thr3ads.net - samba - [Samba] Authentication fails (sometimes) [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Mario Lipinski

2006-Aug-30 12:04 UTC

[Samba] Authentication fails (sometimes)

Hello,

I am usually able to log me onto my domain. However, i have problems to
get authentication under windows where I need admin rights, which also
succeeds some times.

I have the following in my groupmap:

# net groupmap list
admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin
guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests
gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb
bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) -> bib-admins
bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) -> bibliothek

and user/group is on the system:

$ getent group admin
admin:x:1000:law,[...]
$ getent passwd law
law:x:1001:1001:Mario Lipinski:/home/law:/bin/bash
$ getent group gsb
gsb:x:60000:

I am member of the group admin (which is also a user with the same uid
if that matters). So everything should be fine.


In my logs I find these line:

[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
  	setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
  fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
  pdb_set_group_sid_from_rid:
  	setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513

Does that mean, that the group id 60000 is assigned to me? Why? I am not
member of the group with id 60000 (see above)

I post almost a full log here. Some parts which might contain my
password is removed. I hope I did not forget anything.


Mario


[2006/08/27 20:02:52, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:02, 3, pid=4545] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:02, 5, pid=4545] smbd/uid.c:change_to_root_user(275)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/08/27 20:03:02, 10, pid=4545] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 448
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
  got message type 0x0 of len 0x1c0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
  Transaction 14094 of length 452
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=448
  smb_com=0x2f
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37068
  smt_wct=14
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=57054 (0xDEDE)
  smb_vwv[ 2]=30418 (0x76D2)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=65535 (0xFFFF)
  smb_vwv[ 6]=65535 (0xFFFF)
  smb_vwv[ 7]=    8 (0x8)
  smb_vwv[ 8]=  384 (0x180)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=  384 (0x180)
  smb_vwv[11]=   64 (0x40)
  smb_vwv[12]=    0 (0x0)
  smb_vwv[13]=    0 (0x0)
  smb_bcc=385
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
  switch message SMBwriteX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-4092459118-2595994810-1099795350-501
  contains 4 SIDs
  SID[  0]: S-1-5-21-4092459118-2595994810-1099795350-501
  SID[  1]: S-1-1-0
  SID[  2]: S-1-5-2
  SID[  3]: S-1-5-32-546
  SE_PRIV  0x0 0x0 0x0 0x0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 65534
  Primary group is 65534 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] smbd/uid.c:change_to_user(260)
  change_to_user uid=(65534,65534) gid=(0,65534)
[2006/08/27 20:03:03, 4, pid=18112] smbd/vfs.c:vfs_ChDir(741)
  vfs_ChDir to /tmp
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
  search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
  pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_pipe(937)
  write_to_pipe: 76d2 name: NETLOGON open: Yes len: 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0,
incoming data = 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:fill_rpc_header(395)
  fill_rpc_header: data_to_copy = 384, len_needed_to_complete_hdr = 16,
receive_len = 0
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 16
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0,
incoming data = 368
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0000 major     : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0001 minor     : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0002 pkt_type  : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0003 flags     : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0008 frag_len  : 0180
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      000a auth_len  : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      000c call_id   : 0000000e
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
  unmarshall_rpc_header: using little-endian RPC
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511)
  unmarshall_rpc_header: type = 0, flags = 3
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 0
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 368,
incoming data = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_complete_pdu(719)
  process_complete_pdu: processing packet type 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr_req req
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0000 alloc_hint: 0000013e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0004 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0006 opnum     : 0002
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe.c:api_pipe_schannel_process(2086)
  data 320 auth 32
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000148 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0148 auth_type    : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0149 auth_level   : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      014a auth_pad_len : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      014b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      014c auth_context_id: 000b3ca0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000150 smb_io_rpc_auth_schannel_chk 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0150 sig  : 77 00 7a 00 ff ff 00 00 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0158 seq_num: 1d 0f 67 93 6c a8 a1 52 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0160 packet_digest: 53 2d 8b 35 8e b4 ad 03 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0168 confounder: 4a 95 04 46 4a c6 35 ef 
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1710)
  SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1730)
  SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_pipe_request(2223)
  Requested \PIPE\NETLOGON
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2258)
  api_rpcTNP: NETLOGON op 0x2 - api_rpcTNP: rpc command: NET_SAMLOGON
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2284)
  api_rpc_cmds[4].fn == 0x503330
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_q_sam_logon 
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_sam_info 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000000 smb_io_clnt_info2 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000000 smb_io_clnt_srv 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0000 undoc_buffer : 000aaf30
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000004 smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0004 uni_max_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0008 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      000c uni_str_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      0010 buffer     : \.\.G.A.R.F.I.E.L.D...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0028 undoc_buffer2: 000aafec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  00002c smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      002c uni_max_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0030 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0034 uni_str_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      0038 buffer     : G.A.R.G.A.M.E.L...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              004c ptr_cred: 00c5f020
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000050 smb_io_cred 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000050 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                      0050 data: c9 29 17 5b 3e 77 97 1a 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000058 smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0058 time: 44f1de56
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          005c ptr_rtn_cred : 00c5f02c
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000060 smb_io_cred 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000060 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                  0060 data: 78 16 88 77 ff ff ff ff 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000068 smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0068 time: 00c5f048
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          006c logon_level  : 0002
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00006e smb_io_sam_info_ctr logon_info
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              006e switch_value : 0002
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000070 net_io_id_info2 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0070 ptr_id_info2: 00c5f548
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000074 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0074 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0076 uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0078 buffer     : 000e6db8
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  007c param_ctrl: 00000a60
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000080 smb_io_logon_id 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0080 low : 001409fd
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0084 high: 00000000
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000088 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0088 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      008a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      008c buffer     : 000e6dbe
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000090 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0090 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0092 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0094 buffer     : 000e6dc4
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                  0098 lm_chal: cb e0 c8 79 df 82 1a 99 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000a0 smb_io_strhdr hdr_nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a0 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a2 str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00a4 buffer     : 000e6dd4
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000a8 smb_io_strhdr hdr_lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a8 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00aa str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00ac buffer     : 000e6dec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000b0 smb_io_unistr2 uni_domain_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b0 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b4 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b8 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00bc buffer     : G.S.B.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000c2 smb_io_unistr2 uni_user_name  
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00c4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00c8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00cc uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00d0 buffer     : l.a.w.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000d6 smb_io_unistr2 uni_wksta_name 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00d8 uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00dc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00e0 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00e4 buffer     : G.A.R.G.A.M.E.L.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000f4 smb_io_string2 nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00f4 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00f8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00fc str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
                      0100 buffer     : ..k..RL.....<t1. .<.H.x.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000118 smb_io_string2 lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0118 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      011c offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0120 str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
                      0124 buffer     : .z....j.3...!GD.....)(..
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      013c validation_level: 0003
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(148)
  	sequence = 0x44f1de56
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(150)
  	seed:        1D945542017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(155)
  	seed+seq   73724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(159)
  	CLIENT      C929175B3E77971A
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(164)
  	seed+seq+1   74724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(168)
  	SERVER      92A653116C9BED38
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_reseed(238)
  cred_reseed: seed 74724787017A748E
[2006/08/27 20:03:03, 10, pid=18112]
libsmb/credentials.c:creds_server_check(221)
  creds_server_check: credentials check OK.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112]
passdb/secrets.c:secrets_store_schannel_session_info(994)
  secrets_store_schannel_session_info: stored schannel info with key
SECRETS/SCHANNEL/GARGAMEL
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(847)
  SAM Logon (Network). Domain:[GSB].  User:[law@GARGAMEL] Requested Domain:[GSB]
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(862)
  Attempting validation level 2 for unmapped username law.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:make_auth_context_subsystem(484)
  Making default auth method list for DC, security=user, encrypt passwords = yes
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match guest
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method guest has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match sam
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method sam has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method trustdomain has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method winbind has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user [GSB]\[law] from workstation [GARGAMEL]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:is_trusted_domain(2016)
  is_trusted_domain: Checking for domain trust with [GSB]
[2006/08/27 20:03:03, 5, pid=18112]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
  secrets_fetch failed!
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 10, pid=18112] lib/gencache.c:gencache_get(312)
  Cache entry with key = TDOM/GSB couldn't be found
[2006/08/27 20:03:03, 5, pid=18112]
libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
  no entry for trusted domain GSB found.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(75)
  attempting to make a user_info for law (law)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(85)
  making strings for law's user_info struct
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(117)
  making blobs for law's user_info struct
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:make_user_info(135)
  made an encrypted user_info for law (law)
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[GSB]\[law]@[GARGAMEL] with the new password interface
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [GSB]\[law]@[GARGAMEL]
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(233)
  check_ntlm_password: auth_context challenge created by fixed
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(235)
  challenge is: 
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:dump_data(2215)
  [000] CB E0 C8 79 DF 82 1A 99                           ...y.... 
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: guest had nothing to say
[2006/08/27 20:03:03, 8, pid=18112] lib/util.c:is_myname(2036)
  is_myname("GSB") returns 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
  Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE username = 'law'
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
  pdb_set_username: setting username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
  pdb_set_domain: setting domain GSB, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
  pdb_set_nt_username: setting nt username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
  pdb_set_full_name: setting full name Mario Lipinski, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
  pdb_set_homedir: setting home dir \\garfield\law, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
  pdb_set_logon_script: setting logon script admins.bat, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
  pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1478)
  lookup_global_sam_rid: looking up RID 3003.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
  Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE user_sid =
'S-1-5-21-4092459118-2595994810-1099795350-3003'
[2006/08/27 20:03:03, 10, pid=18112] pdb_mysql.c:row_to_sam_account(93)
  empty resultpop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1540)
  Can't find a unix id for an unmapped group
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
  account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
  pdb_set_username: setting username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
  pdb_set_domain: setting domain GSB, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
  pdb_set_nt_username: setting nt username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
  pdb_set_full_name: setting full name Mario Lipinski, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
  pdb_set_homedir: setting home dir \\garfield\law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_dir_drive(672)
  pdb_set_dir_drive: setting dir drive , was NULL
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
  pdb_set_logon_script: setting logon script admins.bat, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
  pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was 
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_workstations(739)
  pdb_set_workstations: setting workstations , was 
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
  account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
  	setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
  fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
  pdb_set_group_sid_from_rid:
  	setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 9, pid=18112]
passdb/passdb.c:pdb_update_autolock_flag(1407)
  pdb_update_autolock_flag: Account law not autolocked, no check needed
[2006/08/27 20:03:03, 4, pid=18112] libsmb/ntlm_check.c:ntlm_password_check(326)
  ntlm_password_check: Checking NT MD4 password
[2006/08/27 20:03:03, 4, pid=18112] auth/auth_sam.c:sam_account_ok(138)
  sam_account_ok: Checking SMB password for user law
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_sam.c:logon_hours_ok(120)
  logon_hours_ok: user law allowed to logon at this time (Sun Aug 27 18:03:03
2006
  )
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
  Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
  Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/system_smbd.c:sys_getgrouplist(125)
  sys_getgrouplist: user [law]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 1001 -> S-1-22-2-1001
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 0 -> S-1-22-2-0
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 40 -> S-1-22-2-40
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 50 -> S-1-22-2-50
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 1000 -> S-1-22-2-1000
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_server_info_sam(625)
  make_server_info_sam: made server info for user law -> law
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [law] succeeded
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:check_ntlm_password(296)
  check_ntlm_password:  PAM Account for user [law] succeeded
[2006/08/27 20:03:03, 2, pid=18112] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [law] -> [law] -> [law]
succeeded
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:free_user_info(1866)
  attempting to free (and zero) a user_info structure
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:free_user_info(1870)
  structure was created for law
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
  _net_sam_logon: check_password returned status NT_STATUS_OK
[2006/08/27 20:03:03, 4, pid=18112] rpc_parse/parse_net.c:init_dom_sid2s(1009)
  init_dom_sid2s: 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_sam_logon 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0000 buffer_creds: 00000001
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000004 smb_io_cred 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
              0004 data: 92 a6 53 11 6c 9b ed 38 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00000c smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              000c time: 44f1de57
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0010 switch_value: 0003
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000014 net_io_user_info3 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0014 ptr_user_info : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000018 smb_io_time logon time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0018 low : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              001c high: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_time logoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0020 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0024 high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000028 smb_io_time kickoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0028 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              002c high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_time last set time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0030 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0034 high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000038 smb_io_time can change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0038 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              003c high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000040 smb_io_time must change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0040 low : d4a5e980
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0044 high: 01e9fd1e
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000048 smb_io_unihdr hdr_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0048 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              004a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              004c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000050 smb_io_unihdr hdr_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0050 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0052 uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0054 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000058 smb_io_unihdr hdr_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0058 uni_str_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              005a uni_max_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              005c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000060 smb_io_unihdr hdr_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0060 uni_str_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0062 uni_max_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0064 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000068 smb_io_unihdr hdr_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0068 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              006a uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              006c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000070 smb_io_unihdr hdr_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0070 uni_str_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0072 uni_max_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0074 buffer     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          0078 logon_count   : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          007a bad_pw_count  : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          007c user_rid      : 00000bba
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0080 group_rid     : 00000201
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0084 num_groups    : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0088 buffer_groups : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          008c user_flgs     : 00000020
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_user_flgs(1555)
  dump_user_flgs
  	account has LOGON_EXTRA_SIDS
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
          0090 user_sess_key: 86 4d c5 2d e6 ec 27 12 cd e8 59 9c 63 d0 54 fc 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000a0 smb_io_unihdr hdr_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a0 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a2 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00a4 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000a8 smb_io_unihdr hdr_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a8 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00aa uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00ac buffer     : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00b0 buffer_dom_id : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
          00b4 lm_sess_key: 30 32 0f fc ff 3e b1 1c 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00bc acct_flags : 00000212
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_acct_flags(1528)
  dump_acct_flags
  	account has ACB_NORMAL
  	account has ACB_PWNOEXP
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00cc unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00dc num_other_sids: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00e0 buffer_other_sids: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000e4 smb_io_unistr2 uni_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00e4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00e8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00ec uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              00f0 buffer     : l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000f6 smb_io_unistr2 uni_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00f8 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00fc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0100 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              0104 buffer     : M.a.r.i.o. .L.i.p.i.n.s.k.i.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000120 smb_io_unistr2 uni_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0120 uni_max_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0124 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0128 uni_str_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              012c buffer     : a.d.m.i.n.s...b.a.t.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000140 smb_io_unistr2 uni_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0140 uni_max_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0144 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0148 uni_str_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              014c buffer     :
\.\.g.a.r.f.i.e.l.d.\.l.a.w.\...n.t.p.r.o.f.i.l.e.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00017e smb_io_unistr2 uni_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0180 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0184 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0188 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              018c buffer     : \.\.g.a.r.f.i.e.l.d.\.l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001a8 smb_io_unistr2 - NULL uni_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          01a8 num_groups2   : 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001ac smb_io_unistr2 uni_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01ac uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01b0 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01b4 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              01b8 buffer     : G.A.R.F.I.E.L.D.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001c8 smb_io_unistr2 uni_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01c8 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01cc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01d0 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              01d4 buffer     : G.S.B.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001da smb_io_dom_sid2 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01dc num_auths: 00000004
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              0001e0 smb_io_dom_sid sid
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e0 sid_rev_num: 01
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e1 num_auths  : 04
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e2 id_auth[0] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e3 id_auth[1] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e4 id_auth[2] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e5 id_auth[3] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e6 id_auth[4] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e7 id_auth[5] : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32s(991)
                  01e8 sub_auths : 00000015 f3edf86e 9abbbcba 418d8b96 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      01f8 auth_resp   : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_ntstatus(763)
      01fc status      : NT_STATUS_OK
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2305)
  api_rpcTNP: called NETLOGON successfully
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 998
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 368
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_write_and_X(217)
  writeX-IPC pnum=76d2 nwritten=384
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=47
  smb_com=0x2f
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37068
  smt_wct=6
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=  384 (0x180)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_bcc=0
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 59
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
  got message type 0x0 of len 0x3b
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
  Transaction 14095 of length 63
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=59
  smb_com=0x2e
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37132
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=57054 (0xDEDE)
  smb_vwv[ 2]=30418 (0x76D2)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]= 1024 (0x400)
  smb_vwv[ 6]= 1024 (0x400)
  smb_vwv[ 7]=65535 (0xFFFF)
  smb_vwv[ 8]=65535 (0xFFFF)
  smb_vwv[ 9]= 1024 (0x400)
  smb_vwv[10]=    0 (0x0)
  smb_vwv[11]=    0 (0x0)
  smb_bcc=0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
  switch message SMBreadX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 4, pid=18112] smbd/uid.c:change_to_user(176)
  change_to_user: Skipping user change - already user
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
  search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
  pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
  read_from_pipe: 76d2 name: NETLOGON len: 1024
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068)
  read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 512.
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0000 major     : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0001 minor     : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0002 pkt_type  : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0003 flags     : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0008 frag_len  : 0240
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      000a auth_len  : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      000c call_id   : 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0010 alloc_hint: 00000200
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0014 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0016 cancel_ct : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0017 reserved  : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000218 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0218 auth_type    : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0219 auth_level   : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      021a auth_pad_len : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      021b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      021c auth_context_id: 00000001
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_encode(1633)
  SCHANNEL: schannel_encode seq_num=27 data_len=512
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000220 smb_io_rpc_auth_schannel_chk 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0220 sig  : 77 00 7a 00 ff ff 00 00 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0228 seq_num: 56 92 bc 2e 01 65 4e ee 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0230 packet_digest: 23 19 33 ef 8a c5 df 69 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0238 confounder: 70 ec 77 3a 58 e0 61 49 
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_read_and_X(262)
  readX-IPC pnum=76d2 min=1024 max=1024 nread=576
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=635
  smb_com=0x2e
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37132
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=  576 (0x240)
  smb_vwv[ 6]=   59 (0x3B)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=    0 (0x0)
  smb_vwv[11]=    0 (0x0)
  smb_bcc=576
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1

Mario Lipinski

2006-Aug-30 23:37 UTC

head link

[Samba] Authentication fails (sometimes)

Hello,

i reproduced the problem with the tdbsam backend.

I uploaded a full log (from samba start till stop) to
http://l4w.info/log.smbd.2006-08-31_01:04.bz2

I tried to login on Host GARGAMEL to Domain GSB with user admin at
1:04:01.

GARGAMEL is running Windows 2000 SP4 Server and had a remote desktop
session for admin running which i whould have attached. Terminal
services are configured for admin mode.

The PDC for GSB is GARFIELD running Samba 3.0.23c-gwc-2.

The loggin attempt failed with the message I were not allowed to login
to the session, which means I have no admin rights. The password was
already verified then.

There are no conflicts with other users. After restarting Samba (a few
times), login succeeds.

For information about group mappings, users, groups and group membership
see my prior posting.

I really hope to get a solution soon and I apologize for the confusion
earlier.


Mario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url :
http://lists.samba.org/archive/samba/attachments/20060831/44b86b00/attachment.bin

Maybe Matching Threads

Search for more reasonably related threads

samba - Aug 2006 - Authentication fails (sometimes)

[Samba] Authentication fails (sometimes)

[Samba] Authentication fails (sometimes)

Maybe Matching Threads