 181a name: NETLOGON len: 90 [2013/04/29 08:38:33.940296, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 90 [2013/04/29 08:38:33.940364, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 90 [2013/04/29 08:38:33.940429, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 90 [2013/04/29 08:38:33.940506, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:33.940574, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:33.940638, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:33.940701, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 74 [2013/04/29 08:38:33.940770, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:33.940853, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 74 [2013/04/29 08:38:33.940917, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 74, incoming data = 74 [2013/04/29 08:38:33.940985, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:33.941064, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x005a (90) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000042 (66) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=66 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 00 00 82 3F EB A9 6F 11 C.O.M.1. ...?..o. [0040] 85 3D .= [2013/04/29 08:38:33.942091, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:33.942155, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:33.942223, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:33.942294, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/04/29 08:38:33.942366, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[4].fn == 0x7f0ee5152500 [2013/04/29 08:38:33.942447, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAMBI' computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 823feba96f11853d [2013/04/29 08:38:33.942781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 336c04454aa23d4e result : NT_STATUS_OK [2013/04/29 08:38:33.943004, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:33.943075, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 74 [2013/04/29 08:38:33.943162, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=90 [2013/04/29 08:38:33.944662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:33.944889, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:33.944960, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2013/04/29 08:38:33.945025, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.945064, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:33.945671, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:33.945716, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.945784, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.945860, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:33.945932, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2013/04/29 08:38:33.946019, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 33 6C 04 45 4A A2 3D 4E 00 00 00 00 3l.EJ.=N .... [2013/04/29 08:38:33.946714, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:33.946800, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2013/04/29 08:38:33.946868, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2013/04/29 08:38:33.948029, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:33.948225, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:33.948296, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 196 (0 toread) [2013/04/29 08:38:33.948362, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:33.948401, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1408 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6170 (0x181A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:33.949114, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 06 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 54 2D 3E E3 05 78 EF 24 00 00 FF FF 2F ...T->.. x.$..../ [0080] 61 a [2013/04/29 08:38:33.949669, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23923) conn 0x7f0ee6823b40 [2013/04/29 08:38:33.949737, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:33.949808, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 181a name: NETLOGON len: 128 [2013/04/29 08:38:33.949877, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:33.949946, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:33.950010, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:33.950077, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:33.950144, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:33.950207, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:33.950270, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:33.950339, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:33.950403, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:33.950467, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:33.950536, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:33.950614, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 54 2D 3E E3 05 78 C.O.M.1. ..T->..x [0060] EF 24 00 00 FF FF 2F 61 .$..../a [2013/04/29 08:38:33.951828, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:33.951893, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:33.951960, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:33.952031, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:33.952102, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:33.952199, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 542d3ee30578ef24 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:33.953418, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/04/29 08:38:33.953532, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/04/29 08:38:33.953599, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/04/29 08:38:33.953675, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/04/29 08:38:33.953747, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.953819, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:33.953884, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.953950, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.954013, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.954182, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'BAMBI' access_mask : 0x00000031 (49) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN [2013/04/29 08:38:33.954552, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/04/29 08:38:33.954642, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x00000031, granted: 0x00000031) [2013/04/29 08:38:33.954718, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 69 15 ....m... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.954867, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/04/29 08:38:33.954931, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-6915735d0000 result : NT_STATUS_OK [2013/04/29 08:38:33.955250, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-6915735d0000 domain_name : * domain_name: struct lsa_String length : 0x0016 (22) size : 0x0016 (22) string : * string : 'WEBDEALAUTO' [2013/04/29 08:38:33.955663, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 69 15 ....m... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.955812, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:33.955911, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain WEBDEALAUTO -> S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:33.956014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 result : NT_STATUS_OK [2013/04/29 08:38:33.956291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186d-0000-0000-7e51-6915735d0000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:33.956947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 18 00 00 00 00 00 00 7E 51 69 15 ....m... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.957098, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/04/29 08:38:33.957169, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000200) [2013/04/29 08:38:33.957242, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 69 15 ....n... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.957391, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/04/29 08:38:33.957460, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-6915735d0000 result : NT_STATUS_OK [2013/04/29 08:38:33.957770, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-6915735d0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'PCCOM1$' [2013/04/29 08:38:33.958213, 5] rpc_server/samr/srv_samr_nt.c:1636(_samr_LookupNames) _samr_LookupNames: 1636 [2013/04/29 08:38:33.958282, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 69 15 ....n... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.958451, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:33.958517, 5] rpc_server/samr/srv_samr_nt.c:1657(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-21-2380245508-1587309507-2390072590 [2013/04/29 08:38:33.958593, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.958660, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.958725, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.958789, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.958853, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.959007, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=PCCOM1$)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.960105, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pccom1$ [2013/04/29 08:38:33.960279, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:33.960354, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:33.960422, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:33.960550, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:33.960625, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:33.960730, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2013/04/29 08:38:33.960811, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2013/04/29 08:38:33.960892, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2013/04/29 08:38:33.960970, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2013/04/29 08:38:33.961047, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2013/04/29 08:38:33.961125, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:33.961205, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2013/04/29 08:38:33.961271, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:33.961351, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2013/04/29 08:38:33.961423, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.961504, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:33.961585, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2013/04/29 08:38:33.961656, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:33.961722, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:33.961993, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:33.962285, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:33.962430, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2013/04/29 08:38:33.962503, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.962583, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:33.962676, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2013/04/29 08:38:33.962756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2013/04/29 08:38:33.962835, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2013/04/29 08:38:33.962924, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.962995, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.963061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.963128, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.963193, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.963344, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.963436, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2013/04/29 08:38:33.963536, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2013/04/29 08:38:33.963617, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2013/04/29 08:38:33.963695, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2013/04/29 08:38:33.963806, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user pccom1$ [2013/04/29 08:38:33.963888, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2013/04/29 08:38:33.963954, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2013/04/29 08:38:33.964037, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.964105, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.964173, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.964242, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.964306, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.964429, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.964536, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:33.964604, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:33.964676, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:33.964784, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2013/04/29 08:38:33.964858, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.964926, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.964991, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.965057, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.965121, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.965265, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2013/04/29 08:38:33.966236, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:33.966461, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.966534, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:33.966624, 10] passdb/lookup_sid.c:1733(get_primary_group_sid) do lookup_sid(S-1-5-21-2380245508-1587309507-2390072590-515) for group of user pccom1$ [2013/04/29 08:38:33.966700, 10] passdb/lookup_sid.c:964(lookup_sid) lookup_sid called for SID 'S-1-5-21-2380245508-1587309507-2390072590-515' [2013/04/29 08:38:33.966785, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2380245508-1587309507-2390072590 in level 1 [2013/04/29 08:38:33.966863, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2380245508-1587309507-2390072590' [2013/04/29 08:38:33.966941, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.967009, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.967075, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.967140, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.967203, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.967305, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:33.967376, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:33.967443, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:33.967508, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:33.967573, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.967637, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.967786, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.969033, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:33.969242, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:33.970425, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:33.970643, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.970718, 5] passdb/pdb_interface.c:1727(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2013/04/29 08:38:33.970794, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.970867, 10] passdb/lookup_sid.c:999(lookup_sid) Sid S-1-5-21-2380245508-1587309507-2390072590-515 -> WEBDEALAUTO\Domain Computers(2) [2013/04/29 08:38:33.970954, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.971023, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.971122, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.971189, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.971254, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.971392, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.971491, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:33.971559, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:33.971626, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:33.971691, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:33.971762, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.971842, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:33.971912, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:33.971982, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:33.972046, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:33.972355, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:33.972696, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:33.972831, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.972913, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:33.972984, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:33.973054, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.973121, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.973186, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.973250, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.973313, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.973443, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.973517, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:33.973611, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:33.973765, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:33.973843, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.973910, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.973975, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.974040, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.974102, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.974229, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2013/04/29 08:38:33.974300, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2013/04/29 08:38:33.974367, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2013/04/29 08:38:33.974431, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2013/04/29 08:38:33.974496, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.974559, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.974705, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:33.975994, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-515] count=0 [2013/04/29 08:38:33.976247, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-515))], scope => [2] [2013/04/29 08:38:33.977453, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2013/04/29 08:38:33.977663, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.977745, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.977814, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-515 -> gid 515 [2013/04/29 08:38:33.977899, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-2380245508-1587309507-2390072590-515 [2013/04/29 08:38:33.977986, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:33.978071, 5] rpc_server/samr/srv_samr_nt.c:1703(_samr_LookupNames) _samr_LookupNames: 1703 [2013/04/29 08:38:33.978138, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003f3 (1011) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2013/04/29 08:38:33.978712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000186e-0000-0000-7e51-6915735d0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003f3 (1011) [2013/04/29 08:38:33.979366, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 18 00 00 00 00 00 00 7E 51 69 15 ....n... ....~Qi. [0010] 73 5D 00 00 s].. [2013/04/29 08:38:33.979521, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/04/29 08:38:33.979597, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/04/29 08:38:33.979666, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.979734, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:33.979801, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.979866, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.979931, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.980034, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.980103, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.980197, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.980262, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.980325, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.980464, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.980544, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.980611, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.980675, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.980740, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.980808, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.980932, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.981020, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username pccom1$, was [2013/04/29 08:38:33.981089, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:33.981156, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username pccom1$, was [2013/04/29 08:38:33.981222, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name PCCOM1$, was [2013/04/29 08:38:33.981295, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.981374, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\bambi\pccom1_, was [2013/04/29 08:38:33.981445, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2013/04/29 08:38:33.981516, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user pccom1$ [2013/04/29 08:38:33.981581, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pccom1$ [2013/04/29 08:38:33.981858, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [pccom1$]! [2013/04/29 08:38:33.982156, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script Domain Computers.bat, was [2013/04/29 08:38:33.982290, 4] lib/substitute.c:527(automount_server) Home server: bambi [2013/04/29 08:38:33.982369, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\bambi\profiles\pccom1_, was [2013/04/29 08:38:33.982439, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2013/04/29 08:38:33.982507, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.982573, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2013/04/29 08:38:33.982638, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/04/29 08:38:33.982703, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:33.982765, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:33.982889, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:33.982962, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 [2013/04/29 08:38:33.983035, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-1011 from rid 1011 [2013/04/29 08:38:33.983153, 0] lib/fault.c:47(fault_report) =============================================================== [2013/04/29 08:38:33.983223, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 23923 (3.6.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/04/29 08:38:33.983313, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/04/29 08:38:33.983396, 0] lib/fault.c:51(fault_report) =============================================================== [2013/04/29 08:38:33.983460, 0] lib/util.c:1117(smb_panic) PANIC (pid 23923): internal error [2013/04/29 08:38:33.997124, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x1a) [0x7f0ee52bd23a] #1 /usr/sbin/smbd(smb_panic+0x22) [0x7f0ee52bd312] #2 /usr/sbin/smbd(+0x4224e4) [0x7f0ee52ae4e4] #3 /lib/x86_64-linux-gnu/libc.so.6(+0x324f0) [0x7f0ee1c4a4f0] #4 /usr/sbin/smbd(tcopy_passwd+0x22) [0x7f0ee5295e22] #5 /usr/sbin/smbd(pdb_copy_sam_account+0x76) [0x7f0ee525ada6] #6 /usr/sbin/smbd(pdb_getsampwsid+0xa5) [0x7f0ee525df85] #7 /usr/sbin/smbd(_samr_OpenUser+0x161) [0x7f0ee5195441] #8 /usr/sbin/smbd(+0x319625) [0x7f0ee51a5625] #9 /usr/sbin/smbd(+0x329f76) [0x7f0ee51b5f76] #10 /usr/sbin/smbd(dcerpc_binding_handle_raw_call_send+0x9e) [0x7f0ee532f4ee] #11 /usr/sbin/smbd(dcerpc_binding_handle_call_send+0x258) [0x7f0ee532fcd8] #12 /usr/sbin/smbd(dcerpc_binding_handle_call+0x77) [0x7f0ee532fe07] #13 /usr/sbin/smbd(dcerpc_samr_OpenUser_r+0x1d) [0x7f0ee522907d] #14 /usr/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x7f0ee52292ad] #15 /usr/sbin/smbd(+0x2bc33b) [0x7f0ee514833b] #16 /usr/sbin/smbd(_netr_ServerAuthenticate3+0x222) [0x7f0ee5149332] #17 /usr/sbin/smbd(+0x2c2826) [0x7f0ee514e826] #18 /usr/sbin/smbd(+0x325e55) [0x7f0ee51b1e55] #19 /usr/sbin/smbd(process_complete_pdu+0x89b) [0x7f0ee51b35bb] #20 /usr/sbin/smbd(process_incoming_data+0x118) [0x7f0ee51b4448] #21 /usr/sbin/smbd(np_write_send+0x150) [0x7f0ee51b4b20] #22 /usr/sbin/smbd(reply_pipe_write_and_X+0x165) [0x7f0ee4fca075] #23 /usr/sbin/smbd(reply_write_and_X+0x348) [0x7f0ee4fd38d8] #24 /usr/sbin/smbd(+0x18a08c) [0x7f0ee501608c] #25 /usr/sbin/smbd(+0x18a492) [0x7f0ee5016492] #26 /usr/sbin/smbd(+0x18a8d1) [0x7f0ee50168d1] #27 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #28 /usr/sbin/smbd(smbd_process+0x84a) [0x7f0ee501803a] #29 /usr/sbin/smbd(+0x69f443) [0x7f0ee552b443] #30 /usr/sbin/smbd(run_events_poll+0x353) [0x7f0ee52ccd13] #31 /usr/sbin/smbd(+0x440eaa) [0x7f0ee52cceaa] #32 /usr/sbin/smbd(_tevent_loop_once+0x90) [0x7f0ee52cda10] #33 /usr/sbin/smbd(main+0xf30) [0x7f0ee4f96850] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f0ee1c36ead] #35 /usr/sbin/smbd(+0x10ac8d) [0x7f0ee4f96c8d] [2013/04/29 08:38:33.997447, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/share/samba/panic-action 23923] [2013/04/29 08:38:34.817131, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/04/29 08:38:34.817316, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd [2013/04/29 08:38:35.126376, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:35.126547, 5] auth/auth_util.c:110(make_user_info_map) Mapping user []\[] from workstation [PCCOM1] [2013/04/29 08:38:35.126623, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [] to [WEBDEALAUTO] for user [] from workstation [PCCOM1] [2013/04/29 08:38:35.126693, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for () [2013/04/29 08:38:35.126763, 5] auth/user_info.c:70(make_user_info) making strings for 's user_info struct [2013/04/29 08:38:35.126830, 5] auth/user_info.c:87(make_user_info) making blobs for 's user_info struct [2013/04/29 08:38:35.126897, 10] auth/user_info.c:123(make_user_info) made a user_info for () [2013/04/29 08:38:35.126962, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PCCOM1] with the new password interface [2013/04/29 08:38:35.127031, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [WEBDEALAUTO]\[]@[PCCOM1] [2013/04/29 08:38:35.127097, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2013/04/29 08:38:35.127162, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2013/04/29 08:38:35.127226, 5] ../lib/util/util.c:415(dump_data) [0000] 56 99 3D 5C E5 DE 28 44 V.=\..(D [2013/04/29 08:38:35.127332, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [] [2013/04/29 08:38:35.127419, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2013/04/29 08:38:35.127487, 5] auth/auth.c:309(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2013/04/29 08:38:35.127558, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2013/04/29 08:38:35.127756, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2013/04/29 08:38:35.127839, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.127911, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.127976, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.128040, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.128103, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.128276, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2013/04/29 08:38:35.128388, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2013/04/29 08:38:35.128459, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://127.0.0.1/ [2013/04/29 08:38:35.128710, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2013/04/29 08:38:35.128785, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=webdealauto,dc=com" [2013/04/29 08:38:35.130752, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2013/04/29 08:38:35.130955, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2013/04/29 08:38:35.132024, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2013/04/29 08:38:35.132252, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.132329, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2013/04/29 08:38:35.132496, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:35.132575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.132645, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.132712, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.132779, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.132849, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.132972, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:35.133884, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:35.134081, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.134155, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:35.134230, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.134298, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.134363, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.134429, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.134493, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.134686, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2013/04/29 08:38:35.134762, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.134829, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.134894, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.134960, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.135023, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.135146, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2013/04/29 08:38:35.136212, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2013/04/29 08:38:35.136396, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.136467, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2013/04/29 08:38:35.136593, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2013/04/29 08:38:35.136676, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.136747, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.136815, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.136884, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.136950, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.137014, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.137252, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-501)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-513)(sambaSIDList=S-1-5-21-2380245508-1587309507-2390072590-546)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2013/04/29 08:38:35.138450, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.138636, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-501] [2013/04/29 08:38:35.138728, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-513] [2013/04/29 08:38:35.138816, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2380245508-1587309507-2390072590-546] [2013/04/29 08:38:35.138905, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2013/04/29 08:38:35.139010, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2013/04/29 08:38:35.139092, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2013/04/29 08:38:35.139376, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2013/04/29 08:38:35.139452, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.139522, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.139589, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.139656, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.139721, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.139827, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:35.139909, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.139976, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.140042, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.140108, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.140178, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.140278, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:35.140347, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:35.140417, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:35.140770, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:35.140881, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:35.140965, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:35.141034, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:35.141114, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:35.141190, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:35.141298, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.141373, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:35.141439, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:35.141506, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:35.141582, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.141650, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 is a User, expected a group [2013/04/29 08:38:35.141725, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.141792, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.141858, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.141924, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.141988, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.142087, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 501. [2013/04/29 08:38:35.142157, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.142224, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.142289, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.142354, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.142417, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.142516, 6] passdb/pdb_interface.c:401(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2013/04/29 08:38:35.142584, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:35.142649, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:35.142716, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:35.142782, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username nobody, was [2013/04/29 08:38:35.142849, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2013/04/29 08:38:35.142916, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain WEBDEALAUTO, was [2013/04/29 08:38:35.142987, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 [2013/04/29 08:38:35.143060, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2380245508-1587309507-2390072590-501 from rid 501 [2013/04/29 08:38:35.143186, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.143261, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:35.143326, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:35.143393, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:35.143466, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.143534, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-501 -> uid 65534 [2013/04/29 08:38:35.143614, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.143682, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.143747, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.143812, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.143875, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.143974, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2013/04/29 08:38:35.144044, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.144109, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.144176, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.144242, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.144306, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.144458, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:35.145749, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-513] count=0 [2013/04/29 08:38:35.145958, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-513))], scope => [2] [2013/04/29 08:38:35.147157, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2013/04/29 08:38:35.147363, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.147448, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.147517, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-21-2380245508-1587309507-2390072590-513 -> gid 513 [2013/04/29 08:38:35.147603, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.147671, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.147737, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.147802, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.147866, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.147974, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:35.148045, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.148197, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.148269, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.148335, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.148400, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.148560, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:35.149783, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:35.149996, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:35.150931, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:35.151123, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.151196, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:35.151269, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.151336, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:35.151416, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.151484, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.151550, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.151616, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.151680, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.151782, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2013/04/29 08:38:35.151854, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.151920, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2013/04/29 08:38:35.151984, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/04/29 08:38:35.152050, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.152113, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.152312, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:35.153653, 4] passdb/pdb_ldap.c:1675(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2380245508-1587309507-2390072590-546] count=0 [2013/04/29 08:38:35.153860, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546))], scope => [2] [2013/04/29 08:38:35.154775, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2380245508-1587309507-2390072590-546)) [2013/04/29 08:38:35.154997, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.155073, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2013/04/29 08:38:35.155147, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.155215, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-2380245508-1587309507-2390072590-546 [2013/04/29 08:38:35.155295, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.155362, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.155428, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.155493, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.155556, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.155675, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2013/04/29 08:38:35.156609, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2013/04/29 08:38:35.156798, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.156871, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:35.156945, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2013/04/29 08:38:35.157017, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.157083, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.157147, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.157213, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.157276, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.157398, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2013/04/29 08:38:35.158393, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2013/04/29 08:38:35.158580, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.158648, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:35.158720, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2013/04/29 08:38:35.158789, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.158854, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.158919, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.158984, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.159047, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.159168, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2013/04/29 08:38:35.160069, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2013/04/29 08:38:35.160306, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.160377, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:35.160452, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-546 [2013/04/29 08:38:35.160623, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-2380245508-1587309507-2390072590-546 to gid, ignoring it [2013/04/29 08:38:35.160699, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2013/04/29 08:38:35.160767, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2013/04/29 08:38:35.160839, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2013/04/29 08:38:35.160921, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:35.161291, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:35.161420, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2013/04/29 08:38:35.161487, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 16 [2013/04/29 08:38:35.161554, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2013/04/29 08:38:35.161639, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2013/04/29 08:38:35.161704, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2013/04/29 08:38:35.162053, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (65534,65534) nobody WEBDEALAUTO guest=1 [2013/04/29 08:38:35.162124, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: nobody Real name: [2013/04/29 08:38:35.162190, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2013/04/29 08:38:35.162305, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Apr 26 13:22:44 2013 [2013/04/29 08:38:35.162481, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.162523, 5] lib/util.c:342(show_msg) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=1536 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2013/04/29 08:38:35.162944, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 36 00 00 00 57 00 45 00 42 ...6...6 ...W.E.B [0030] 00 44 00 45 00 41 00 4C 00 41 00 55 00 54 00 4F .D.E.A.L .A.U.T.O [0040] 00 00 00 ... [2013/04/29 08:38:35.164432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 76 [2013/04/29 08:38:35.164630, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4c [2013/04/29 08:38:35.164700, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 80 (0 toread) [2013/04/29 08:38:35.164765, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.164823, 5] lib/util.c:342(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2013/04/29 08:38:35.165247, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 5C .\.\.B.A .M.B.I.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2013/04/29 08:38:35.165456, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 23941) conn 0x0 [2013/04/29 08:38:35.165523, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.165589, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.165652, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.165758, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:35.165851, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2013/04/29 08:38:35.165981, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2013/04/29 08:38:35.166060, 3] lib/access.c:338(allow_access) Allowed connection from 172.20.2.200 (172.20.2.200) [2013/04/29 08:38:35.166149, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2013/04/29 08:38:35.166286, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2013/04/29 08:38:35.166575, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2013/04/29 08:38:35.166770, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:35.166844, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/04/29 08:38:35.166961, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:35.167039, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2013/04/29 08:38:35.167118, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/04/29 08:38:35.167189, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2013/04/29 08:38:35.167255, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2013/04/29 08:38:35.167322, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2013/04/29 08:38:35.167388, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2013/04/29 08:38:35.167453, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/04/29 08:38:35.167521, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2013/04/29 08:38:35.167622, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2013/04/29 08:38:35.167834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 855D0000FFFFFFFF3C47 [2013/04/29 08:38:35.167967, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee68317d0 [2013/04/29 08:38:35.168627, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 855D0000FFFFFFFF3C47 [2013/04/29 08:38:35.168891, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:35.168976, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2013/04/29 08:38:35.169047, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2013/04/29 08:38:35.169134, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2013/04/29 08:38:35.169210, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID admin is not in a valid format [2013/04/29 08:38:35.169290, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: WEBDEALAUTO\admin => domain=[WEBDEALAUTO], name=[admin] [2013/04/29 08:38:35.169356, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:35.169428, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.169496, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.169562, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.169628, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.169692, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.169849, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(uid=admin)(objectclass=sambaSamAccount))], scope => [2] [2013/04/29 08:38:35.170624, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [admin] count=0 [2013/04/29 08:38:35.170806, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.170878, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.170943, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2013/04/29 08:38:35.171007, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2013/04/29 08:38:35.171070, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.171132, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.171256, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=webdealauto,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin)))], scope => [2] [2013/04/29 08:38:35.172303, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admin)(cn=admin))) [2013/04/29 08:38:35.172497, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.172581, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\admin => domain=[Unix User], name=[admin] [2013/04/29 08:38:35.172645, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/04/29 08:38:35.172737, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user admin [2013/04/29 08:38:35.172802, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is admin [2013/04/29 08:38:35.173057, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ADMIN [2013/04/29 08:38:35.173318, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in admin [2013/04/29 08:38:35.173415, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [admin]! [2013/04/29 08:38:35.173514, 5] smbd/share_access.c:104(token_contains_name) lookup_name admin failed [2013/04/29 08:38:35.173607, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.173679, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:35.174039, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:35.174167, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:35.174241, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.174308, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:35.174371, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:35.174473, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:35.174557, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2013/04/29 08:38:35.174647, 3] smbd/service.c:1114(make_connection_snum) pccom1 (172.20.2.200) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 23941) [2013/04/29 08:38:35.174734, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/04/29 08:38:35.175668, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 104 [2013/04/29 08:38:35.175832, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x68 [2013/04/29 08:38:35.175901, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 108 (0 toread) [2013/04/29 08:38:35.175967, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.176007, 5] lib/util.c:342(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1664 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2013/04/29 08:38:35.176964, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2013/04/29 08:38:35.177119, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.177196, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:35.177269, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-5-21-2380245508-1587309507-2390072590-501 SID[ 1]: S-1-5-21-2380245508-1587309507-2390072590-513 SID[ 2]: S-1-5-21-2380245508-1587309507-2390072590-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-513 Privileges (0x 0): Rights (0x 0): [2013/04/29 08:38:35.177662, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 1 supplementary groups Group[ 0]: 513 [2013/04/29 08:38:35.177798, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,65534), gid=(0,65534) [2013/04/29 08:38:35.177878, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2013/04/29 08:38:35.177968, 10] smbd/nttrans.c:505(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2013/04/29 08:38:35.178050, 4] smbd/nttrans.c:293(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2013/04/29 08:38:35.178138, 5] smbd/files.c:140(file_new) allocated file structure 2286, fnum = 6382 (1 used) [2013/04/29 08:38:35.178217, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/NETLOGON hash 0x86887727 [2013/04/29 08:38:35.178313, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2013/04/29 08:38:35.178410, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \netlogon [2013/04/29 08:38:35.178477, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \netlogon [2013/04/29 08:38:35.178557, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2013/04/29 08:38:35.178630, 5] smbd/nttrans.c:382(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2013/04/29 08:38:35.179602, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2013/04/29 08:38:35.179766, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2013/04/29 08:38:35.179836, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2013/04/29 08:38:35.179901, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.179940, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2013/04/29 08:38:35.180645, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 EE 18 ED 03 ....... [2013/04/29 08:38:35.180742, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.180828, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.180921, 9] smbd/trans2.c:941(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2013/04/29 08:38:35.180994, 9] smbd/trans2.c:943(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2013/04/29 08:38:35.181060, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.181099, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=520 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2013/04/29 08:38:35.181657, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2013/04/29 08:38:35.182829, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2013/04/29 08:38:35.182991, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2013/04/29 08:38:35.183059, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2013/04/29 08:38:35.183124, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.183163, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1792 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6382 (0x18EE) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2013/04/29 08:38:35.183825, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 07 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2013/04/29 08:38:35.184597, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.184668, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.184744, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 18ee name: NETLOGON len: 160 [2013/04/29 08:38:35.184853, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/04/29 08:38:35.184925, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/04/29 08:38:35.184990, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/04/29 08:38:35.185055, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:35.185122, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:35.185185, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:35.185248, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/04/29 08:38:35.185319, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:35.185383, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/04/29 08:38:35.185446, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/04/29 08:38:35.185517, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:35.185612, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-01234567cffb if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:35.187248, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2013/04/29 08:38:35.187324, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:35.187394, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2013/04/29 08:38:35.187458, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/04/29 08:38:35.187527, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/04/29 08:38:35.187621, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000f (15) secondary_address : '\PIPE\netlogon' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/04/29 08:38:35.188587, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2013/04/29 08:38:35.188684, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2013/04/29 08:38:35.189519, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:35.189682, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:35.189750, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2013/04/29 08:38:35.189815, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.189853, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6382 (0x18EE) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:35.190458, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:35.190502, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.190570, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.190650, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:35.190722, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2013/04/29 08:38:35.190794, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:35.190893, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 72 bytes. There is no more data outstanding [2013/04/29 08:38:35.190961, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/04/29 08:38:35.191884, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 192 [2013/04/29 08:38:35.192046, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xc0 [2013/04/29 08:38:35.192114, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 196 (0 toread) [2013/04/29 08:38:35.192196, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.192235, 5] lib/util.c:342(show_msg) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6382 (0x18EE) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2013/04/29 08:38:35.192966, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 00 03 10 00 00 00 80 00 00 00 07 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 1A 00 00 00 02 00 08 00 00 .h...... ........ [0020] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 42 00 41 ........ .\.\.B.A [0030] 00 4D 00 42 00 49 00 00 00 08 00 00 00 00 00 00 .M.B.I.. ........ [0040] 00 08 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0050] 00 24 00 00 00 02 00 00 00 07 00 00 00 00 00 00 .$...... ........ [0060] 00 07 00 00 00 50 00 43 00 43 00 4F 00 4D 00 31 .....P.C .C.O.M.1 [0070] 00 00 00 54 2D 3E E3 05 78 EF 24 00 00 FF FF 2F ...T->.. x.$..../ [0080] 61 a [2013/04/29 08:38:35.193521, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.193590, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.193660, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 18ee name: NETLOGON len: 128 [2013/04/29 08:38:35.193729, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 128 [2013/04/29 08:38:35.193797, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 128 [2013/04/29 08:38:35.193861, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 128 [2013/04/29 08:38:35.193926, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/04/29 08:38:35.193993, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/04/29 08:38:35.194057, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:35.194119, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 112 [2013/04/29 08:38:35.194188, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/04/29 08:38:35.194251, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 112 [2013/04/29 08:38:35.194314, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 112, incoming data = 112 [2013/04/29 08:38:35.194381, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2013/04/29 08:38:35.194459, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0080 (128) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000068 (104) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=104 [0000] 00 00 02 00 08 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0010] 5C 00 5C 00 42 00 41 00 4D 00 42 00 49 00 00 00 \.\.B.A. M.B.I... [0020] 08 00 00 00 00 00 00 00 08 00 00 00 50 00 43 00 ........ ....P.C. [0030] 43 00 4F 00 4D 00 31 00 24 00 00 00 02 00 00 00 C.O.M.1. $....... [0040] 07 00 00 00 00 00 00 00 07 00 00 00 50 00 43 00 ........ ....P.C. [0050] 43 00 4F 00 4D 00 31 00 00 00 54 2D 3E E3 05 78 C.O.M.1. ..T->..x [0060] EF 24 00 00 FF FF 2F 61 .$..../a [2013/04/29 08:38:35.195786, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2013/04/29 08:38:35.195852, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2013/04/29 08:38:35.195920, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\netlogon [2013/04/29 08:38:35.195991, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2013/04/29 08:38:35.196066, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7f0ee514e700 [2013/04/29 08:38:35.196163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\BAMBI' account_name : * account_name : 'PCCOM1$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PCCOM1' credentials : * credentials: struct netr_Credential data : 542d3ee30578ef24 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2013/04/29 08:38:35.197444, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: no challenge sent to client PCCOM1 [2013/04/29 08:38:35.197512, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2013/04/29 08:38:35.198637, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2013/04/29 08:38:35.198710, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 112 [2013/04/29 08:38:35.198797, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=128 [2013/04/29 08:38:35.199603, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2013/04/29 08:38:35.199763, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2013/04/29 08:38:35.199831, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 63 (0 toread) [2013/04/29 08:38:35.199896, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.199934, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 6382 (0x18EE) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:35.200568, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:35.200613, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.200682, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.200765, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \netlogon len: 1024 [2013/04/29 08:38:35.200858, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. [2013/04/29 08:38:35.200951, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 00 00 00 FF 41 02 40 00 00 00 00 ........ .A.@.... [0010] 22 00 00 C0 "... [2013/04/29 08:38:35.201742, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 30 [2013/04/29 08:38:35.201829, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 44 bytes. There is no more data outstanding [2013/04/29 08:38:35.201897, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2013/04/29 08:38:35.202595, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2013/04/29 08:38:35.202757, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2013/04/29 08:38:35.202824, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 45 (0 toread) [2013/04/29 08:38:35.202889, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.202927, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=3 smb_vwv[ 0]= 6382 (0x18EE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2013/04/29 08:38:35.203335, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:35.203379, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:35.203446, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2013/04/29 08:38:35.203518, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=6382 (numopen=1) [2013/04/29 08:38:35.203591, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 07:28:15 2106 [2013/04/29 08:38:35.203729, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \netlogon [2013/04/29 08:38:35.203810, 5] smbd/files.c:482(file_free) freed files structure 6382 (0 used) [2013/04/29 08:38:35.203881, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:35.203921, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:35.204252, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:45.950944, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 35 [2013/04/29 08:38:45.951123, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x23 [2013/04/29 08:38:45.951194, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 39 (0 toread) [2013/04/29 08:38:45.951261, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:45.951300, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:45.951620, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:45.951665, 3] smbd/process.c:1467(switch_message) switch message SMBtdis (pid 23941) conn 0x7f0ee6823b40 [2013/04/29 08:38:45.951733, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:45.951800, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:45.951863, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:45.951978, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:45.952053, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:45.952120, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:45.952215, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:45.952315, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:45.952383, 3] smbd/service.c:1378(close_cnum) pccom1 (172.20.2.200) closed connection to service IPC$ [2013/04/29 08:38:45.952462, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2013/04/29 08:38:45.952676, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 855D0000FFFFFFFF3C47 [2013/04/29 08:38:45.952765, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7f0ee683adc0 [2013/04/29 08:38:45.952878, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 855D0000FFFFFFFF3C47 [2013/04/29 08:38:45.953092, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to / [2013/04/29 08:38:45.953168, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:45.953235, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:45.953299, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:45.953396, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:45.953481, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:45.953522, 5] lib/util.c:342(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=0 smb_bcc=0 [2013/04/29 08:38:45.953846, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:45.954540, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 39 [2013/04/29 08:38:45.954703, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x27 [2013/04/29 08:38:45.954773, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 43 (0 toread) [2013/04/29 08:38:45.954839, 5] lib/util.c:332(show_msg) [2013/04/29 08:38:45.954879, 5] lib/util.c:342(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2013/04/29 08:38:45.955254, 10] ../lib/util/util.c:415(dump_data) [2013/04/29 08:38:45.955299, 3] smbd/process.c:1467(switch_message) switch message SMBulogoffX (pid 23941) conn 0x0 [2013/04/29 08:38:45.955368, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:45.955434, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:45.955498, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:45.955604, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:45.955695, 3] smbd/reply.c:2096(reply_ulogoffX) ulogoffX vuid=100 [2013/04/29 08:38:45.956451, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 172.20.2.200 read error = NT_STATUS_CONNECTION_RESET. [2013/04/29 08:38:45.956612, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/04/29 08:38:45.956680, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/04/29 08:38:45.956747, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/04/29 08:38:45.956883, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/04/29 08:38:45.957067, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request)