[2013/05/06 20:52:16.456102, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 769 - private_data=(nil) [2013/05/06 20:52:16.456174, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 13 - private_data=(nil) [2013/05/06 20:52:16.456223, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1028 - private_data=(nil) [2013/05/06 20:52:16.456269, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1027 - private_data=(nil) [2013/05/06 20:52:16.456315, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1029 - private_data=(nil) [2013/05/06 20:52:16.456360, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1280 - private_data=(nil) [2013/05/06 20:52:16.456405, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1033 - private_data=(nil) [2013/05/06 20:52:16.456450, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2013/05/06 20:52:16.456513, 5] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1034 - private_data=(nil) [2013/05/06 20:52:16.456602, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:16.456655, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.456703, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.456752, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.456828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.457036, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.457087, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.457175, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.457235, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.457291, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.457336, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.457387, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.457471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.458170, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.458220, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.458264, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.458297, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.458362, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.458543, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.458609, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.458915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.458984, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:16.459016, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:16.459049, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.459211, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:16.459254, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.459570, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.459616, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.459722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.459785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.459848, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.459878, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.460009, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.460056, 10] winbindd/winbindd_cache.c:422(wcache_fetch_seqnum) wcache_fetch_seqnum: GENOME not found [2013/05/06 20:52:16.460088, 10] winbindd/winbindd_cache.c:4623(wcache_tdc_fetch_domain) wcache_tdc_fetch_domain: Searching for domain GENOME [2013/05/06 20:52:16.460136, 10] winbindd/winbindd_cache.c:4638(wcache_tdc_fetch_domain) wcache_tdc_fetch_domain: Found domain GENOME [2013/05/06 20:52:16.460168, 3] winbindd/winbindd_samr.c:1063(sam_sequence_number) samr: sequence number [2013/05/06 20:52:16.460205, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to samr pipe. [2013/05/06 20:52:16.460238, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \samr [2013/05/06 20:52:16.460272, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \samr [2013/05/06 20:52:16.460302, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \samr [2013/05/06 20:52:16.460337, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2013/05/06 20:52:16.460390, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : NULL access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_LOOKUP_DOMAIN [2013/05/06 20:52:16.460553, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/05/06 20:52:16.460588, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f003f [2013/05/06 20:52:16.460620, 4] rpc_server/srv_access_check.c:83(access_check_object) _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.460662, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f) [2013/05/06 20:52:16.460694, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.460757, 5] rpc_server/samr/srv_samr_nt.c:3961(_samr_Connect2) _samr_Connect2: 3961 [2013/05/06 20:52:16.460786, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.460929, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-8751-e0fbac2f0000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-2486814887-2231011970-1739716854 [2013/05/06 20:52:16.461236, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.461305, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_connect_info [2013/05/06 20:52:16.461336, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff [2013/05/06 20:52:16.461368, 4] rpc_server/srv_access_check.c:83(access_check_object) _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f07ff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.461410, 4] rpc_server/srv_access_check.c:104(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x000f07ff, granted: 0x000f07ff) [2013/05/06 20:52:16.461448, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.461512, 5] rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain) _samr_OpenDomain: 500 [2013/05/06 20:52:16.461541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.461678, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_QueryDomainInfo: struct samr_QueryDomainInfo in: struct samr_QueryDomainInfo domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8751-e0fbac2f0000 level : DomainModifiedInformation (8) [2013/05/06 20:52:16.461802, 5] rpc_server/samr/srv_samr_nt.c:3563(_samr_QueryDomainInfo) _samr_QueryDomainInfo: 3563 [2013/05/06 20:52:16.461832, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.461895, 10] rpc_server/rpc_handles.c:410(_policy_handle_find) found handle of type struct samr_domain_info [2013/05/06 20:52:16.461936, 5] rpc_server/samr/srv_samr_nt.c:3653(_samr_QueryDomainInfo) _samr_QueryDomainInfo: 3653 [2013/05/06 20:52:16.461965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_QueryDomainInfo: struct samr_QueryDomainInfo out: struct samr_QueryDomainInfo info : * info : * info : union samr_DomainInfo(case 8) info8: struct samr_DomInfo8 sequence_num : 0x000000005187fbe0 (1367866336) domain_create_time : NTTIME(0) result : NT_STATUS_OK [2013/05/06 20:52:16.462129, 10] winbindd/winbindd_rpc.c:949(rpc_sequence_number) domain_sequence_number: for domain GENOME is 1367866336 [2013/05/06 20:52:16.462172, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.462276, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.462340, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.462369, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.462495, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \samr [2013/05/06 20:52:16.462560, 10] winbindd/winbindd_cache.c:498(wcache_store_seqnum) wcache_store_seqnum: success [GENOME][1367866336 @ 1367866336] [2013/05/06 20:52:16.462592, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.462644, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.462689, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.462722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.462844, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.462874, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.506608, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:16.506670, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.506717, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.506761, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.506815, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.506990, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.507035, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.507092, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.507144, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.507215, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.507261, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.507313, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.507378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.508084, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.508140, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.508213, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.508263, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.508360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.508556, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.508625, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.509077, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.509179, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:16.509226, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:16.509271, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.509370, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:16.509425, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.509888, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.509949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.510110, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.510218, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.510312, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.510357, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.510547, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.510603, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.510648, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.510713, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.510774, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.510823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.511014, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.511093, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.535115, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:16.535179, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.535225, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.535269, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.535322, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.535496, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.535541, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.535594, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.535644, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.535694, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.535740, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.535791, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.535855, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.536528, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.536582, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.536654, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.536704, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.536801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.536995, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.537063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.537525, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.537621, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:16.537667, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:16.537712, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.537799, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:16.537847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.538323, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.538383, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.538539, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.538635, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.538728, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.538772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.538962, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.539016, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.539060, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.539119, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.539185, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.539232, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.539413, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.539457, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.543453, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:16.543508, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.543553, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.543597, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.543648, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.543829, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.543875, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.543926, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.543975, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.544025, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.544070, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.544121, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.544188, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.544858, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.544911, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.544974, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.545024, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.545120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.545334, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.545401, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.545855, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.545951, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:16.545996, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:16.546040, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.546125, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:16.546178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.546640, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.546698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.546856, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.546951, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.547052, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.547097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.547304, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.547358, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.547402, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.547462, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.547521, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.547568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.547745, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.547790, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.555099, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:16.555160, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.555212, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.555256, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.555309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.555482, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.555527, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.555579, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.555628, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.555679, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.555724, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.555775, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.555836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.556523, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.556577, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.556641, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.556690, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.556787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.556981, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.557048, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.557520, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.557624, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:16.557671, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:16.557716, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.557801, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:16.557849, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.558316, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.558374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.558531, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.558626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.558720, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.558764, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.558953, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.559006, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.559050, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.559110, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.559184, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.559234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.559412, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.559457, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.563434, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:16.563489, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.563534, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.563578, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.563629, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.563803, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.563848, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.563899, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.563948, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.563998, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.564044, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.564095, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.564157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.564844, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.564898, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.564962, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.565011, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.565108, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.565313, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.565380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.565828, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.565923, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:16.565969, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:16.566013, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.566099, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:16.566145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.566621, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.566681, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.566838, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.566933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.567027, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.567071, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.567279, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.567333, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.567377, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.567436, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.567495, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.567542, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.567721, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.567765, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.571922, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:16.571978, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.572024, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.572076, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.572128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.572306, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.572351, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.572403, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.572452, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.572502, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.572546, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.572598, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.572659, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.573339, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.573393, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.573456, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.573505, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.573608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.573801, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.573868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.574323, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.574419, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:16.574465, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:16.574509, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.574594, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:16.574640, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.575099, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.575157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.575329, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.575424, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.575518, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.575562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.575750, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.575804, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.575848, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.575907, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.575967, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.576013, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.576201, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.576245, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:16.580225, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:16.580279, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:16.580325, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:16.580369, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:16.580420, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:16.580593, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:16.580638, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:16.580689, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:16.580738, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:16.580796, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:16.580842, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:16.580894, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:16.580955, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:16.581632, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:16.581684, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:16.581748, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:16.581797, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.581894, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-8751-e0fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:16.582087, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:16.582153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-8751-e0fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:16.582617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.582713, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:16.582758, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:16.582803, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:16.582887, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:16.582933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.583402, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.583461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-8751-e0fbac2f0000 [2013/05/06 20:52:16.583616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.583711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 87 51 E0 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:16.583805, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:16.583849, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:16.584044, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:16.584099, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:16.584143, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:16.584209, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.584270, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:16.584317, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:16.584495, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:16.584540, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.176063, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.176111, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.176144, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.176174, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.176212, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.176330, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.176360, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.176399, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.176435, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.176469, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.176500, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.176534, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.176581, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.177034, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.177075, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.177118, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.177151, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.177217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.177349, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.177397, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.177695, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.177759, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.177791, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.177827, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.177892, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.177923, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.178238, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.178278, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.178381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.178445, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.178507, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.178536, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.178661, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.178697, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.178726, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.178769, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.178810, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.178841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.178966, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.178996, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.181791, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.181826, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.181856, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.181885, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.181920, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.182034, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.182068, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.182103, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.182136, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.182170, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.182200, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.182235, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.182276, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.182727, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.182764, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.182806, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.182838, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.182902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.183032, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.183089, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.183387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.183451, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.183481, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.183511, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.183569, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.183599, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.183912, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.183952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.184060, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.184124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.184187, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.184216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.184342, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.184377, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.184407, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.184446, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.184485, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.184516, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.184635, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.184665, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.187540, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.187578, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.187610, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.187639, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.187673, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.187794, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.187824, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.187859, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.187892, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.187925, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.187955, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.187989, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.188031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.188482, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.188518, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.188560, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.188593, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.188657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.188792, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.188837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.189139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.189203, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.189234, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.189263, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.189320, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.189351, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.189658, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.189696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.189800, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.189869, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.189931, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.189961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.190090, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.190126, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.190155, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.190196, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.190236, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.190267, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.190386, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.190416, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.194544, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.194608, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.194656, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.194700, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.194754, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.194934, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.194980, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.195037, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.195089, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.195140, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.195187, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.195239, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.195313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.195990, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.196045, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.196109, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.196159, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.196258, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.196453, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.196522, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.196982, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.197079, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.197125, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.197169, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.197263, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.197309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.197773, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.197832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.198007, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.198103, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.198198, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.198242, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.198432, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.198486, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.198530, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.198598, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.198658, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.198705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.198882, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.198934, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.227268, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.227330, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.227377, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.227421, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.227474, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.227649, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.227695, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.227748, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.227798, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.227849, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.227894, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.227963, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.228027, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.228709, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.228763, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.228827, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.228877, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.228980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.229174, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.229243, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.229690, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.229787, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.229833, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.229877, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.229981, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.230028, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.230497, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.230556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.230713, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.230808, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.230902, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.230954, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.231143, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.231198, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.231242, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.231302, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.231363, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.231410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.231589, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.231634, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.235703, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.235758, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.235803, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.235847, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.235898, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.236078, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.236122, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.236175, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.236225, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.236276, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.236321, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.236372, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.236434, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.237124, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.237177, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.237241, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.237299, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.237396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.237589, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.237655, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.238109, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.238206, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.238252, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.238296, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.238382, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.238428, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.238889, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.238966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.239124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.239221, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.239315, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.239359, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.239547, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.239600, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.239644, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.239704, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.239764, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.239812, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.239997, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.240042, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.244189, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.244245, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.244290, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.244334, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.244385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.244558, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.244603, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.244663, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.244713, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.244763, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.244809, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.244860, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.244928, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.245596, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.245649, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.245713, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.245762, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.245859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.246059, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.246126, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.246580, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.246676, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.246722, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.246766, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.246855, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.246901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.247370, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.247430, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.247587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.247683, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.247777, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.247821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.248035, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.248089, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.248133, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.248194, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.248254, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.248301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.248480, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.248525, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.252509, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.252564, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.252609, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.252653, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.252705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.252878, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.252928, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.252980, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.253029, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.253079, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.253124, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.253175, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.253238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.253911, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.253970, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.254033, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.254083, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.254180, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.254373, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.254440, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.254887, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.255000, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.255047, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.255090, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.255175, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.255223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.255685, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.255743, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.255901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.256002, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.256096, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.256140, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.256330, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.256383, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.256427, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.256485, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.256545, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.256599, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.256778, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.256823, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.274745, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.274805, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.274853, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.274897, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.274960, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.275135, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.275180, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.275233, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.275282, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.275334, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.275379, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.275431, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.275492, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.276187, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.276241, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.276304, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.276354, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.276450, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.276644, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.276710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.277163, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.277261, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.277307, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.277351, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.277437, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.277483, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.277971, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.278030, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.278189, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.278285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.278378, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.278422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.278612, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.278665, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.278709, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.278769, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.278829, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.278876, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.279061, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.279106, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.283136, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.283192, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.283237, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.283281, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.283341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.283515, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.283560, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.283611, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.283661, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.283712, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.283757, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.283809, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.283871, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.284545, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.284598, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.284661, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.284711, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.284807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.285014, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.285080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.285527, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.285622, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.285668, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.285712, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.285801, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.285847, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.286315, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.286374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.286539, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.286636, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.286730, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.286774, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.286980, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.287034, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.287079, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.287137, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.287198, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.287245, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.287423, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.287468, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.291616, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 56 extra bytes [2013/05/06 20:52:19.291677, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.291724, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.291768, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.291820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'DOMAIN GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.292003, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.292048, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.292100, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.292149, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.292200, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.292246, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.292305, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.292368, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.293040, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.293093, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.293156, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.293207, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.293303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.293496, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\DOMAIN GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.293562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0030 (48) size : 0x0030 (48) string : * string : 'UNIX GROUP\DOMAIN GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.294024, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.294120, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\DOMAIN GUESTS [2013/05/06 20:52:19.294166, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\DOMAIN GUESTS => domain=[UNIX GROUP], name=[DOMAIN GUESTS] [2013/05/06 20:52:19.294213, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.294299, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\DOMAIN GUESTS not found [2013/05/06 20:52:19.294345, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.294808, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.294868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.295032, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.295127, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.295221, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.295266, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.295456, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.295517, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.295561, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.295619, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\DOMAIN GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.295679, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> domain guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.295726, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.295906, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.295957, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:19.299944, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 48 extra bytes [2013/05/06 20:52:19.300000, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:19.300046, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:19.300090, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (GENOME) [2013/05/06 20:52:19.300141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'UNIX GROUP' name : * name : 'GUESTS' flags : 0x00000000 (0) [2013/05/06 20:52:19.300313, 10] winbindd/winbindd_cache.c:1857(name_to_sid) name_to_sid: [Cached] - doing backend query for name for domain GENOME [2013/05/06 20:52:19.300358, 3] winbindd/winbindd_samr.c:622(sam_name_to_sid) sam_name_to_sid [2013/05/06 20:52:19.300410, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:19.300459, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:19.300509, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:19.300554, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:19.300605, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:19.300666, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:19.301353, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:19.301406, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:19.301469, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:19.301519, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.301615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-8751-e3fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:19.301809, 3] winbindd/winbindd_rpc.c:303(rpc_name_to_sid) name_to_sid: UNIX GROUP\GUESTS for domain UNIX GROUP [2013/05/06 20:52:19.301877, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames in: struct lsa_LookupNames handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-8751-e3fbac2f0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0022 (34) size : 0x0022 (34) string : * string : 'UNIX GROUP\GUESTS' sids : * sids: struct lsa_TransSidArray count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:19.302331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.302427, 5] rpc_server/lsa/srv_lsa_nt.c:205(lookup_lsa_rids) lookup_lsa_rids: looking up name UNIX GROUP\GUESTS [2013/05/06 20:52:19.302473, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UNIX GROUP\GUESTS => domain=[UNIX GROUP], name=[GUESTS] [2013/05/06 20:52:19.302517, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2013/05/06 20:52:19.302610, 5] rpc_server/lsa/srv_lsa_nt.c:224(lookup_lsa_rids) init_lsa_rids: UNIX GROUP\GUESTS not found [2013/05/06 20:52:19.302657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000000 (0) domains : NULL max_size : 0x00000000 (0) sids : * sids: struct lsa_TransSidArray count : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8) rid : 0x00000000 (0) sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.303123, 2] winbindd/winbindd_rpc.c:320(rpc_name_to_sid) name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.303182, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-8751-e3fbac2f0000 [2013/05/06 20:52:19.303340, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.303435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 87 51 E3 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:19.303529, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:19.303573, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:19.303760, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:19.303813, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:19.303857, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:19.303916, 10] winbindd/winbindd_cache.c:963(wcache_save_name_to_sid) wcache_save_name_to_sid: UNIX GROUP\GUESTS -> S-0-0 (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.303982, 10] winbindd/winbindd_cache.c:993(wcache_save_sid_to_name) wcache_save_sid_to_name: S-0-0 -> guests (NT_STATUS_NONE_MAPPED) [2013/05/06 20:52:19.304029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:19.304217, 4] winbindd/winbindd_dual.c:1557(fork_domain_child) Finished processing child request 59 [2013/05/06 20:52:19.304263, 10] winbindd/winbindd_dual.c:1573(fork_domain_child) Writing 3512 bytes to parent [2013/05/06 20:52:22.805426, 10] winbindd/winbindd_dual.c:70(child_read_request) Need to read 36 extra bytes [2013/05/06 20:52:22.805475, 4] winbindd/winbindd_dual.c:1549(fork_domain_child) child daemon request 59 [2013/05/06 20:52:22.805507, 10] winbindd/winbindd_dual.c:439(child_process_request) child_process_request: request fn NDRCMD [2013/05/06 20:52:22.805537, 10] winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd) winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (GENOME) [2013/05/06 20:52:22.805579, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) wbint_LookupRids: struct wbint_LookupRids in: struct wbint_LookupRids domain_sid : * domain_sid : S-1-5-21-2486814887-2231011970-1739716854 rids : * rids: struct wbint_RidArray num_rids : 0x00000001 (1) rids: ARRAY(1) rids : 0x00000202 (514) [2013/05/06 20:52:22.805736, 3] winbindd/winbindd_samr.c:760(sam_rids_to_names) sam_rids_to_names for GENOME [2013/05/06 20:52:22.805779, 5] rpc_server/rpc_ncacn_np.c:883(rpc_pipe_open_interface) Connecting to lsarpc pipe. [2013/05/06 20:52:22.805815, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2013/05/06 20:52:22.805849, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \lsarpc [2013/05/06 20:52:22.805879, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \lsarpc [2013/05/06 20:52:22.805914, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2013/05/06 20:52:22.805962, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2013/05/06 20:52:22.806412, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2013/05/06 20:52:22.806450, 4] rpc_server/srv_access_check.c:83(access_check_object) _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff) but overritten by euid == sec_initial_uid() [2013/05/06 20:52:22.806498, 4] rpc_server/srv_access_check.c:104(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2013/05/06 20:52:22.806532, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 87 51 E6 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:22.806596, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-8751-e6fbac2f0000 result : NT_STATUS_OK [2013/05/06 20:52:22.806727, 10] rpc_client/cli_lsarpc.c:395(dcerpc_lsa_lookup_sids_generic) rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1. [2013/05/06 20:52:22.806778, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupSids: struct lsa_LookupSids in: struct lsa_LookupSids handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-8751-e6fbac2f0000 sids : * sids: struct lsa_SidArray num_sids : 0x00000001 (1) sids : * sids: ARRAY(1) sids: struct lsa_SidPtr sid : * sid : S-1-5-21-2486814887-2231011970-1739716854-514 names : * names: struct lsa_TransNameArray count : 0x00000000 (0) names : NULL level : LSA_LOOKUP_NAMES_ALL (1) count : * count : 0x00000000 (0) [2013/05/06 20:52:22.807123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 87 51 E6 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:22.807241, 10] passdb/lookup_sid.c:721(check_dom_sid_to_level) Accepting SID S-1-5-21-2486814887-2231011970-1739716854 in level 1 [2013/05/06 20:52:22.807293, 10] passdb/lookup_sid.c:482(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-2486814887-2231011970-1739716854' [2013/05/06 20:52:22.807347, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 514. [2013/05/06 20:52:22.807427, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. [2013/05/06 20:52:22.807512, 10] rpc_server/lsa/srv_lsa_nt.c:932(_lsa_lookup_sids_internal) num_sids 1, mapped_count 0, status NT_STATUS_NONE_MAPPED [2013/05/06 20:52:22.807562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_LookupSids: struct lsa_LookupSids out: struct lsa_LookupSids domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x000c (12) size : 0x000e (14) string : * string : 'GENOME' sid : * sid : S-1-5-21-2486814887-2231011970-1739716854 max_size : 0x00000020 (32) names : * names: struct lsa_TransNameArray count : 0x00000001 (1) names : * names: ARRAY(1) names: struct lsa_TranslatedName sid_type : SID_NAME_UNKNOWN (8) name: struct lsa_String length : 0x005a (90) size : 0x005a (90) string : * string : 'S-1-5-21-2486814887-2231011970-1739716854-514' sid_index : 0xffffffff (4294967295) count : * count : 0x00000000 (0) result : NT_STATUS_NONE_MAPPED [2013/05/06 20:52:22.808352, 10] rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc) LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_NONE_MAPPED', mapped count = 0' [2013/05/06 20:52:22.808416, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-8751-e6fbac2f0000 [2013/05/06 20:52:22.808574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 87 51 E6 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:22.808669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 87 51 E6 FB ........ .....Q.. [0010] AC 2F 00 00 ./.. [2013/05/06 20:52:22.808763, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/05/06 20:52:22.808808, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2013/05/06 20:52:22.808998, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2013/05/06 20:52:22.809052, 10] winbindd/winbindd_cache.c:540(refresh_sequence_number) refresh_sequence_number: GENOME time ok [2013/05/06 20:52:22.809098, 10] winbindd/winbindd_cache.c:585(refresh_sequence_number) refresh_sequence_number: GENOME seq number is now 1367866336 [2013/05/06 20:52:22.809157, 0] lib/fault.c:47(fault_report) =============================================================== [2013/05/06 20:52:22.809210, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 12204 (3.6.14) Please read the Trouble-Shooting section of the Samba3-HOWTO [2013/05/06 20:52:22.809275, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2013/05/06 20:52:22.809334, 0] lib/fault.c:51(fault_report) =============================================================== [2013/05/06 20:52:22.809385, 0] lib/util.c:1117(smb_panic) PANIC (pid 12204): internal error [2013/05/06 20:52:22.813406, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 21 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x1f) [0x7fb0948b610f] #1 /usr/sbin/winbindd(smb_panic+0x6d) [0x7fb0948b5f8d] #2 /usr/sbin/winbindd(+0x1d3358) [0x7fb0948a3358] #3 /usr/sbin/winbindd(+0x1d336d) [0x7fb0948a336d] #4 /lib64/libc.so.6(+0x3491c32920) [0x7fb0920e7920] #5 /usr/sbin/winbindd(+0xd7a66) [0x7fb0947a7a66] #6 /usr/sbin/winbindd(+0xdb68a) [0x7fb0947ab68a] #7 /usr/sbin/winbindd(_wbint_LookupRids+0x98) [0x7fb0947d67ac] #8 /usr/sbin/winbindd(+0x114033) [0x7fb0947e4033] #9 /usr/sbin/winbindd(winbindd_dual_ndrcmd+0x190) [0x7fb0947d51cb] #10 /usr/sbin/winbindd(+0x100d04) [0x7fb0947d0d04] #11 /usr/sbin/winbindd(+0x1045dc) [0x7fb0947d45dc] #12 /usr/sbin/winbindd(+0xffe14) [0x7fb0947cfe14] #13 /usr/sbin/winbindd(+0x1fe37a) [0x7fb0948ce37a] #14 /usr/sbin/winbindd(tevent_common_loop_immediate+0x1f9) [0x7fb0948cc6dc] #15 /usr/sbin/winbindd(run_events_poll+0x57) [0x7fb0948c9295] #16 /usr/sbin/winbindd(+0x1f9b18) [0x7fb0948c9b18] #17 /usr/sbin/winbindd(_tevent_loop_once+0xe8) [0x7fb0948cad2f] #18 /usr/sbin/winbindd(main+0xa50) [0x7fb0947a186f] #19 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7fb0920d3cdd] #20 /usr/sbin/winbindd(+0xce1a9) [0x7fb09479e1a9] [2013/05/06 20:52:22.813870, 0] lib/util.c:1122(smb_panic) smb_panic(): calling panic action [/usr/local/bin/panic-action 12204] [2013/05/06 20:52:23.340846, 0] lib/util.c:1130(smb_panic) smb_panic(): action returned status 0 [2013/05/06 20:52:23.340947, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/winbindd