-------- Weitergeleitete Nachricht --------
Von: Kuldeep <kuldeep@turbolinux.co.in>
An: Mario Lipinski <mario.lipinski@gymszbad.de>
Betreff: Re: [Samba] Authentication fails (sometimes)
Datum: Fri, 01 Sep 2006 09:34:17 +0530
Dear Mario,
Can you tell me procedure for login on to domain(Windows server)
linux client.
I have joined in to domain but not able to login
Mario Lipinski wrote:
>Hello,
>
>I am usually able to log me onto my domain. However, i have problems to
>get authentication under windows where I need admin rights, which also
>succeeds some times.
>
>I have the following in my groupmap:
>
># net groupmap list
>admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin
>guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests
>gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb
>bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) ->
bib-admins
>bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) ->
bibliothek
>
>and user/group is on the system:
>
>$ getent group admin
>admin:x:1000:law,[...]
>$ getent passwd law
>law:x:1001:1001:Mario Lipinski:/home/law:/bin/bash
>$ getent group gsb
>gsb:x:60000:
>
>I am member of the group admin (which is also a user with the same uid
>if that matters). So everything should be fine.
>
>
>In my logs I find these line:
>
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_user_sid(463)
> pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
> pdb_set_user_sid_from_rid:
> setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid
3002
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
> fetch gid from cache 60000 ->
S-1-5-21-4092459118-2595994810-1099795350-513
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_group_sid(521)
> pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
> pdb_set_group_sid_from_rid:
> setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid
513
>
>Does that mean, that the group id 60000 is assigned to me? Why? I am not
>member of the group with id 60000 (see above)
>
>I post almost a full log here. Some parts which might contain my
>password is removed. I hope I did not forget anything.
>
>
>Mario
>
>
>[2006/08/27 20:02:52, 10, pid=18112]
smbd/process.c:setup_select_timeout(1284)
> change_notify_timeout: -1
>[2006/08/27 20:03:02, 3, pid=4545] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:02, 5, pid=4545]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:02, 5, pid=4545] smbd/uid.c:change_to_root_user(275)
> change_to_root_user: now uid=(0,0) gid=(0,0)
>[2006/08/27 20:03:02, 10, pid=4545]
smbd/process.c:setup_select_timeout(1284)
> change_notify_timeout: -1
>[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
> got smb length of 448
>[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
> got message type 0x0 of len 0x1c0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
> Transaction 14094 of length 452
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
> size=448
> smb_com=0x2f
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=24
> smb_flg2=51207
> smb_tid=1
> smb_pid=65279
> smb_uid=115
> smb_mid=37068
> smt_wct=14
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]=57054 (0xDEDE)
> smb_vwv[ 2]=30418 (0x76D2)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 0 (0x0)
> smb_vwv[ 5]=65535 (0xFFFF)
> smb_vwv[ 6]=65535 (0xFFFF)
> smb_vwv[ 7]= 8 (0x8)
> smb_vwv[ 8]= 384 (0x180)
> smb_vwv[ 9]= 0 (0x0)
> smb_vwv[10]= 384 (0x180)
> smb_vwv[11]= 64 (0x40)
> smb_vwv[12]= 0 (0x0)
> smb_vwv[13]= 0 (0x0)
> smb_bcc=385
>[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
>[...]
>[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
> switch message SMBwriteX (pid 18112) conn 0x9998e0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(454)
> NT user token of user S-1-5-21-4092459118-2595994810-1099795350-501
> contains 4 SIDs
> SID[ 0]: S-1-5-21-4092459118-2595994810-1099795350-501
> SID[ 1]: S-1-1-0
> SID[ 2]: S-1-5-2
> SID[ 3]: S-1-5-32-546
> SE_PRIV 0x0 0x0 0x0 0x0
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 65534
> Primary group is 65534 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 5, pid=18112] smbd/uid.c:change_to_user(260)
> change_to_user uid=(65534,65534) gid=(0,65534)
>[2006/08/27 20:03:03, 4, pid=18112] smbd/vfs.c:vfs_ChDir(741)
> vfs_ChDir to /tmp
>[2006/08/27 20:03:03, 4, pid=18112]
rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
> search for pipe pnum=76d2
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
> pipe name NETLOGON pnum=76d2 (pipes_open=1)
>[2006/08/27 20:03:03, 6, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_pipe(937)
> write_to_pipe: 76d2 name: NETLOGON open: Yes len: 384
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
> write_to_pipe: data_left = 384
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
> process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0,
incoming data = 384
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:fill_rpc_header(395)
> fill_rpc_header: data_to_copy = 384, len_needed_to_complete_hdr = 16,
receive_len = 0
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
> write_to_pipe: data_used = 16
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
> write_to_pipe: data_left = 368
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
> process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0,
incoming data = 368
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_rpc_hdr
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0000 major : 05
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0001 minor : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0002 pkt_type : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0003 flags : 03
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0004 pack_type0: 10
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0005 pack_type1: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0006 pack_type2: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0007 pack_type3: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0008 frag_len : 0180
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 000a auth_len : 0020
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 000c call_id : 0000000e
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
> unmarshall_rpc_header: using little-endian RPC
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511)
> unmarshall_rpc_header: type = 0, flags = 3
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
> write_to_pipe: data_used = 0
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
> write_to_pipe: data_left = 368
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
> process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 368,
incoming data = 368
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_complete_pdu(719)
> process_complete_pdu: processing packet type 0
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_rpc_hdr_req req
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0000 alloc_hint: 0000013e
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0004 context_id: 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0006 opnum : 0002
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe.c:api_pipe_schannel_process(2086)
> data 320 auth 32
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000148 smb_io_rpc_hdr_auth hdr_auth
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0148 auth_type : 44
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0149 auth_level : 06
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 014a auth_pad_len : 02
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 014b auth_reserved: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 014c auth_context_id: 000b3ca0
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000150 smb_io_rpc_auth_schannel_chk
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0150 sig : 77 00 7a 00 ff ff 00 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0158 seq_num: 1d 0f 67 93 6c a8 a1 52
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0160 packet_digest: 53 2d 8b 35 8e b4 ad 03
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0168 confounder: 4a 95 04 46 4a c6 35 ef
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_parse/parse_prs.c:schannel_decode(1710)
> SCHANNEL: schannel_decode seq_num=26 data_len=320
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_parse/parse_prs.c:schannel_decode(1730)
> SCHANNEL: schannel_decode seq_num=26 data_len=320
>[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
> free_pipe_context: destroying talloc pool of size 0
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe.c:api_pipe_request(2223)
> Requested \PIPE\NETLOGON
>[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2258)
> api_rpcTNP: NETLOGON op 0x2 - api_rpcTNP: rpc command: NET_SAMLOGON
>[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2284)
> api_rpc_cmds[4].fn == 0x503330
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 net_io_q_sam_logon
>[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_sam_info
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_clnt_info2
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_clnt_srv
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0000 undoc_buffer : 000aaf30
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000004 smb_io_unistr2 unistr2
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0004 uni_max_len: 0000000b
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0008 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 000c uni_str_len: 0000000b
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 0010 buffer : \.\.G.A.R.F.I.E.L.D...
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0028 undoc_buffer2: 000aafec
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 00002c smb_io_unistr2 unistr2
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 002c uni_max_len: 00000009
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0030 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0034 uni_str_len: 00000009
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 0038 buffer : G.A.R.G.A.M.E.L...
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 004c ptr_cred: 00c5f020
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000050 smb_io_cred
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000050 smb_io_chal
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0050 data: c9 29 17 5b 3e 77 97 1a
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000058 smb_io_utime
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0058 time: 44f1de56
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 005c ptr_rtn_cred : 00c5f02c
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000060 smb_io_cred
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000060 smb_io_chal
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0060 data: 78 16 88 77 ff ff ff ff
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000068 smb_io_utime
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0068 time: 00c5f048
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 006c logon_level : 0002
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 00006e smb_io_sam_info_ctr logon_info
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 006e switch_value : 0002
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000070 net_io_id_info2
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0070 ptr_id_info2: 00c5f548
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000074 smb_io_unihdr unihdr
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0074 uni_str_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0076 uni_max_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0078 buffer : 000e6db8
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 007c param_ctrl: 00000a60
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000080 smb_io_logon_id
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0080 low : 001409fd
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0084 high: 00000000
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000088 smb_io_unihdr unihdr
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0088 uni_str_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 008a uni_max_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 008c buffer : 000e6dbe
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000090 smb_io_unihdr unihdr
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0090 uni_str_len: 0010
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0092 uni_max_len: 0010
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0094 buffer : 000e6dc4
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0098 lm_chal: cb e0 c8 79 df 82 1a 99
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000a0 smb_io_strhdr hdr_nt_chal_resp
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a0 str_str_len: 0018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a2 str_max_len: 0018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00a4 buffer : 000e6dd4
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000a8 smb_io_strhdr hdr_lm_chal_resp
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a8 str_str_len: 0018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00aa str_max_len: 0018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00ac buffer : 000e6dec
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000b0 smb_io_unistr2 uni_domain_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00b0 uni_max_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00b4 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00b8 uni_str_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 00bc buffer : G.S.B.
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000c2 smb_io_unistr2 uni_user_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00c4 uni_max_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00c8 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00cc uni_str_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 00d0 buffer : l.a.w.
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000d6 smb_io_unistr2 uni_wksta_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00d8 uni_max_len: 00000008
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00dc offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00e0 uni_str_len: 00000008
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 00e4 buffer : G.A.R.G.A.M.E.L.
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000f4 smb_io_string2 nt_chal_resp
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00f4 str_max_len: 00000018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00f8 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00fc str_str_len: 00000018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
> 0100 buffer : ..k..RL.....<t1. .<.H.x.
>[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000118 smb_io_string2 lm_chal_resp
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0118 str_max_len: 00000018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 011c offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0120 str_str_len: 00000018
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
> 0124 buffer : .z....j.3...!GD.....)(..
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 013c validation_level: 0003
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(148)
> sequence = 0x44f1de56
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(150)
> seed: 1D945542017A748E
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(155)
> seed+seq 73724787017A748E
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(159)
> CLIENT C929175B3E77971A
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(164)
> seed+seq+1 74724787017A748E
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(168)
> SERVER 92A653116C9BED38
>[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_reseed(238)
> cred_reseed: seed 74724787017A748E
>[2006/08/27 20:03:03, 10, pid=18112]
libsmb/credentials.c:creds_server_check(221)
> creds_server_check: credentials check OK.
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/secrets.c:secrets_store_schannel_session_info(994)
> secrets_store_schannel_session_info: stored schannel info with key
SECRETS/SCHANNEL/GARGAMEL
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(847)
> SAM Logon (Network). Domain:[GSB]. User:[law@GARGAMEL] Requested
Domain:[GSB]
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(862)
> Attempting validation level 2 for unmapped username law.
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth.c:make_auth_context_subsystem(484)
> Making default auth method list for DC, security=user, encrypt passwords =
yes
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
> load_auth_module: Attempting to find an auth method to match guest
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
> load_auth_module: auth method guest has a valid init
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
> load_auth_module: Attempting to find an auth method to match sam
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
> load_auth_module: auth method sam has a valid init
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
> load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
> load_auth_module: Attempting to find an auth method to match trustdomain
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
> load_auth_module: auth method trustdomain has a valid init
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
> load_auth_module: auth method winbind has a valid init
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info_map(161)
> make_user_info_map: Mapping user [GSB]\[law] from workstation [GARGAMEL]
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:is_trusted_domain(2016)
> is_trusted_domain: Checking for domain trust with [GSB]
>[2006/08/27 20:03:03, 5, pid=18112]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
> secrets_fetch failed!
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 10, pid=18112] lib/gencache.c:gencache_get(312)
> Cache entry with key = TDOM/GSB couldn't be found
>[2006/08/27 20:03:03, 5, pid=18112]
libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
> no entry for trusted domain GSB found.
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(75)
> attempting to make a user_info for law (law)
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(85)
> making strings for law's user_info struct
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(117)
> making blobs for law's user_info struct
>[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:make_user_info(135)
> made an encrypted user_info for law (law)
>[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(221)
> check_ntlm_password: Checking password for unmapped user
[GSB]\[law]@[GARGAMEL] with the new password interface
>[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(224)
> check_ntlm_password: mapped user is: [GSB]\[law]@[GARGAMEL]
>[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(233)
> check_ntlm_password: auth_context challenge created by fixed
>[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(235)
> challenge is:
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:dump_data(2215)
> [000] CB E0 C8 79 DF 82 1A 99 ...y....
>[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(261)
> check_ntlm_password: guest had nothing to say
>[2006/08/27 20:03:03, 8, pid=18112] lib/util.c:is_myname(2036)
> is_myname("GSB") returns 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 5, pid=18112]
pdb_mysql.c:mysqlsam_select_by_field(292)
> Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE username = 'law'
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_username(534)
> pdb_set_username: setting username law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_domain(557)
> pdb_set_domain: setting domain GSB, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
> pdb_set_nt_username: setting nt username law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_fullname(603)
> pdb_set_full_name: setting full name Mario Lipinski, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_homedir(696)
> pdb_set_homedir: setting home dir \\garfield\law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
> pdb_set_logon_script: setting logon script admins.bat, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
> pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_user_sid(463)
> pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
>[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1478)
> lookup_global_sam_rid: looking up RID 3003.
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 5, pid=18112]
pdb_mysql.c:mysqlsam_select_by_field(292)
> Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE user_sid =
'S-1-5-21-4092459118-2595994810-1099795350-3003'
>[2006/08/27 20:03:03, 10, pid=18112] pdb_mysql.c:row_to_sam_account(93)
> empty resultpop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1540)
> Can't find a unix id for an unmapped group
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_group_sid(521)
> pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
>[2006/08/27 20:03:03, 10, pid=18112]
lib/account_pol.c:account_policy_get(337)
> account_policy_get: name: password history, val: 0
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_username(534)
> pdb_set_username: setting username law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_domain(557)
> pdb_set_domain: setting domain GSB, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
> pdb_set_nt_username: setting nt username law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_fullname(603)
> pdb_set_full_name: setting full name Mario Lipinski, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_homedir(696)
> pdb_set_homedir: setting home dir \\garfield\law, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_dir_drive(672)
> pdb_set_dir_drive: setting dir drive , was NULL
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
> pdb_set_logon_script: setting logon script admins.bat, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
> pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_workstations(739)
> pdb_set_workstations: setting workstations , was
>[2006/08/27 20:03:03, 10, pid=18112]
lib/account_pol.c:account_policy_get(337)
> account_policy_get: name: password history, val: 0
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_user_sid(463)
> pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
> pdb_set_user_sid_from_rid:
> setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid
3002
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
> fetch gid from cache 60000 ->
S-1-5-21-4092459118-2595994810-1099795350-513
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_group_sid(521)
> pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
>[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
> pdb_set_group_sid_from_rid:
> setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid
513
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 9, pid=18112]
passdb/passdb.c:pdb_update_autolock_flag(1407)
> pdb_update_autolock_flag: Account law not autolocked, no check needed
>[2006/08/27 20:03:03, 4, pid=18112]
libsmb/ntlm_check.c:ntlm_password_check(326)
> ntlm_password_check: Checking NT MD4 password
>[2006/08/27 20:03:03, 4, pid=18112] auth/auth_sam.c:sam_account_ok(138)
> sam_account_ok: Checking SMB password for user law
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_sam.c:logon_hours_ok(120)
> logon_hours_ok: user law allowed to logon at this time (Sun Aug 27
18:03:03 2006
> )
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
> Got law from pwnam_cache
>[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
> Got law from pwnam_cache
>[2006/08/27 20:03:03, 10, pid=18112] lib/system_smbd.c:sys_getgrouplist(125)
> sys_getgrouplist: user [law]
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
> fetch sid from gid cache 1001 -> S-1-22-2-1001
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
> fetch sid from gid cache 0 -> S-1-22-2-0
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
> fetch sid from gid cache 40 -> S-1-22-2-40
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
> fetch sid from gid cache 50 -> S-1-22-2-50
>[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
> fetch sid from gid cache 1000 -> S-1-22-2-1000
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:make_server_info_sam(625)
> make_server_info_sam: made server info for user law -> law
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(270)
> check_ntlm_password: sam authentication for user [law] succeeded
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
> push_conn_ctx(115) : conn_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_nt_user_token(448)
> NT user token: (NULL)
>[2006/08/27 20:03:03, 5, pid=18112]
auth/auth_util.c:debug_unix_user_token(474)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
>[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:check_ntlm_password(296)
> check_ntlm_password: PAM Account for user [law] succeeded
>[2006/08/27 20:03:03, 2, pid=18112] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [law] -> [law] ->
[law] succeeded
>[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:free_user_info(1866)
> attempting to free (and zero) a user_info structure
>[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:free_user_info(1870)
> structure was created for law
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
> _net_sam_logon: check_password returned status NT_STATUS_OK
>[2006/08/27 20:03:03, 4, pid=18112]
rpc_parse/parse_net.c:init_dom_sid2s(1009)
> init_dom_sid2s:
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 net_io_r_sam_logon
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0000 buffer_creds: 00000001
>[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000004 smb_io_cred
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000004 smb_io_chal
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0004 data: 92 a6 53 11 6c 9b ed 38
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 00000c smb_io_utime
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 000c time: 44f1de57
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0010 switch_value: 0003
>[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000014 net_io_user_info3
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0014 ptr_user_info : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000018 smb_io_time logon time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0018 low : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 001c high: 00000000
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000020 smb_io_time logoff time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0020 low : ffffffff
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0024 high: 7fffffff
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000028 smb_io_time kickoff time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0028 low : ffffffff
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 002c high: 7fffffff
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000030 smb_io_time last set time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0030 low : 12056880
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0034 high: 01c4942d
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000038 smb_io_time can change time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0038 low : 12056880
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 003c high: 01c4942d
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000040 smb_io_time must change time
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0040 low : d4a5e980
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0044 high: 01e9fd1e
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000048 smb_io_unihdr hdr_user_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0048 uni_str_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 004a uni_max_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 004c buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000050 smb_io_unihdr hdr_full_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0050 uni_str_len: 001c
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0052 uni_max_len: 001c
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0054 buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000058 smb_io_unihdr hdr_logon_script
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0058 uni_str_len: 0014
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 005a uni_max_len: 0014
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 005c buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000060 smb_io_unihdr hdr_profile_path
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0060 uni_str_len: 0032
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0062 uni_max_len: 0032
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0064 buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000068 smb_io_unihdr hdr_home_dir
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0068 uni_str_len: 001c
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 006a uni_max_len: 001c
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 006c buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000070 smb_io_unihdr hdr_dir_drive
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0070 uni_str_len: 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0072 uni_max_len: 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0074 buffer : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0078 logon_count : 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 007a bad_pw_count : 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 007c user_rid : 00000bba
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0080 group_rid : 00000201
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0084 num_groups : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0088 buffer_groups : 00000001
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 008c user_flgs : 00000020
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_parse/parse_net.c:dump_user_flgs(1555)
> dump_user_flgs
> account has LOGON_EXTRA_SIDS
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0090 user_sess_key: 86 4d c5 2d e6 ec 27 12 cd e8 59 9c 63 d0 54
fc
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000a0 smb_io_unihdr hdr_logon_srv
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a0 uni_str_len: 0010
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a2 uni_max_len: 0010
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00a4 buffer : 00000001
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000a8 smb_io_unihdr hdr_logon_dom
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00a8 uni_str_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 00aa uni_max_len: 0006
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00ac buffer : 00000001
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00b0 buffer_dom_id : 00000001
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 00b4 lm_sess_key: 30 32 0f fc ff 3e b1 1c
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00bc acct_flags : 00000212
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_parse/parse_net.c:dump_acct_flags(1528)
> dump_acct_flags
> account has ACB_NORMAL
> account has ACB_PWNOEXP
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00c0 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00c4 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00c8 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00cc unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00d0 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00d4 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00d8 unkown: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00dc num_other_sids: 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00e0 buffer_other_sids: 00000000
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000e4 smb_io_unistr2 uni_user_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00e4 uni_max_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00e8 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00ec uni_str_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 00f0 buffer : l.a.w.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0000f6 smb_io_unistr2 uni_full_name
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00f8 uni_max_len: 0000000e
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 00fc offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0100 uni_str_len: 0000000e
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 0104 buffer : M.a.r.i.o. .L.i.p.i.n.s.k.i.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000120 smb_io_unistr2 uni_logon_script
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0120 uni_max_len: 0000000a
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0124 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0128 uni_str_len: 0000000a
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 012c buffer : a.d.m.i.n.s...b.a.t.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000140 smb_io_unistr2 uni_profile_path
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0140 uni_max_len: 00000019
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0144 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0148 uni_str_len: 00000019
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 014c buffer :
\.\.g.a.r.f.i.e.l.d.\.l.a.w.\...n.t.p.r.o.f.i.l.e.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 00017e smb_io_unistr2 uni_home_dir
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0180 uni_max_len: 0000000e
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0184 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0188 uni_str_len: 0000000e
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 018c buffer : \.\.g.a.r.f.i.e.l.d.\.l.a.w.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0001a8 smb_io_unistr2 - NULL uni_dir_drive
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01a8 num_groups2 : 00000000
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0001ac smb_io_unistr2 uni_logon_srv
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01ac uni_max_len: 00000008
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01b0 offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01b4 uni_str_len: 00000008
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 01b8 buffer : G.A.R.F.I.E.L.D.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0001c8 smb_io_unistr2 uni_logon_dom
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01c8 uni_max_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01cc offset : 00000000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01d0 uni_str_len: 00000003
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_parse/parse_prs.c:dbg_rw_punival(936)
> 01d4 buffer : G.S.B.
>[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0001da smb_io_dom_sid2
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01dc num_auths: 00000004
>[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 0001e0 smb_io_dom_sid sid
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e0 sid_rev_num: 01
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e1 num_auths : 04
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e2 id_auth[0] : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e3 id_auth[1] : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e4 id_auth[2] : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e5 id_auth[3] : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e6 id_auth[4] : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 01e7 id_auth[5] : 05
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32s(991)
> 01e8 sub_auths : 00000015 f3edf86e 9abbbcba 418d8b96
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 01f8 auth_resp : 00000001
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_ntstatus(763)
> 01fc status : NT_STATUS_OK
>[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2305)
> api_rpcTNP: called NETLOGON successfully
>[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
> free_pipe_context: destroying talloc pool of size 998
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
> write_to_pipe: data_used = 368
>[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_write_and_X(217)
> writeX-IPC pnum=76d2 nwritten=384
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
> size=47
> smb_com=0x2f
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=1
> smb_pid=65279
> smb_uid=115
> smb_mid=37068
> smt_wct=6
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 384 (0x180)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 0 (0x0)
> smb_vwv[ 5]= 0 (0x0)
> smb_bcc=0
>[2006/08/27 20:03:03, 10, pid=18112]
smbd/process.c:setup_select_timeout(1284)
> change_notify_timeout: -1
>[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
> got smb length of 59
>[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
> got message type 0x0 of len 0x3b
>[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
> Transaction 14095 of length 63
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
> size=59
> smb_com=0x2e
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=24
> smb_flg2=51207
> smb_tid=1
> smb_pid=65279
> smb_uid=115
> smb_mid=37132
> smt_wct=12
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]=57054 (0xDEDE)
> smb_vwv[ 2]=30418 (0x76D2)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 0 (0x0)
> smb_vwv[ 5]= 1024 (0x400)
> smb_vwv[ 6]= 1024 (0x400)
> smb_vwv[ 7]=65535 (0xFFFF)
> smb_vwv[ 8]=65535 (0xFFFF)
> smb_vwv[ 9]= 1024 (0x400)
> smb_vwv[10]= 0 (0x0)
> smb_vwv[11]= 0 (0x0)
> smb_bcc=0
>[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
> switch message SMBreadX (pid 18112) conn 0x9998e0
>[2006/08/27 20:03:03, 4, pid=18112] smbd/uid.c:change_to_user(176)
> change_to_user: Skipping user change - already user
>[2006/08/27 20:03:03, 4, pid=18112]
rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
> search for pipe pnum=76d2
>[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
> pipe name NETLOGON pnum=76d2 (pipes_open=1)
>[2006/08/27 20:03:03, 6, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
> read_from_pipe: 76d2 name: NETLOGON len: 1024
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068)
> read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 512.
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 smb_io_rpc_hdr hdr
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0000 major : 05
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0001 minor : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0002 pkt_type : 02
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0003 flags : 03
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0004 pack_type0: 10
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0005 pack_type1: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0006 pack_type2: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0007 pack_type3: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0008 frag_len : 0240
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 000a auth_len : 0020
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 000c call_id : 0000000e
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000010 smb_io_rpc_hdr_resp resp
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 0010 alloc_hint: 00000200
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
> 0014 context_id: 0000
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0016 cancel_ct : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0017 reserved : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000218 smb_io_rpc_hdr_auth hdr_auth
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0218 auth_type : 44
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 0219 auth_level : 06
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 021a auth_pad_len : 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
> 021b auth_reserved: 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
> 021c auth_context_id: 00000001
>[2006/08/27 20:03:03, 10, pid=18112]
rpc_parse/parse_prs.c:schannel_encode(1633)
> SCHANNEL: schannel_encode seq_num=27 data_len=512
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
> 000220 smb_io_rpc_auth_schannel_chk
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0220 sig : 77 00 7a 00 ff ff 00 00
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0228 seq_num: 56 92 bc 2e 01 65 4e ee
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0230 packet_digest: 23 19 33 ef 8a c5 df 69
>[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
> 0238 confounder: 70 ec 77 3a 58 e0 61 49
>[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_read_and_X(262)
> readX-IPC pnum=76d2 min=1024 max=1024 nread=576
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
>[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
> size=635
> smb_com=0x2e
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=1
> smb_pid=65279
> smb_uid=115
> smb_mid=37132
> smt_wct=12
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 0 (0x0)
> smb_vwv[ 5]= 576 (0x240)
> smb_vwv[ 6]= 59 (0x3B)
> smb_vwv[ 7]= 0 (0x0)
> smb_vwv[ 8]= 0 (0x0)
> smb_vwv[ 9]= 0 (0x0)
> smb_vwv[10]= 0 (0x0)
> smb_vwv[11]= 0 (0x0)
> smb_bcc=576
>[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
>[...]
>[2006/08/27 20:03:03, 10, pid=18112]
smbd/process.c:setup_select_timeout(1284)
> change_notify_timeout: -1
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url :
http://lists.samba.org/archive/samba/attachments/20060901/1eaf3581/attachment.bin
