Hi all! I'm settting up a samba PDC on SuSE 9.3 with samba 3 using OpenLDAP. I've got some problems when i try to join a Windows XP Pro sp2 worstation into the samba PDC. Windows tell me that i dont have access to join the domain, and samba logfiles says that LDAP can't be running as non-root. When I try to join the domain from XP it asks after login and passwd and here i've try with the administrator account and my own account (senate). The registrypatch is done and the computer A13 is added to the LDAP: fileserver log/samba# smbldap-usershow a13$ dn: uid=A13$,ou=Computers,dc=FASITET,dc=SE objectClass: top,inetOrgPerson,posixAccount cn: A13$ sn: A13$ uid: A13$ uidNumber: 1005 gidNumber: 555 homeDirectory: /dev/null loginShell: /bin/false description: Computer ###### smb.conf [global] netbiosname = fileserver workgroup = FASITET realm = FASITET.SE <http://FASITET.SE> interfaces = eth0, lo hosts allow = 127.0.0.1 <http://127.0.0.1> 192.168.100. username map = /etc/samba/smbusers admin users = @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes #min passwd length = 3 obey pam restrictions = No unix password sync = Yes passwd program = /usr/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew Password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 3 syslog = 1 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat logon drive = F: logon home logon path domain logons = Yes os level = 65 local master = Yes preferred master = Yes domain master = yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1 ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=fasitet,dc=se ldap suffix = dc=fasitet,dc=se ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" winbind separator = + idmap uid = 500-10000000 idmap gid = 500-10000000 winbind use default domain = Yes winbind enum users = yes winbind enum groups = yes [homes] comment = Home Directories valid users = %S browseable = Yes writable = yes create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon [profiles] comment = Network Profiles Service path = /var/lib/samba/profiles/ writeable = yes browsable = yes create mask = 0644 directory mask = 0755 [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [pub] comment = Public Directory directory = /pub comment = Public Directory directory = /pub guest ok = yes writable = yes browseable = yes public = yes read only = no create mask = 0664 directory mask = 0775 user = senate force user = senate [backup] comment = Backup Directory directory = /backup valid users = @users writable = yes browseable = yes read only = no create mask = 0664 directory mask = 0775 # eof smb.conf ###### log.nmbd [2005/11/09 13:14:02, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(110) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup FASITET. Do not announce to ourselves. [2005/11/09 13:14:02, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(154) sync_with_dmb: Initiating sync with domain master browser FILESERVER<20> at IP 192.168.100.12 <http://192.168.100.12> for workgroup FASITET [2005/11/09 13:14:03, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name *<1b> from IP 127.0.0.1<http://127.0.0.1> [2005/11/09 13:16:08, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(166) send_local_master_announcement: type c9b2b for name FILESERVER on subnet 192.168.100.12 <http://192.168.100.12> for workgroup FASITET [2005/11/09 13:16:08, 3] nmbd/nmbd_sendannounce.c:send_workgroup_announcement(185) send_workgroup_announcement: on subnet 192.168.100.12<http://192.168.100.12>for workgroup FASITET [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FASITET<00> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FASITET<1b> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FASITET<1c> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FASITET<1e> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FILESERVER<00> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FILESERVER<03> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:16:08, 3] nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476) wins_process_name_refresh_request: Name refresh for name FILESERVER<20> IP 192.168.100.12 <http://192.168.100.12> [2005/11/09 13:17:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name FASITET<1c> from IP 127.0.0.1<http://127.0.0.1> [2005/11/09 13:17:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1537) wins_process_name_query: name query for name FASITET<1c> returning first IP 192.109.100.100 <http://192.109.100.100>. [2005/11/09 13:17:49, 3] nmbd/nmbd_incomingrequests.c:process_node_status_request(323) process_node_status_request: status request for name FASITET<1c> from IP 192.168.100.12 <http://192.168.100.12> on subnet UNICAST_SUBNET. [2005/11/09 13:21:59, 3] nmbd/nmbd_incomingrequests.c:process_node_status_request(323) process_node_status_request: status request for name *<00> from IP 82.190.52.249 <http://82.190.52.249> on subnet UNICAST_SUBNET. [2005/11/09 13:25:33, 3] nmbd/nmbd_incomingdgrams.c:process_workgroup_announce(217) process_workgroup_announce: from FIREWALL<00> IP 82.96.47.50<http://82.96.47.50>to __MSBROWSE__<01> for workgroup FASITET1. [2005/11/09 13:25:53, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(421) write_browse_list: Wrote browse list into file /var/lib/samba/browse.dat # eof log.nmbd ###### log.a13 (A13 is the name of my WinXP workstation) [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 10677) conn 0x0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LM 0.12 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 240 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10677) conn 0x0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:21, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 40 [2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 360 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10677) conn 0x0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:21, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) Got user=[administrator] domain=[fasitet] workstation=[A13] len1=24 len2=24 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [fasitet]\[administrator]@[A13] with the new password interface [2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [fasitet]\[administrator]@[A13] [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/11/09 13:10:21, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/11/09 13:10:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: Administrator [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 512 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [administrator] succeeded [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2005/11/09 13:10:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(222) User name: Administrator Real name: Administrator [2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(241) UNIX uid 0 is UNIX user Administrator, and will be vuid 100 [2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'Administrator' using home directory: '/home/Administrator' [2005/11/09 13:10:21, 3] param/loadparm.c:lp_add_home(2360) adding home's share [Administrator] for user 'Administrator' at '/home/Administrator' [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 90 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 10677) conn 0x0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/11/09 13:10:21, 2] lib/access.c:check_access(324) Allowed connection from (192.168.100.98 <http://192.168.100.98>) [2005/11/09 13:10:21, 3] smbd/service.c:make_connection_snum(479) Connect path is '/var/tmp' for service [IPC$] [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:21, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/service.c:make_connection_snum(642) a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 10677) [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/reply.c:reply_tcon_and_X(455) tconX service=IPC$ [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:21, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7698 nwritten=72 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7698 min=1024 max=1024 nread=68 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 184 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7698) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 826 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7698) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7698) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 16 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7699 nwritten=72 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7699 min=1024 max=1024 nread=68 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7699) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=184 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7699) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=148 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7699) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 46 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7699) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7699) [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 108 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=769a nwritten=72 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=769a min=1024 max=1024 nread=68 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 184 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 769a) [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_REQCHAL [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 34 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 45 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 108 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 140 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=769b nwritten=72 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 63 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=769b min=1024 max=1024 nread=68 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 208 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=120 params=0 setup=2 [2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 769b) [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_AUTH [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 44 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 45 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 132 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7698) [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/11/09 13:10:22, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 45 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 43 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 10677) conn 0x0 [2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:22, 3] smbd/reply.c:reply_ulogoffX(1261) ulogoffX vuid=100 [2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 39 [2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 10677) conn 0x83ce5e0 [2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:22, 3] smbd/service.c:close_cnum(830) a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service IPC$ [2005/11/09 13:10:22, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:22, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:22, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/09 13:10:22, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/09 13:10:22, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 137 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 10678) conn 0x0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LM 0.12 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 240 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10678) conn 0x0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:23, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 40 [2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 360 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10678) conn 0x0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:23, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) Got user=[administrator] domain=[fasitet] workstation=[A13] len1=24 len2=24 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [fasitet]\[administrator]@[A13] with the new password interface [2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [fasitet]\[administrator]@[A13] [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/11/09 13:10:23, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: Administrator [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 512 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [administrator] succeeded [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2005/11/09 13:10:23, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(222) User name: Administrator Real name: Administrator [2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(241) UNIX uid 0 is UNIX user Administrator, and will be vuid 100 [2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'Administrator' using home directory: '/home/Administrator' [2005/11/09 13:10:23, 3] param/loadparm.c:lp_add_home(2360) adding home's share [Administrator] for user 'Administrator' at '/home/Administrator' [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 90 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 10678) conn 0x0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/11/09 13:10:23, 2] lib/access.c:check_access(324) Allowed connection from (192.168.100.98 <http://192.168.100.98>) [2005/11/09 13:10:23, 3] smbd/service.c:make_connection_snum(479) Connect path is '/var/tmp' for service [IPC$] [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:23, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/service.c:make_connection_snum(642) a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 10678) [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/reply.c:reply_tcon_and_X(455) tconX service=IPC$ [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7699 nwritten=72 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7699 min=1024 max=1024 nread=68 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 184 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7699) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 826 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7699) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7699) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 16 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=769a nwritten=72 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=769a min=1024 max=1024 nread=68 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 769a) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=184 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 769a) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=148 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 769a) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 46 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 769a) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 769a) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 100 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=769b nwritten=72 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=769b min=1024 max=1024 nread=68 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 176 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=88 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769b) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 45 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 100 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 140 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=769c nwritten=72 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 63 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=769c min=1024 max=1024 nread=68 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 164 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 982 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 140 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 88 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 166 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=78 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/11/09 13:10:23, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain FASITET -> S-1-5-21-2628040634-270012795-1265092401 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 14 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 164 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 956 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 168 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CREATE_USER [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1898) ldapsam_add_sam_account: Adding new user [2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) init_ldap_from_sam: Setting entry for user: A13$ [2005/11/09 13:10:23, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495) ldapsam_modify_entry: Failed to add user dnuid=A13$,ou=Computers,dc=fasitet,dc=se with: Already exists [2005/11/09 13:10:23, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1937) ldapsam_add_sam_account: failed to modify/add user with uid = A13$ (dn uid=A13$,ou=Computers,dc=fasitet,dc=se) [2005/11/09 13:10:23, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350) could not add user/computer a13$ to passdb. Check permissions? [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 10 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 132 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 34 of length 132 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 769c) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 35 of length 45 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 36 of length 132 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7699) [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 37 of length 45 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 38 of length 43 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 10678) conn 0x0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/reply.c:reply_ulogoffX(1261) ulogoffX vuid=100 [2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091) Transaction 39 of length 39 [2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 10678) conn 0x83ce750 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/service.c:close_cnum(830) a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service IPC$ [2005/11/09 13:10:23, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:23, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/09 13:10:23, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/09 13:10:23, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 137 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 10693) conn 0x0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LM 0.12 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 240 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10693) conn 0x0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:51, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 40 [2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 346 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10693) conn 0x0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:51, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) Got user=[senate] domain=[fasitet] workstation=[A13] len1=24 len2=24 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [fasitet]\[senate]@[A13] with the new password interface [2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [fasitet]\[senate]@[A13] [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/11/09 13:10:51, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/11/09 13:10:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: senate [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 513 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [senate] succeeded [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [senate] -> [senate] -> [senate] succeeded [2005/11/09 13:10:51, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(222) User name: senate Real name: System User [2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(241) UNIX uid 1001 is UNIX user senate, and will be vuid 100 [2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'senate' using home directory: '/home/senate' [2005/11/09 13:10:51, 3] param/loadparm.c:lp_add_home(2360) adding home's share [senate] for user 'senate' at '/home/senate' [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 90 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 10693) conn 0x0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/11/09 13:10:51, 2] lib/access.c:check_access(324) Allowed connection from (192.168.100.98 <http://192.168.100.98>) [2005/11/09 13:10:51, 3] smbd/service.c:make_connection_snum(479) Connect path is '/var/tmp' for service [IPC$] [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:51, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/service.c:make_connection_snum(642) a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$ initially as user senate (uid=1001, gid=100) (pid 10693) [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/reply.c:reply_tcon_and_X(455) tconX service=IPC$ [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768e nwritten=72 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768e min=1024 max=1024 nread=68 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 184 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768e) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 826 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768e) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768e) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 16 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768f nwritten=72 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768f min=1024 max=1024 nread=68 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768f) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=184 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768f) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=148 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768f) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 46 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768f) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:51, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768f) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:51, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 108 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7690 nwritten=72 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7690 min=1024 max=1024 nread=68 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 184 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 7690) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_REQCHAL [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 34 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 45 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 108 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe NETLOGON opening. [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 140 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\NETLOGON [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7691 nwritten=72 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 63 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=7691 min=1024 max=1024 nread=68 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 208 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=120 params=0 setup=2 [2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "NETLOGON" (pnum 7691) [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: NET_AUTH [2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 44 [2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 45 [2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 132 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768e) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 45 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 43 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 10693) conn 0x0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/reply.c:reply_ulogoffX(1261) ulogoffX vuid=100 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 39 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 10693) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/service.c:close_cnum(830) a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service IPC$ [2005/11/09 13:10:52, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/09 13:10:52, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/09 13:10:52, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 137 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 10694) conn 0x0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Windows for Workgroups 3.1a] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN2.1] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LM 0.12 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 240 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10694) conn 0x0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:52, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) Got OID 1 3 6 1 4 1 311 2 2 10 [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) Got secblob of size 40 [2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 3 of length 346 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 10694) conn 0x0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=12 flg2=0xc807 [2005/11/09 13:10:52, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) Doing spnego session setup [2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) Got user=[senate] domain=[fasitet] workstation=[A13] len1=24 len2=24 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [fasitet]\[senate]@[A13] with the new password interface [2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [fasitet]\[senate]@[A13] [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/11/09 13:10:52, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/11/09 13:10:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: senate [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/09 13:10:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000) init_group_from_ldap: Entry found for group: 513 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [senate] succeeded [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [senate] -> [senate] -> [senate] succeeded [2005/11/09 13:10:52, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(222) User name: senate Real name: System User [2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(241) UNIX uid 1001 is UNIX user senate, and will be vuid 100 [2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'senate' using home directory: '/home/senate' [2005/11/09 13:10:52, 3] param/loadparm.c:lp_add_home(2360) adding home's share [senate] for user 'senate' at '/home/senate' [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 4 of length 90 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 10694) conn 0x0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2005/11/09 13:10:52, 2] lib/access.c:check_access(324) Allowed connection from (192.168.100.98 <http://192.168.100.98>) [2005/11/09 13:10:52, 3] smbd/service.c:make_connection_snum(479) Connect path is '/var/tmp' for service [IPC$] [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] smbd/vfs.c:vfs_init_default(206) Initialising default vfs hooks [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/service.c:make_connection_snum(642) a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$ initially as user senate (uid=1001, gid=100) (pid 10694) [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/reply.c:reply_tcon_and_X(455) tconX service=IPC$ [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 104 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe lsarpc opening. [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 6 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\lsarpc [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768a nwritten=72 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 7 of length 63 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768a min=1024 max=1024 nread=68 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 8 of length 184 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=96 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768a) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 826 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 134 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768a) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 134 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768a) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 16 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 11 of length 104 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe winreg opening. [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 12 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\winreg [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768b nwritten=72 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 13 of length 63 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768b min=1024 max=1024 nread=68 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 14 of length 124 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768b) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_HKLM [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 15 of length 272 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=184 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768b) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_OPEN_ENTRY [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 110 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 16 of length 236 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=148 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768b) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_INFO [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 46 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 17 of length 132 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768b) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 18 of length 132 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 768b) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: REG_CLOSE [2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 19 of length 45 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 20 of length 100 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 21 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768c nwritten=72 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 22 of length 63 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768c min=1024 max=1024 nread=68 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 23 of length 176 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=88 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768c) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 24 of length 45 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 25 of length 100 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514) nt_open_pipe: Known pipe samr opening. [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 26 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBwriteX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762) check_bind_req for \PIPE\samr [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=768d nwritten=72 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 27 of length 63 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBreadX (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=768d min=1024 max=1024 nread=68 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 28 of length 164 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CONNECT4 [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 982 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 29 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 88 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 30 of length 166 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=78 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/11/09 13:10:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain FASITET -> S-1-5-21-2628040634-270012795-1265092401 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 14 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 31 of length 164 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 956 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 32 of length 140 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 88 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 33 of length 166 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=78 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2005/11/09 13:10:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580) Returning domain sid for domain FASITET -> S-1-5-21-2628040634-270012795-1265092401 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 14 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 34 of length 164 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251) [2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033 se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 956 [2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091) Transaction 35 of length 168 [2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CREATE_USER [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1001, 100) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1001, 100) : sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0 [2005/11/09 13:10:52, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:52, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 1 try! [2005/11/09 13:10:53, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:53, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 2 try! [2005/11/09 13:10:54, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:54, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 3 try! [2005/11/09 13:10:55, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:55, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 4 try! [2005/11/09 13:10:56, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:56, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 5 try! [2005/11/09 13:10:57, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:57, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 6 try! [2005/11/09 13:10:58, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:58, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 7 try! [2005/11/09 13:10:59, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:10:59, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 8 try! [2005/11/09 13:11:00, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:00, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 9 try! [2005/11/09 13:11:01, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:01, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 10 try! [2005/11/09 13:11:02, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:02, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 11 try! [2005/11/09 13:11:03, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:03, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 12 try! [2005/11/09 13:11:04, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:04, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 13 try! [2005/11/09 13:11:05, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:05, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 14 try! [2005/11/09 13:11:06, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:06, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 15 try! [2005/11/09 13:11:07, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/11/09 13:11:07, 0] lib/smbldap.c:smbldap_search_suffix(1176) smbldap_search_suffix: Problem during the LDAP search: (Timed out) [2005/11/09 13:11:07, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350) could not add user/computer a13$ to passdb. Check permissions? [2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 10 [2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091) Transaction 36 of length 132 [2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:07, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:11:07, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:11:07, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:07, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/11/09 13:11:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091) Transaction 37 of length 132 [2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:07, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:11:07, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:11:07, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 768d) [2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:07, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: SAMR_CLOSE_HND [2005/11/09 13:11:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091) Transaction 38 of length 45 [2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091) Transaction 39 of length 132 [2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886) switch message SMBtrans (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:08, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2005/11/09 13:11:08, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2005/11/09 13:11:08, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 768a) [2005/11/09 13:11:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:08, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538) api_rpcTNP: rpc command: LSA_CLOSE [2005/11/09 13:11:08, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2005/11/09 13:11:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542) free_pipe_context: destroying talloc pool of size 0 [2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091) Transaction 40 of length 45 [2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091) Transaction 41 of length 43 [2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886) switch message SMBulogoffX (pid 10694) conn 0x0 [2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:11:08, 3] smbd/reply.c:reply_ulogoffX(1261) ulogoffX vuid=100 [2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091) Transaction 42 of length 39 [2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 10694) conn 0x83ce8d0 [2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:11:08, 3] smbd/service.c:close_cnum(830) a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service IPC$ [2005/11/09 13:11:08, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:11:08, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/09 13:11:08, 2] smbd/server.c:exit_server(609) Closing connections [2005/11/09 13:11:08, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/11/09 13:11:08, 3] smbd/server.c:exit_server(652) Server exit (normal exit) # eof log.a13 Cheers Erik Skogh