Jean-Francois Leblond
2005-Jun-18 20:39 UTC
TR: [Samba] Domain logon problem with w2k client on a Samba-3 PDC
Hi, I found my solution applying this receipe: http://us1.samba.org/samba/docs/man/Samba-Guide/small.html Thanks JFL -----Message d'origine----- De : samba-bounces+jfleblond=videotron.ca@lists.samba.org [mailto:samba-bounces+jfleblond=videotron.ca@lists.samba.org]De la part de Jean-Francois Leblond Envoye : 15 juin 2005 00:41 A : samba@lists.samba.org; Paul Gienger Objet : RE: [Samba] Domain logon problem with w2k client on a Samba-3 PDC I made some research on the error, I'm seeing: "_samr_create_user: ACCESS DENIED". The description looks similar to my problem i.e. Samba3 PDC with a W2K client domain logon The solution points to a link which does exist anymore: http://www.samba.org/samba/docs/man/guide/secure.html#id2520407 I attached the level 2 and 3 log output. At level 3, I'm getting a log file with the ip address. Server name is jflcent and client is jflw2k. I cleared the logs before capturing. Nopthing was logged in smbd.log or nmbd.log At log level 2, I'm getting this in the client log file: [root@jflcent samba]# tail -f jflw2k.log [2005/06/15 00:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:26:24, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [testuser] -> [testuser] -> [testuser] succeeded [2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PALMARINC -> S-1-5-21-1306232831-1958954829-1360062360 [2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PALMARINC -> S-1-5-21-1306232831-1958954829-1360062360 [2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) [2005/06/15 00:26:24, 2] smbd/server.c:exit_server(571) Closing connections [2005/06/15 00:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:26:25, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [testuser] -> [testuser] -> [testuser] succeeded [2005/06/15 00:26:25, 2] smbd/server.c:exit_server(571) Closing connections Client log file at level 3: [root@jflcent samba]# cat jflw2k.log [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 137 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 3418) conn 0x0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(549) Selected protocol NT LM 0.12 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 202 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 3418) conn 0x0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc803 [2005/06/15 00:37:37, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 32 [2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x80008207 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 306 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 3418) conn 0x0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc803 [2005/06/15 00:37:37, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[testuser] domain=[PALMARINC] workstation=[JFLW2K] len1=24 len2=24 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [PALMARINC]\[testuser]@[JFLW2K] with the new password interface [2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [PALMARINC]\[testuser]@[JFLW2K] [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [testuser] succeeded [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [testuser] -> [testuser] -> [testuser] succeeded [2005/06/15 00:37:37, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x00008215 [2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(222) User name: testuser Real name: Samba user test [2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(241) UNIX uid 501 is UNIX user testuser, and will be vuid 100 [2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'testuser' using home directory: '/home/testuser' [2005/06/15 00:37:37, 3] param/loadparm.c:lp_add_home(2341) adding home's share [testuser] for user 'testuser' at '/home/testuser' [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 84 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 3418) conn 0x0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/service.c:make_connection_snum(472) Connect path is '/tmp' for service [IPC$] [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/service.c:make_connection_snum(648) jflw2k (192.168.0.7) connect to service IPC$ initially as user testuser (uid=501, gid=100) (pid 3418) [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/reply.c:reply_tcon_and_X(456) tconX service=IPC$ [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75cb nwritten=72 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75cb min=1024 max=1024 nread=68 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 176 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=88 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75cb) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 820 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=46 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75cb) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=46 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75cb) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 512 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75cc nwritten=72 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75cc min=1024 max=1024 nread=68 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=36 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75cc) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=184 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75cc) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=148 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75cc) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 42 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75cc) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75cc) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 100 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75cd nwritten=72 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75cd min=1024 max=1024 nread=68 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 156 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=68 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 752 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 140 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=52 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 1080 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 170 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=82 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PALMARINC -> S-1-5-21-1306232831-1958954829-1360062360 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 18 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 164 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=76 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x00000211) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 732 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 140 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=52 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 1080 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 170 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=82 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain PALMARINC -> S-1-5-21-1306232831-1958954829-1360062360 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 18 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 164 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=76 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 732 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 176 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=88 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CREATE_USER [2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 16 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 132 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 132 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 75cd) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 45 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 34 of length 132 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75cb) [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 35 of length 45 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 36 of length 39 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 3418) conn 0x98e9218 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/service.c:close_cnum(836) jflw2k (192.168.0.7) closed connection to service IPC$ [2005/06/15 00:37:37, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 37 of length 43 [2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 3418) conn 0x0 [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 3] smbd/reply.c:reply_ulogoffX(1249) ulogoffX vuid=100 [2005/06/15 00:37:37, 3] smbd/process.c:timeout_processing(1336) timeout_processing: End of file from client (client has disconnected). [2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:37, 2] smbd/server.c:exit_server(571) Closing connections [2005/06/15 00:37:37, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/06/15 00:37:37, 3] smbd/server.c:exit_server(614) Server exit (normal exit) [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 137 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 3419) conn 0x0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(549) Selected protocol NT LM 0.12 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 202 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 3419) conn 0x0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc803 [2005/06/15 00:37:38, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 32 [2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x80008207 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 306 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 3419) conn 0x0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc803 [2005/06/15 00:37:38, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[testuser] domain=[PALMARINC] workstation=[JFLW2K] len1=24 len2=24 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [PALMARINC]\[testuser]@[JFLW2K] with the new password interface [2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [PALMARINC]\[testuser]@[JFLW2K] [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [testuser] succeeded [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [testuser] -> [testuser] -> [testuser] succeeded [2005/06/15 00:37:38, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x00008215 [2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(222) User name: testuser Real name: Samba user test [2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(241) UNIX uid 501 is UNIX user testuser, and will be vuid 100 [2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'testuser' using home directory: '/home/testuser' [2005/06/15 00:37:38, 3] param/loadparm.c:lp_add_home(2341) adding home's share [testuser] for user 'testuser' at '/home/testuser' [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 84 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 3419) conn 0x0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/service.c:make_connection_snum(472) Connect path is '/tmp' for service [IPC$] [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:38, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/service.c:make_connection_snum(648) jflw2k (192.168.0.7) connect to service IPC$ initially as user testuser (uid=501, gid=100) (pid 3419) [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/reply.c:reply_tcon_and_X(456) tconX service=IPC$ [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75c9 nwritten=72 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75c9 min=1024 max=1024 nread=68 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 176 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=88 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75c9) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251) [2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1306232831-1958954829-1360062360-2002 se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 820 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=46 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75c9) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=46 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75c9) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 512 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75ca nwritten=72 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75ca min=1024 max=1024 nread=68 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=36 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75ca) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=184 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75ca) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=148 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75ca) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 42 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75ca) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "winreg" (pnum 75ca) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 108 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75cb nwritten=72 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75cb min=1024 max=1024 nread=68 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 182 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=94 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "NETLOGON" (pnum 75cb) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_REQCHAL [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 34 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 45 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 108 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 140 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=75cc nwritten=72 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 63 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=75cc min=1024 max=1024 nread=68 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 214 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=126 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "NETLOGON" (pnum 75cc) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_AUTH [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 50 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 45 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 132 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "lsarpc" (pnum 75c9) [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 45 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 39 [2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 3419) conn 0x98e9218 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:38, 3] smbd/service.c:close_cnum(836) jflw2k (192.168.0.7) closed connection to service IPC$ [2005/06/15 00:37:38, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:39, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 43 [2005/06/15 00:37:39, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 3419) conn 0x0 [2005/06/15 00:37:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:39, 3] smbd/reply.c:reply_ulogoffX(1249) ulogoffX vuid=100 [2005/06/15 00:37:39, 3] smbd/process.c:timeout_processing(1336) timeout_processing: End of file from client (client has disconnected). [2005/06/15 00:37:39, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/06/15 00:37:39, 2] smbd/server.c:exit_server(571) Closing connections [2005/06/15 00:37:39, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/06/15 00:37:39, 3] smbd/server.c:exit_server(614) Server exit (normal exit) [root@jflcent samba]# At level 3, log file with IP address: [root@jflcent samba]# cat 192.168.0.7.log [2005/06/15 00:37:37, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2005/06/15 00:37:37, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2005/06/15 00:37:37, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 3418, global_oplock_port = 32770 [2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091) Transaction 0 of length 72 [2005/06/15 00:37:37, 2] smbd/reply.c:reply_special(235) netbios connect: name1=JFLCENT name2=JFLW2K [2005/06/15 00:37:37, 2] smbd/reply.c:reply_special(242) netbios connect: local=jflcent remote=jflw2k, name type = 0 [2005/06/15 00:37:38, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2005/06/15 00:37:38, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2005/06/15 00:37:38, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 3419, global_oplock_port = 32770 [2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091) Transaction 0 of length 72 [2005/06/15 00:37:38, 2] smbd/reply.c:reply_special(235) netbios connect: name1=JFLCENT name2=JFLW2K [2005/06/15 00:37:38, 2] smbd/reply.c:reply_special(242) netbios connect: local=jflcent remote=jflw2k, name type = 0 [root@jflcent samba]# If you can point me to the right direction, I would greatly appreciate it. Thanks a lot for your help JF Leblond -----Message d'origine----- De : Paul Gienger [mailto:pgienger@ae-solutions.com] Envoye : 14 juin 2005 08:43 A : jfleblond@videotron.ca; samba@lists.samba.org Objet : RE: [Samba] Domain logon problem with w2k client on a Samba-3 PDC> I'm still getting the error "the following error occured attempting to > join > the domain "PALMARINC" "logon failure: unknown username or bad password" > > On the other hand, I'm able to connect to a share with the same login and > password.What do the server logs say when you get this error? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Seemingly Similar Threads
Wisdom of the Ancients
