Hello,
I am usually able to log me onto my domain. However, i have problems to
get authentication under windows where I need admin rights, which also
succeeds some times.
I have the following in my groupmap:
# net groupmap list
admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin
guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests
gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb
bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) -> bib-admins
bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) -> bibliothek
and user/group is on the system:
$ getent group admin
admin:x:1000:law,[...]
$ getent passwd law
law:x:1001:1001:Mario Lipinski:/home/law:/bin/bash
$ getent group gsb
gsb:x:60000:
I am member of the group admin (which is also a user with the same uid
if that matters). So everything should be fine.
In my logs I find these line:
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513
Does that mean, that the group id 60000 is assigned to me? Why? I am not
member of the group with id 60000 (see above)
I post almost a full log here. Some parts which might contain my
password is removed. I hope I did not forget anything.
Mario
[2006/08/27 20:02:52, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
change_notify_timeout: -1
[2006/08/27 20:03:02, 3, pid=4545] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:02, 5, pid=4545] smbd/uid.c:change_to_root_user(275)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/08/27 20:03:02, 10, pid=4545] smbd/process.c:setup_select_timeout(1284)
change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 448
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
got message type 0x0 of len 0x1c0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
Transaction 14094 of length 452
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
size=448
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=115
smb_mid=37068
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=30418 (0x76D2)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 384 (0x180)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 384 (0x180)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=385
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-4092459118-2595994810-1099795350-501
contains 4 SIDs
SID[ 0]: S-1-5-21-4092459118-2595994810-1099795350-501
SID[ 1]: S-1-1-0
SID[ 2]: S-1-5-2
SID[ 3]: S-1-5-32-546
SE_PRIV 0x0 0x0 0x0 0x0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 65534
Primary group is 65534 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] smbd/uid.c:change_to_user(260)
change_to_user uid=(65534,65534) gid=(0,65534)
[2006/08/27 20:03:03, 4, pid=18112] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /tmp
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_pipe(937)
write_to_pipe: 76d2 name: NETLOGON open: Yes len: 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
write_to_pipe: data_left = 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0,
incoming data = 384
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:fill_rpc_header(395)
fill_rpc_header: data_to_copy = 384, len_needed_to_complete_hdr = 16,
receive_len = 0
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
write_to_pipe: data_used = 16
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0,
incoming data = 368
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0180
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 0000000e
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511)
unmarshall_rpc_header: type = 0, flags = 3
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
write_to_pipe: data_used = 0
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 368,
incoming data = 368
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:process_complete_pdu(719)
process_complete_pdu: processing packet type 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0000 alloc_hint: 0000013e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0004 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0006 opnum : 0002
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_pipe.c:api_pipe_schannel_process(2086)
data 320 auth 32
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000148 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0148 auth_type : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0149 auth_level : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
014a auth_pad_len : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
014b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
014c auth_context_id: 000b3ca0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000150 smb_io_rpc_auth_schannel_chk
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0150 sig : 77 00 7a 00 ff ff 00 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0158 seq_num: 1d 0f 67 93 6c a8 a1 52
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0160 packet_digest: 53 2d 8b 35 8e b4 ad 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0168 confounder: 4a 95 04 46 4a c6 35 ef
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1710)
SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1730)
SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\NETLOGON
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: NETLOGON op 0x2 - api_rpcTNP: rpc command: NET_SAMLOGON
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2284)
api_rpc_cmds[4].fn == 0x503330
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_q_sam_logon
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_sam_info
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_clnt_info2
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_clnt_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0000 undoc_buffer : 000aaf30
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000004 smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0004 uni_max_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0008 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
000c uni_str_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
0010 buffer : \.\.G.A.R.F.I.E.L.D...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0028 undoc_buffer2: 000aafec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
00002c smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
002c uni_max_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0030 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0034 uni_str_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
0038 buffer : G.A.R.G.A.M.E.L...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
004c ptr_cred: 00c5f020
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000050 smb_io_cred
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000050 smb_io_chal
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0050 data: c9 29 17 5b 3e 77 97 1a
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000058 smb_io_utime
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0058 time: 44f1de56
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
005c ptr_rtn_cred : 00c5f02c
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000060 smb_io_cred
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000060 smb_io_chal
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0060 data: 78 16 88 77 ff ff ff ff
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000068 smb_io_utime
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0068 time: 00c5f048
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
006c logon_level : 0002
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
00006e smb_io_sam_info_ctr logon_info
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
006e switch_value : 0002
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000070 net_io_id_info2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0070 ptr_id_info2: 00c5f548
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000074 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0074 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0076 uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0078 buffer : 000e6db8
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
007c param_ctrl: 00000a60
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000080 smb_io_logon_id
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0080 low : 001409fd
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0084 high: 00000000
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000088 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0088 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
008a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
008c buffer : 000e6dbe
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000090 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0090 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0092 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0094 buffer : 000e6dc4
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0098 lm_chal: cb e0 c8 79 df 82 1a 99
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000a0 smb_io_strhdr hdr_nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a0 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a2 str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00a4 buffer : 000e6dd4
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000a8 smb_io_strhdr hdr_lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a8 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00aa str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00ac buffer : 000e6dec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000b0 smb_io_unistr2 uni_domain_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00b0 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00b4 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00b8 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
00bc buffer : G.S.B.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000c2 smb_io_unistr2 uni_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00c4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00c8 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00cc uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
00d0 buffer : l.a.w.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000d6 smb_io_unistr2 uni_wksta_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00d8 uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00dc offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00e0 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
00e4 buffer : G.A.R.G.A.M.E.L.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000f4 smb_io_string2 nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00f4 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00f8 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00fc str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
0100 buffer : ..k..RL.....<t1. .<.H.x.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000118 smb_io_string2 lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0118 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
011c offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0120 str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
0124 buffer : .z....j.3...!GD.....)(..
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
013c validation_level: 0003
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(148)
sequence = 0x44f1de56
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(150)
seed: 1D945542017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(155)
seed+seq 73724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(159)
CLIENT C929175B3E77971A
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(164)
seed+seq+1 74724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(168)
SERVER 92A653116C9BED38
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_reseed(238)
cred_reseed: seed 74724787017A748E
[2006/08/27 20:03:03, 10, pid=18112]
libsmb/credentials.c:creds_server_check(221)
creds_server_check: credentials check OK.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112]
passdb/secrets.c:secrets_store_schannel_session_info(994)
secrets_store_schannel_session_info: stored schannel info with key
SECRETS/SCHANNEL/GARGAMEL
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(847)
SAM Logon (Network). Domain:[GSB]. User:[law@GARGAMEL] Requested Domain:[GSB]
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(862)
Attempting validation level 2 for unmapped username law.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt passwords = yes
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [GSB]\[law] from workstation [GARGAMEL]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:is_trusted_domain(2016)
is_trusted_domain: Checking for domain trust with [GSB]
[2006/08/27 20:03:03, 5, pid=18112]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 10, pid=18112] lib/gencache.c:gencache_get(312)
Cache entry with key = TDOM/GSB couldn't be found
[2006/08/27 20:03:03, 5, pid=18112]
libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain GSB found.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for law (law)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(85)
making strings for law's user_info struct
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(117)
making blobs for law's user_info struct
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:make_user_info(135)
made an encrypted user_info for law (law)
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[GSB]\[law]@[GARGAMEL] with the new password interface
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [GSB]\[law]@[GARGAMEL]
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(233)
check_ntlm_password: auth_context challenge created by fixed
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(235)
challenge is:
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:dump_data(2215)
[000] CB E0 C8 79 DF 82 1A 99 ...y....
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(261)
check_ntlm_password: guest had nothing to say
[2006/08/27 20:03:03, 8, pid=18112] lib/util.c:is_myname(2036)
is_myname("GSB") returns 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE username = 'law'
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
pdb_set_username: setting username law, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
pdb_set_domain: setting domain GSB, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
pdb_set_nt_username: setting nt username law, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
pdb_set_full_name: setting full name Mario Lipinski, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
pdb_set_homedir: setting home dir \\garfield\law, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
pdb_set_logon_script: setting logon script admins.bat, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1478)
lookup_global_sam_rid: looking up RID 3003.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
Executing query SELECT
logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'?????????????????????',NULL
FROM user WHERE user_sid =
'S-1-5-21-4092459118-2595994810-1099795350-3003'
[2006/08/27 20:03:03, 10, pid=18112] pdb_mysql.c:row_to_sam_account(93)
empty resultpop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112]
passdb/pdb_interface.c:lookup_global_sam_rid(1540)
Can't find a unix id for an unmapped group
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
pdb_set_username: setting username law, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
pdb_set_domain: setting domain GSB, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_nt_username(580)
pdb_set_nt_username: setting nt username law, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
pdb_set_full_name: setting full name Mario Lipinski, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
pdb_set_homedir: setting home dir \\garfield\law, was
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_dir_drive(672)
pdb_set_dir_drive: setting dir drive , was NULL
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_logon_script(626)
pdb_set_logon_script: setting logon script admins.bat, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_profile_path(649)
pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_get_set.c:pdb_set_workstations(739)
pdb_set_workstations: setting workstations , was
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
pdb_set_user_sid: setting user sid
S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_gid_from_cache(1010)
fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
pdb_set_group_sid: setting group sid
S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112]
passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 9, pid=18112]
passdb/passdb.c:pdb_update_autolock_flag(1407)
pdb_update_autolock_flag: Account law not autolocked, no check needed
[2006/08/27 20:03:03, 4, pid=18112] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2006/08/27 20:03:03, 4, pid=18112] auth/auth_sam.c:sam_account_ok(138)
sam_account_ok: Checking SMB password for user law
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_sam.c:logon_hours_ok(120)
logon_hours_ok: user law allowed to logon at this time (Sun Aug 27 18:03:03
2006
)
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/system_smbd.c:sys_getgrouplist(125)
sys_getgrouplist: user [law]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
fetch sid from gid cache 1001 -> S-1-22-2-1001
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
fetch sid from gid cache 0 -> S-1-22-2-0
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
fetch sid from gid cache 40 -> S-1-22-2-40
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
fetch sid from gid cache 50 -> S-1-22-2-50
[2006/08/27 20:03:03, 3, pid=18112]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
fetch sid from gid cache 1000 -> S-1-22-2-1000
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_server_info_sam(625)
make_server_info_sam: made server info for user law -> law
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [law] succeeded
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:check_ntlm_password(296)
check_ntlm_password: PAM Account for user [law] succeeded
[2006/08/27 20:03:03, 2, pid=18112] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [law] -> [law] -> [law]
succeeded
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:free_user_info(1866)
attempting to free (and zero) a user_info structure
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:free_user_info(1870)
structure was created for law
[2006/08/27 20:03:03, 5, pid=18112]
rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
_net_sam_logon: check_password returned status NT_STATUS_OK
[2006/08/27 20:03:03, 4, pid=18112] rpc_parse/parse_net.c:init_dom_sid2s(1009)
init_dom_sid2s:
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_r_sam_logon
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0000 buffer_creds: 00000001
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000004 smb_io_cred
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000004 smb_io_chal
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0004 data: 92 a6 53 11 6c 9b ed 38
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
00000c smb_io_utime
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
000c time: 44f1de57
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0010 switch_value: 0003
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000014 net_io_user_info3
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0014 ptr_user_info : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000018 smb_io_time logon time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0018 low : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
001c high: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000020 smb_io_time logoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0020 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0024 high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000028 smb_io_time kickoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0028 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
002c high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000030 smb_io_time last set time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0030 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0034 high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000038 smb_io_time can change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0038 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
003c high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000040 smb_io_time must change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0040 low : d4a5e980
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0044 high: 01e9fd1e
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000048 smb_io_unihdr hdr_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0048 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
004a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
004c buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000050 smb_io_unihdr hdr_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0050 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0052 uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0054 buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000058 smb_io_unihdr hdr_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0058 uni_str_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
005a uni_max_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
005c buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000060 smb_io_unihdr hdr_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0060 uni_str_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0062 uni_max_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0064 buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000068 smb_io_unihdr hdr_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0068 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
006a uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
006c buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000070 smb_io_unihdr hdr_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0070 uni_str_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0072 uni_max_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0074 buffer : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0078 logon_count : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
007a bad_pw_count : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
007c user_rid : 00000bba
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0080 group_rid : 00000201
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0084 num_groups : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0088 buffer_groups : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
008c user_flgs : 00000020
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_user_flgs(1555)
dump_user_flgs
account has LOGON_EXTRA_SIDS
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0090 user_sess_key: 86 4d c5 2d e6 ec 27 12 cd e8 59 9c 63 d0 54 fc
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000a0 smb_io_unihdr hdr_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a0 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a2 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00a4 buffer : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000a8 smb_io_unihdr hdr_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00a8 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
00aa uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00ac buffer : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00b0 buffer_dom_id : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
00b4 lm_sess_key: 30 32 0f fc ff 3e b1 1c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00bc acct_flags : 00000212
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_acct_flags(1528)
dump_acct_flags
account has ACB_NORMAL
account has ACB_PWNOEXP
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00c0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00c4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00c8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00cc unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00d0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00d4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00d8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00dc num_other_sids: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00e0 buffer_other_sids: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000e4 smb_io_unistr2 uni_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00e4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00e8 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00ec uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
00f0 buffer : l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0000f6 smb_io_unistr2 uni_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00f8 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
00fc offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0100 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
0104 buffer : M.a.r.i.o. .L.i.p.i.n.s.k.i.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000120 smb_io_unistr2 uni_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0120 uni_max_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0124 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0128 uni_str_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
012c buffer : a.d.m.i.n.s...b.a.t.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000140 smb_io_unistr2 uni_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0140 uni_max_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0144 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0148 uni_str_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
014c buffer :
\.\.g.a.r.f.i.e.l.d.\.l.a.w.\...n.t.p.r.o.f.i.l.e.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
00017e smb_io_unistr2 uni_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0180 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0184 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0188 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
018c buffer : \.\.g.a.r.f.i.e.l.d.\.l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0001a8 smb_io_unistr2 - NULL uni_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01a8 num_groups2 : 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0001ac smb_io_unistr2 uni_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01ac uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01b0 offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01b4 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
01b8 buffer : G.A.R.F.I.E.L.D.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0001c8 smb_io_unistr2 uni_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01c8 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01cc offset : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01d0 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
01d4 buffer : G.S.B.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0001da smb_io_dom_sid2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01dc num_auths: 00000004
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
0001e0 smb_io_dom_sid sid
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e0 sid_rev_num: 01
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e1 num_auths : 04
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e2 id_auth[0] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e3 id_auth[1] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e4 id_auth[2] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e5 id_auth[3] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e6 id_auth[4] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
01e7 id_auth[5] : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32s(991)
01e8 sub_auths : 00000015 f3edf86e 9abbbcba 418d8b96
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
01f8 auth_resp : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_ntstatus(763)
01fc status : NT_STATUS_OK
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called NETLOGON successfully
[2006/08/27 20:03:03, 3, pid=18112]
rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 998
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
write_to_pipe: data_used = 368
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=76d2 nwritten=384
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=115
smb_mid=37068
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 384 (0x180)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112]
lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 59
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
got message type 0x0 of len 0x3b
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
Transaction 14095 of length 63
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=115
smb_mid=37132
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=30418 (0x76D2)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 4, pid=18112] smbd/uid.c:change_to_user(176)
change_to_user: Skipping user change - already user
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
read_from_pipe: 76d2 name: NETLOGON len: 1024
[2006/08/27 20:03:03, 10, pid=18112]
rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068)
read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 512.
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0008 frag_len : 0240
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
000a auth_len : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
000c call_id : 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
0010 alloc_hint: 00000200
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
0014 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000218 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0218 auth_type : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
0219 auth_level : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
021a auth_pad_len : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
021b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
021c auth_context_id: 00000001
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_encode(1633)
SCHANNEL: schannel_encode seq_num=27 data_len=512
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
000220 smb_io_rpc_auth_schannel_chk
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0220 sig : 77 00 7a 00 ff ff 00 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0228 seq_num: 56 92 bc 2e 01 65 4e ee
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0230 packet_digest: 23 19 33 ef 8a c5 df 69
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
0238 confounder: 70 ec 77 3a 58 e0 61 49
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=76d2 min=1024 max=1024 nread=576
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
size=635
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=115
smb_mid=37132
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 576 (0x240)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=576
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
change_notify_timeout: -1