-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hye Gurus,
i'am newbie on this maillist - and my english is not very good -> sorry!
i'am verry interrested in samba using ldap authentifiaction
i have see many howto on internet about this subject.
However my win XP sp2 do not want connect to my Samba pdc server
perhaps something wrong...
Ldap authentification works fine !
OS debian etch
Best regards
#########LOG FROM LOGLEVEL 5#######
[2008/03/13 00:16:24, 5] smbd/reply.c:reply_special(543)
init msg_type=0x81 msg_flags=0x0
[2008/03/13 00:16:24, 3] smbd/process.c:process_smb(1110)
Transaction 1 of length 137
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(495)
size=133
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51283
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=98
[2008/03/13 00:16:24, 3] smbd/process.c:switch_message(914)
switch message SMBnegprot (pid 7721) conn 0x0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN1.0]
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [Windows for Workgroups 3.1a]
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LM1.2X002]
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN2.1]
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [NT LM 0.12]
[2008/03/13 00:16:24, 5] smbd/connection.c:claim_connection(170)
claiming 0
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_nt1(357)
using SPNEGO
[2008/03/13 00:16:24, 3] smbd/negprot.c:reply_negprot(580)
Selected protocol NT LM 0.12
[2008/03/13 00:16:24, 5] smbd/negprot.c:reply_negprot(586)
negprot index=5
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=0
smt_wct=17
smb_vwv[ 0]= 5 (0x5)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=10496 (0x2900)
smb_vwv[ 8]= 30 (0x1E)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]= 128 (0x80)
smb_vwv[12]=62164 (0xF2D4)
smb_vwv[13]=38678 (0x9716)
smb_vwv[14]=51332 (0xC884)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]= 255 (0xFF)
smb_bcc=58
[2008/03/13 00:16:24, 3] smbd/process.c:process_smb(1110)
Transaction 2 of length 240
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(495)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=38912
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2008/03/13 00:16:24, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:24, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 40
[2008/03/13 00:16:24, 5] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend sam
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'sam'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend sam_ignoredomain
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'sam_ignoredomain'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend unix
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'unix'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend winbind
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'winbind'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend smbserver
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'smbserver'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend trustdomain
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'trustdomain'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend ntdomain
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'ntdomain'
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(47)
Attempting to register auth backend guest
[2008/03/13 00:16:24, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'guest'
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2008/03/13 00:16:24, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2008/03/13 00:16:24, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:16:24, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module guest did not want to specify a challenge
[2008/03/13 00:16:24, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module sam did not want to specify a challenge
[2008/03/13 00:16:24, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module winbind did not want to specify a challenge
[2008/03/13 00:16:24, 5] auth/auth.c:get_ntlm_challenge(137)
auth_context challenge created by random
[2008/03/13 00:16:24, 5] auth/auth.c:get_ntlm_challenge(138)
challenge is:
[2008/03/13 00:16:24, 5] lib/util.c:dump_data(2222)
[000] 58 04 88 EE A5 76 B9 E9 X....v..
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(495)
size=244
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=38912
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 149 (0x95)
smb_bcc=201
[2008/03/13 00:16:24, 3] smbd/process.c:process_smb(1110)
Transaction 3 of length 272
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:24, 5] lib/util.c:show_msg(495)
size=268
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=100
smb_mid=38976
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 268 (0x10C)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 107 (0x6B)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=209
[2008/03/13 00:16:24, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:24, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:24, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[] domain=[] workstation=[SERVE] len1=1 len2=0
[2008/03/13 00:16:24, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user []\[] from workstation [SERVE]
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] auth/auth_util.c:is_trusted_domain(2020)
is_trusted_domain: Checking for domain trust with [EXAMPLE]
[2008/03/13 00:16:24, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain EXAMPLE found.
[2008/03/13 00:16:24, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for ()
[2008/03/13 00:16:24, 5] auth/auth_util.c:make_user_info(85)
making strings for 's user_info struct
[2008/03/13 00:16:24, 5] auth/auth_util.c:make_user_info(117)
making blobs for 's user_info struct
[2008/03/13 00:16:24, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[]\[]@[SERVE] with the new password interface
[2008/03/13 00:16:24, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [EXAMPLE]\[]@[SERVE]
[2008/03/13 00:16:24, 5] lib/util.c:dump_data(2222)
[000] 58 04 88 EE A5 76 B9 E9 X....v..
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_close(1080)
The connection to the LDAP server was closed
[2008/03/13 00:16:24, 2] lib/smbldap.c:smbldap_open_connection(788)
smbldap_open_connection: connection opened
[2008/03/13 00:16:24, 3] lib/smbldap.c:smbldap_connect_system(992)
ldap_connect_system: succesful connection to the LDAP server
[2008/03/13 00:16:24, 4] lib/smbldap.c:smbldap_open(1060)
The LDAP server is succesfully connected
[2008/03/13 00:16:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:24, 4] lib/substitute.c:automount_server(407)
Home server: pdc
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:16:24, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:16:24, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:16:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: guest authentication for user [] succeeded
[2008/03/13 00:16:24, 5] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: guest authentication for user [] -> [] ->
[nobody] succeeded
[2008/03/13 00:16:24, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/03/13 00:16:24, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 544 -> S-1-5-32-544
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:24, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2008/03/13 00:16:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:24, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))],
scope => [2]
[2008/03/13 00:16:25, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))],
scope => [2]
[2008/03/13 00:16:25, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-20043454-3907201459-4213964173-501]
[2008/03/13 00:16:25, 5] lib/privileges.c:get_privileges_for_sids(459)
get_privileges_for_sids: sid = S-1-1-0
Privilege set:
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:16:25, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/03/13 00:16:25, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
[2008/03/13 00:16:25, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
[2008/03/13 00:16:25, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2]
[2008/03/13 00:16:25, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2008/03/13 00:16:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:16:25, 3] smbd/password.c:register_vuid(280)
User name: nobody Real name: nobody
[2008/03/13 00:16:25, 3] smbd/password.c:register_vuid(301)
UNIX uid 65534 is UNIX user nobody, and will be vuid 101
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=101
smb_mid=38976
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=61
[2008/03/13 00:16:25, 3] smbd/process.c:process_smb(1110)
Transaction 4 of length 76
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=72
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=101
smb_mid=39040
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 8 (0x8)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=29
[2008/03/13 00:16:25, 3] smbd/process.c:switch_message(914)
switch message SMBtconX (pid 7721) conn 0x0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 4] smbd/reply.c:reply_tcon_and_X(668)
Client requested device type [?????] for share [IPC$]
[2008/03/13 00:16:25, 5] smbd/service.c:make_connection(1125)
making a connection to 'normal' service ipc$
[2008/03/13 00:16:25, 3] lib/access.c:check_access(312)
check_access: no hostnames in host allow/deny list.
[2008/03/13 00:16:25, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.57)
[2008/03/13 00:16:25, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user nobody
[2008/03/13 00:16:25, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is nobody
[2008/03/13 00:16:25, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [nobody]!
[2008/03/13 00:16:25, 3] smbd/service.c:make_connection_snum(761)
Connect path is '/tmp' for service [IPC$]
[2008/03/13 00:16:25, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:16:25, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:16:25, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-501
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
[2008/03/13 00:16:25, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (2) granted.
[2008/03/13 00:16:25, 3] smbd/vfs.c:vfs_init_default(219)
Initialising default vfs hooks
[2008/03/13 00:16:25, 5] smbd/connection.c:claim_connection(170)
claiming IPC$ 0
[2008/03/13 00:16:25, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:16:25, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:16:25, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-501
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
[2008/03/13 00:16:25, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (1) granted.
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-501
contains 4 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-501
SID[ 1]: S-1-1-0
SID[ 2]: S-1-5-2
SID[ 3]: S-1-5-32-546
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 65534
Primary group is 65534 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(65534,65534) gid=(0,65534)
[2008/03/13 00:16:25, 3] smbd/service.c:make_connection_snum(950)
serve (192.168.0.57) connect to service IPC$ initially as user nobody
(uid=65534, gid=65534) (pid 7721)
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2008/03/13 00:16:25, 3] smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=101
smb_mid=39040
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 3 (0x3)
smb_bcc=7
[2008/03/13 00:16:25, 3] smbd/process.c:process_smb(1110)
Transaction 5 of length 130
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=126
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=55303
smb_tid=1
smb_pid=732
smb_uid=101
smb_mid=39104
smt_wct=14
smb_vwv[ 0]= 34 (0x22)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 8 (0x8)
smb_vwv[ 3]= 4200 (0x1068)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 5000 (0x1388)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 34 (0x22)
smb_vwv[10]= 92 (0x5C)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=63
[2008/03/13 00:16:25, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x8439068
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-501
contains 4 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-501
SID[ 1]: S-1-1-0
SID[ 2]: S-1-5-2
SID[ 3]: S-1-5-32-546
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 65534
Primary group is 65534 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(65534,65534) gid=(0,65534)
[2008/03/13 00:16:25, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /tmp
[2008/03/13 00:16:25, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\LANMAN> data=0 params=34 setup=0
[2008/03/13 00:16:25, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:16:25, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <LANMAN> name
[2008/03/13 00:16:25, 3] smbd/lanman.c:api_reply(4029)
Got API command 104 of form <WrLehDz> <B16BBDz>
(tdscnt=0,tpscnt=34,mdrcnt=4200,mprcnt=8)
[2008/03/13 00:16:25, 3] smbd/lanman.c:api_reply(4033)
Doing NetServerEnum
[2008/03/13 00:16:25, 4] smbd/lanman.c:api_RNetServerEnum(1293)
server request level: B16BBDz 3fffffff domains_req:No local_only:No
[2008/03/13 00:16:25, 4] smbd/lanman.c:get_server_info(1068)
Servertype search: 3fffffff
[2008/03/13 00:16:25, 4] smbd/lanman.c:get_server_info(1127)
s: dom mismatch EXAMPLE 80001000
PDC EXAMPLE
[2008/03/13 00:16:25, 4] smbd/lanman.c:get_server_info(1140)
**SV** PDC 8d9b2b Samba Server 3.0.24 on pdc
EXAMPLE
[2008/03/13 00:16:25, 4] smbd/lanman.c:api_RNetServerEnum(1326)
fill_srv_info PDC 8d9b2b Samba Server 3.0.24 on pdc
EXAMPLE
[2008/03/13 00:16:25, 4] smbd/lanman.c:api_RNetServerEnum(1363)
fill_srv_info PDC 8d9b2b Samba Server 3.0.24 on pdc
EXAMPLE
[2008/03/13 00:16:25, 3] smbd/lanman.c:api_RNetServerEnum(1381)
NetServerEnum domain = EXAMPLE uLevel=1 counted=1 total=1
[2008/03/13 00:16:25, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..8] data[0..53]
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=117
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=732
smb_uid=101
smb_mid=39104
smt_wct=10
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]= 53 (0x35)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 8 (0x8)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 53 (0x35)
smb_vwv[ 7]= 64 (0x40)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=62
[2008/03/13 00:16:25, 3] smbd/process.c:process_smb(1110)
Transaction 6 of length 43
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=101
smb_mid=39168
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:16:25, 3] smbd/process.c:switch_message(914)
switch message SMBulogoffX (pid 7721) conn 0x0
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 3] smbd/reply.c:reply_ulogoffX(1618)
ulogoffX vuid=101
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=101
smb_mid=39168
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:16:25, 3] smbd/process.c:process_smb(1110)
Transaction 7 of length 39
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=101
smb_mid=39233
smt_wct=0
smb_bcc=0
[2008/03/13 00:16:25, 3] smbd/process.c:switch_message(914)
switch message SMBtdis (pid 7721) conn 0x8439068
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 3] smbd/service.c:close_cnum(1150)
serve (192.168.0.57) closed connection to service IPC$
[2008/03/13 00:16:25, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2008/03/13 00:16:25, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /
[2008/03/13 00:16:25, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:25, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:25, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:25, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=101
smb_mid=39233
smt_wct=0
smb_bcc=0
[2008/03/13 00:16:27, 3] smbd/process.c:process_smb(1110)
Transaction 8 of length 240
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=39297
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2008/03/13 00:16:27, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 40
[2008/03/13 00:16:27, 5] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2008/03/13 00:16:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module guest did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module sam did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module winbind did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(137)
auth_context challenge created by random
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(138)
challenge is:
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] 30 B2 06 7B 8A C2 74 E6 0..{..t.
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=244
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=102
smb_mid=39297
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 149 (0x95)
smb_bcc=201
[2008/03/13 00:16:27, 3] smbd/process.c:process_smb(1110)
Transaction 9 of length 342
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=338
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=102
smb_mid=39361
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 338 (0x152)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 176 (0xB0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=279
[2008/03/13 00:16:27, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[oops] domain=[SERVE] workstation=[SERVE] len1=24 len2=24
[2008/03/13 00:16:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2008/03/13 00:16:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] D7 9E E0 8A 79 DB 6C 64 ....y.ld
[2008/03/13 00:16:27, 4] smbd/map_username.c:map_username(111)
Scanning username map /etc/samba/smbusers
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [SERVE]\[oops] from workstation [SERVE]
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] auth/auth_util.c:is_trusted_domain(2020)
is_trusted_domain: Checking for domain trust with [SERVE]
[2008/03/13 00:16:27, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain SERVE found.
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for oops (oops)
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(85)
making strings for oops's user_info struct
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(117)
making blobs for oops's user_info struct
[2008/03/13 00:16:27, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[SERVE]\[oops]@[SERVE] with the new password interface
[2008/03/13 00:16:27, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [EXAMPLE]\[oops]@[SERVE]
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] D7 9E E0 8A 79 DB 6C 64 ....y.ld
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=oops)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:16:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [oops]!
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:16:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:16:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(189)
Primary group for user oops is a UNKNOWN and not a domain group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2008/03/13 00:16:27, 3] libsmb/ntlm_check.c:ntlm_password_check(344)
ntlm_password_check: NT MD4 password check failed for user oops
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777)
ldapsam_update_sam_account: user oops to be modified has dn:
uid=oops,ou=People,dc=mondomaine,dc=net
[2008/03/13 00:16:27, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
init_ldap_from_sam: Setting entry for user: oops
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1790)
ldapsam_update_sam_account: mods is empty: nothing to update for user:
oops
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] auth/auth.c:check_ntlm_password(273)
check_ntlm_password: sam authentication for user [oops] FAILED with
error NT_STATUS_WRONG_PASSWORD
[2008/03/13 00:16:27, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [EXAMPLE]
was for this SAM.
[2008/03/13 00:16:27, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [oops] -> [oops] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2008/03/13 00:16:27, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/03/13 00:16:27, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=102
smb_mid=39361
smt_wct=0
smb_bcc=0
[2008/03/13 00:16:27, 3] smbd/process.c:process_smb(1110)
Transaction 10 of length 240
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=39425
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2008/03/13 00:16:27, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 40
[2008/03/13 00:16:27, 5] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2008/03/13 00:16:27, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2008/03/13 00:16:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module guest did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module sam did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module winbind did not want to specify a challenge
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(137)
auth_context challenge created by random
[2008/03/13 00:16:27, 5] auth/auth.c:get_ntlm_challenge(138)
challenge is:
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] 57 AC F3 EE 73 28 DF C2 W...s(..
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=244
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=103
smb_mid=39425
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 149 (0x95)
smb_bcc=201
[2008/03/13 00:16:27, 3] smbd/process.c:process_smb(1110)
Transaction 11 of length 342
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:27, 5] lib/util.c:show_msg(495)
size=338
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=103
smb_mid=39489
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 338 (0x152)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 176 (0xB0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=279
[2008/03/13 00:16:27, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:16:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:16:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[oops] domain=[SERVE] workstation=[SERVE] len1=24 len2=24
[2008/03/13 00:16:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2008/03/13 00:16:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] B7 C7 3A 9D 1E 86 00 87 ..:.....
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [SERVE]\[oops] from workstation [SERVE]
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] auth/auth_util.c:is_trusted_domain(2020)
is_trusted_domain: Checking for domain trust with [SERVE]
[2008/03/13 00:16:27, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain SERVE found.
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for oops (oops)
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(85)
making strings for oops's user_info struct
[2008/03/13 00:16:27, 5] auth/auth_util.c:make_user_info(117)
making blobs for oops's user_info struct
[2008/03/13 00:16:27, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[SERVE]\[oops]@[SERVE] with the new password interface
[2008/03/13 00:16:27, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [EXAMPLE]\[oops]@[SERVE]
[2008/03/13 00:16:27, 5] lib/util.c:dump_data(2222)
[000] B7 C7 3A 9D 1E 86 00 87 ..:.....
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=oops)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:16:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is oops
[2008/03/13 00:16:27, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [oops]!
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:16:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:16:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(189)
Primary group for user oops is a UNKNOWN and not a domain group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:16:27, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:16:27, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:16:27, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2008/03/13 00:16:27, 3] libsmb/ntlm_check.c:ntlm_password_check(344)
ntlm_password_check: NT MD4 password check failed for user oops
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:16:27, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:16:27, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:16:28, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777)
ldapsam_update_sam_account: user oops to be modified has dn:
uid=oops,ou=People,dc=mondomaine,dc=net
[2008/03/13 00:16:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965)
init_ldap_from_sam: Setting entry for user: oops
[2008/03/13 00:16:28, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1790)
ldapsam_update_sam_account: mods is empty: nothing to update for user:
oops
[2008/03/13 00:16:28, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:16:28, 5] auth/auth.c:check_ntlm_password(273)
check_ntlm_password: sam authentication for user [oops] FAILED with
error NT_STATUS_WRONG_PASSWORD
[2008/03/13 00:16:28, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [EXAMPLE]
was for this SAM.
[2008/03/13 00:16:28, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [oops] -> [oops] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2008/03/13 00:16:28, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/03/13 00:16:28, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/03/13 00:16:28, 5] lib/util.c:show_msg(485)
[2008/03/13 00:16:28, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=103
smb_mid=39489
smt_wct=0
smb_bcc=0
[2008/03/13 00:16:39, 5]
lib/util_sock.c:read_smb_length_return_keepalive(620)
Got keepalive packet
[2008/03/13 00:16:39, 3] smbd/process.c:process_smb(1110)
Transaction 12 of length 4
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 12 of length 240
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=39553
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:17:00, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 40
[2008/03/13 00:17:00, 5] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2008/03/13 00:17:00, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2008/03/13 00:17:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:17:00, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module guest did not want to specify a challenge
[2008/03/13 00:17:00, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module sam did not want to specify a challenge
[2008/03/13 00:17:00, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module winbind did not want to specify a challenge
[2008/03/13 00:17:00, 5] auth/auth.c:get_ntlm_challenge(137)
auth_context challenge created by random
[2008/03/13 00:17:00, 5] auth/auth.c:get_ntlm_challenge(138)
challenge is:
[2008/03/13 00:17:00, 5] lib/util.c:dump_data(2222)
[000] 9B 4D 69 3C F2 7A A4 9E .Mi<.z..
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=244
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=104
smb_mid=39553
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 149 (0x95)
smb_bcc=201
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 13 of length 364
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=360
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=104
smb_mid=39617
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 360 (0x168)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 198 (0xC6)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=301
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:17:00, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:17:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:17:00, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[administrator] domain=[EXAMPLE] workstation=[SERVE] len1=24
len2=24
[2008/03/13 00:17:00, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2008/03/13 00:17:00, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2008/03/13 00:17:00, 5] lib/util.c:dump_data(2222)
[000] 00 B6 51 A0 13 25 83 09 ..Q..%..
[2008/03/13 00:17:00, 4] smbd/map_username.c:map_username(111)
Scanning username map /etc/samba/smbusers
[2008/03/13 00:17:00, 3] smbd/map_username.c:map_username(155)
Mapped user administrator to Administrator
[2008/03/13 00:17:00, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [EXAMPLE]\[administrator] from
workstation [SERVE]
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] auth/auth_util.c:is_trusted_domain(2020)
is_trusted_domain: Checking for domain trust with [EXAMPLE]
[2008/03/13 00:17:00, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain EXAMPLE found.
[2008/03/13 00:17:00, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for Administrator (administrator)
[2008/03/13 00:17:00, 5] auth/auth_util.c:make_user_info(85)
making strings for Administrator's user_info struct
[2008/03/13 00:17:00, 5] auth/auth_util.c:make_user_info(117)
making blobs for Administrator's user_info struct
[2008/03/13 00:17:00, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[EXAMPLE]\[administrator]@[SERVE] with the new password interface
[2008/03/13 00:17:00, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [EXAMPLE]\[Administrator]@[SERVE]
[2008/03/13 00:17:00, 5] lib/util.c:dump_data(2222)
[000] 00 B6 51 A0 13 25 83 09 ..Q..%..
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=Administrator)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:17:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:17:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:17:00, 3] passdb/pdb_get_set.c:pdb_get_group_sid(189)
Primary group for user administrator is a UNKNOWN and not a domain group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2008/03/13 00:17:00, 4] auth/auth_sam.c:sam_account_ok(138)
sam_account_ok: Checking SMB password for user administrator
[2008/03/13 00:17:00, 5] auth/auth_sam.c:logon_hours_ok(120)
logon_hours_ok: user administrator allowed to logon at this time (Wed
Mar 12 23:17:00 2008
)
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:17:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] passdb/lookup_sid.c:store_gid_sid_cache(1059)
store_gid_sid_cache: gid 513 in cache ->
S-1-5-21-862544283-2880828001-3584954034-513
[2008/03/13 00:17:00, 5] auth/auth_util.c:make_server_info_sam(625)
make_server_info_sam: made server info for user administrator ->
administrator
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [administrator] succeeded
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth.c:check_ntlm_password(296)
check_ntlm_password: PAM Account for user [administrator] succeeded
[2008/03/13 00:17:00, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [administrator] ->
[Administrator] -> [administrator] succeeded
[2008/03/13 00:17:00, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:17:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:17:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:17:00, 3] passdb/pdb_get_set.c:pdb_get_group_sid(189)
Primary group for user administrator is a UNKNOWN and not a domain group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 3024.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
fetch sid from gid cache 513 ->
S-1-5-21-862544283-2880828001-3584954034-513
[2008/03/13 00:17:00, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 544 -> S-1-5-32-544
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-3024)(sambaSIDList=S-1-5-21-862544283-2880828001-3584954034-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-513)))],
scope => [2]
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-3024)(sambaSIDList=S-1-5-21-862544283-2880828001-3584954034-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-513)))],
scope => [2]
[2008/03/13 00:17:00, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-20043454-3907201459-4213964173-3024]
[2008/03/13 00:17:00, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-862544283-2880828001-3584954034-513]
[2008/03/13 00:17:00, 5] lib/privileges.c:get_privileges_for_sids(459)
get_privileges_for_sids: sid = S-1-1-0
Privilege set:
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:00, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/03/13 00:17:00, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/03/13 00:17:00, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-513]
[2008/03/13 00:17:00, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 513 -> S-1-5-21-862544283-2880828001-3584954034-513
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2]
[2008/03/13 00:17:00, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2008/03/13 00:17:00, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:17:00, 3] smbd/password.c:register_vuid(280)
User name: administrator Real name: administrateur
[2008/03/13 00:17:00, 3] smbd/password.c:register_vuid(301)
UNIX uid 1012 is UNIX user administrator, and will be vuid 105
[2008/03/13 00:17:00, 3] smbd/password.c:register_vuid(332)
Adding homes service for user 'administrator' using home directory:
'/home/administrateur'
[2008/03/13 00:17:00, 3] param/loadparm.c:lp_add_home(2596)
adding home's share [administrator] for user 'administrator' at
'/home/administrateur'
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=105
smb_mid=39617
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=61
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 14 of length 76
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=72
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=105
smb_mid=39681
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 8 (0x8)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=29
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBtconX (pid 7721) conn 0x0
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:00, 4] smbd/reply.c:reply_tcon_and_X(668)
Client requested device type [?????] for share [IPC$]
[2008/03/13 00:17:00, 5] smbd/service.c:make_connection(1125)
making a connection to 'normal' service ipc$
[2008/03/13 00:17:00, 3] lib/access.c:check_access(312)
check_access: no hostnames in host allow/deny list.
[2008/03/13 00:17:00, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.57)
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:00, 3] smbd/service.c:make_connection_snum(761)
Connect path is '/tmp' for service [IPC$]
[2008/03/13 00:17:00, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:00, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (2) granted.
[2008/03/13 00:17:00, 3] smbd/vfs.c:vfs_init_default(219)
Initialising default vfs hooks
[2008/03/13 00:17:00, 5] smbd/connection.c:claim_connection(170)
claiming IPC$ 0
[2008/03/13 00:17:00, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:00, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (1) granted.
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-3024
contains 6 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-3024
SID[ 1]: S-1-5-21-862544283-2880828001-3584954034-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-513
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 1012
Primary group is 513 and contains 1 supplementary groups
Group[ 0]: 513
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(1012,1012) gid=(0,513)
[2008/03/13 00:17:00, 3] smbd/service.c:make_connection_snum(950)
serve (192.168.0.57) connect to service IPC$ initially as user
administrator (uid=1012, gid=513) (pid 7721)
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:00, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2008/03/13 00:17:00, 3] smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=39681
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 3 (0x3)
smb_bcc=7
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 15 of length 104
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=39745
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=17
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845db28
[2008/03/13 00:17:00, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-3024
contains 6 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-3024
SID[ 1]: S-1-5-21-862544283-2880828001-3584954034-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-513
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:00, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 1012
Primary group is 513 and contains 1 supplementary groups
Group[ 0]: 513
[2008/03/13 00:17:00, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(1012,1012) gid=(0,513)
[2008/03/13 00:17:00, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /tmp
[2008/03/13 00:17:00, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \lsarpc.
[2008/03/13 00:17:00, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe lsarpc opening.
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested lsarpc (pipes_open=0)
[2008/03/13 00:17:00, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested lsarpc
[2008/03/13 00:17:00, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe lsarpc (pipes_open=0)
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe lsarpc with handle 7245 (pipes_open=1)
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7245
[2008/03/13 00:17:00, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \lsarpc
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=39745
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=17664 (0x4500)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 16 of length 140
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=39809
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29253 (0x7245)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845db28
[2008/03/13 00:17:00, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:00, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345778
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 89 ab
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\lsarpc
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:00, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=7245 nwritten=72
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=39809
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 17 of length 63
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=39873
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29253 (0x7245)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845db28
[2008/03/13 00:17:00, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:00, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=7245 min=1024 max=1024 nread=68
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=39873
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 18 of length 168
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=164
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=39936
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 80 (0x50)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 80 (0x50)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29253 (0x7245)
smb_bcc=97
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:00, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:00, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=80 params=0 setup=2
[2008/03/13 00:17:00, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:00, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:00, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:00, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7245)
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0050
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:00, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000038
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 002c
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_open_pol2
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr : 02f667f8
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c len : 00000018
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 ptr_root_dir: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 ptr_obj_name: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 attributes : 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c ptr_sec_desc: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 ptr_sec_qos : 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 des_access: 02000000
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:00, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:00, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 6C 64
D8 47 ........ ....ld.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_open_pol2
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000001
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6c 64 d8 47 29 1e 00 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 812
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:00, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=39936
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:00, 3] smbd/process.c:process_smb(1110)
Transaction 19 of length 134
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=130
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40000
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29253 (0x7245)
smb_bcc=63
[2008/03/13 00:17:00, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:00, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:00, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=46 params=0 setup=2
[2008/03/13 00:17:00, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:00, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:00, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:00, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7245)
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002e
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:00, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000016
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 002e
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:00, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:00, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x2e - unknown
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 03
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 23
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0020
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_debug(84)
000018 smb_io_rpc_hdr_fault fault
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(797)
0018 status : DCERPC_FAULT_OP_RNG_ERROR
[2008/03/13 00:17:00, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c reserved: 00000000
[2008/03/13 00:17:00, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:00, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..32]
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:00, 5] lib/util.c:show_msg(495)
size=88
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40000
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 32 (0x20)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 32 (0x20)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=33
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 20 of length 134
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=130
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40064
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29253 (0x7245)
smb_bcc=63
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=46 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7245)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002e
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000016
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0007
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_query
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6c 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 info_class: 0003
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 6C 64
D8 47 ........ ....ld.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_query
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 dom_ptr: 22000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 info_class: 0003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 uni_dom_max_len: 000e
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a uni_dom_str_len: 0010
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c buffer_dom_name: 00000001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 buffer_dom_sid : 00000001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 uni_max_len: 00000008
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 offset : 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_str_len: 00000007
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0020 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 num_auths: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0034 sid_rev_num: 01
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0035 num_auths : 04
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0036 id_auth[0] : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0037 id_auth[1] : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0038 id_auth[2] : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0039 id_auth[3] : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
003a id_auth[4] : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
003b id_auth[5] : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
003c sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
004c status: NT_STATUS_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 16
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0068
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000050
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..104]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=160
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40064
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 104 (0x68)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 104 (0x68)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=105
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 21 of length 104
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40128
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=17
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \winreg.
[2008/03/13 00:17:01, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe winreg opening.
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested winreg (pipes_open=1)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7245
[2008/03/13 00:17:01, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested winreg
[2008/03/13 00:17:01, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe winreg (pipes_open=1)
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe winreg with handle 7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name winreg pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7245
[2008/03/13 00:17:01, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \winreg
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40128
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=17920 (0x4600)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 22 of length 140
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40192
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29254 (0x7246)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 338cd001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 2244
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : 31f1
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : aa aa
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 90 00 38 00 10 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\winreg
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000d
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\winreg.
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:01, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=7246 nwritten=72
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40192
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 23 of length 63
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40256
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29254 (0x7246)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=7246 min=1024 max=1024 nread=68
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40256
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 24 of length 124
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40320
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 36 (0x24)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29254 (0x7246)
smb_bcc=53
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=36 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 7246)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0024
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000000c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0002
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_open_hive
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: 0093f508
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 server: 2750
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 access: 02000000
[2008/03/13 00:17:01, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:01, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(105) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:01, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:01, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:01, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:01, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:01, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:01, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_open_hive
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000002
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 510
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40320
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 25 of length 272
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=268
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40384
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 184 (0xB8)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 184 (0xB8)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29254 (0x7246)
smb_bcc=201
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=184 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 7246)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 00b8
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 000000a0
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 000f
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_open_entry
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000002
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 length: 006e
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 size: 006e
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 ptr: 772e7a30
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000037
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000037
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer :
S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\...
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0098 unknown_0 : 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
009c access: 00020019
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:01, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:01, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (20019) granted.
[2008/03/13 00:17:01, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_open_entry
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 634
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40384
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 26 of length 236
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=232
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40448
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 148 (0x94)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 148 (0x94)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29254 (0x7246)
smb_bcc=165
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=148 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 7246)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0094
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000007c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0011
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_query_value
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 length: 002a
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 size: 002a
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 ptr: 772e7a04
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000015
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000015
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e...
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0054 ptr_reserved: 0093f564
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0058 ptr_buf: 0093f594
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
005c ptr_bufsize: 0093f594
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0060 bufsize: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0064 buf_unk: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0068 unk1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
006c ptr_buflen: 0093f55c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0070 buflen: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0074 ptr_buflen2: 0093f554
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0078 buflen2: 00000000
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332)
_reg_info: looking up value: [RefusePasswordChange]
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_query_value
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: f000baaa
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 type: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 ptr: f000baaa
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c buf_max_len: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 offset : 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 buf_len : 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0018 buffer : ....
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c ptr: f000baaa
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 buf_max_len: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 ptr: f000baaa
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 buf_len: 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_werror(828)
002c status: WERR_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 90
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000030
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..72]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40448
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 72 (0x48)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 27 of length 132
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40512
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29254 (0x7246)
smb_bcc=61
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 7246)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_close
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000003
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_close
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40512
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 28 of length 132
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40576
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29254 (0x7246)
smb_bcc=61
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:01, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:01, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:01, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 7246)
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:01, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_close
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000002
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6d 64 d8 47 29 1e 00 00
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 6D 64
D8 47 ........ ....md.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:01, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_close
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:01, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:01, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:01, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40576
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:01, 3] smbd/process.c:process_smb(1110)
Transaction 29 of length 45
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40640
smt_wct=3
smb_vwv[ 0]=29254 (0x7246)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:01, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845db28
[2008/03/13 00:17:01, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7246
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=7246 (pipes_open=2)
[2008/03/13 00:17:01, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:01, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:7246
[2008/03/13 00:17:01, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name winreg pnum=7246 (pipes_open=1)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:01, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40640
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 30 of length 108
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=104
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40704
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 4608 (0x1200)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]=16384 (0x4000)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 256 (0x100)
smb_bcc=21
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \NETLOGON.
[2008/03/13 00:17:02, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe NETLOGON opening.
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested NETLOGON (pipes_open=1)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7245
[2008/03/13 00:17:02, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested NETLOGON
[2008/03/13 00:17:02, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe NETLOGON (pipes_open=1)
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe NETLOGON with handle 7247 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name NETLOGON pnum=7247
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7245
[2008/03/13 00:17:02, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \NETLOGON
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40704
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=18176 (0x4700)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 31 of length 140
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40768
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29255 (0x7247)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7247
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7247 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345678
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 cf fb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\NETLOGON
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=7247 nwritten=72
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40768
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 32 of length 63
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40832
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29255 (0x7247)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7247
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7247 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=7247 min=1024 max=1024 nread=68
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40832
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 33 of length 172
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=168
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40896
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 84 (0x54)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 84 (0x54)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29255 (0x7247)
smb_bcc=101
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=84 params=0 setup=2
[2008/03/13 00:17:02, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:02, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:02, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7247
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7247 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "NETLOGON" (pnum 7247)
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0054
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000003c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0004
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 72
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\NETLOGON
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_q_req_chal
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 undoc_buffer: 02fa9bc0
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : S.E.R.V.E...
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0034 data: 50 62 94 fc e8 83 ee 19
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_r_req_chal
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0000 data: f3 6e f1 40 f3 9a 98 67
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0008 status: NT_STATUS_OK
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called NETLOGON successfully
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 24
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0024
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 0000000c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:02, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..36]
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=40896
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 34 of length 45
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40960
smt_wct=3
smb_vwv[ 0]=29255 (0x7247)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7247
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7247 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:7247
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name NETLOGON pnum=7247 (pipes_open=1)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=40960
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 35 of length 108
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=104
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41024
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 4608 (0x1200)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]=16384 (0x4000)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 256 (0x100)
smb_bcc=21
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \NETLOGON.
[2008/03/13 00:17:02, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe NETLOGON opening.
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested NETLOGON (pipes_open=1)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7245
[2008/03/13 00:17:02, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested NETLOGON
[2008/03/13 00:17:02, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe NETLOGON (pipes_open=1)
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe NETLOGON with handle 7248 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name NETLOGON pnum=7248
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7245
[2008/03/13 00:17:02, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \NETLOGON
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41024
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=18432 (0x4800)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 36 of length 140
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41088
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29256 (0x7248)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7248
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7248 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345678
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 cf fb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\NETLOGON
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=7248 nwritten=72
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41088
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 37 of length 63
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41153
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29256 (0x7248)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7248
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7248 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=7248 min=1024 max=1024 nread=68
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41153
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 38 of length 200
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=196
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41217
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 112 (0x70)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 112 (0x70)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29256 (0x7248)
smb_bcc=129
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=112 params=0 setup=2
[2008/03/13 00:17:02, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:02, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:02, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7248
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7248 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "NETLOGON" (pnum 7248)
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0070
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000058
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 72
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\NETLOGON
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_q_auth
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 undoc_buffer: 02fa9bc0
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000007
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000007
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : S.E.R.V.E.$...
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0036 sec_chan: 0002
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0038 uni_max_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
003c offset : 00000000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0040 uni_str_len: 00000006
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0044 buffer : S.E.R.V.E...
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0050 data: 60 e7 2d b2 00 c5 8d 3a
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 net_io_r_auth
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0000 data: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0008 status: NT_STATUS_ACCESS_DENIED
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called NETLOGON successfully
[2008/03/13 00:17:02, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 38
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0024
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 0000000c
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:02, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:02, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..36]
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=92
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41217
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 36 (0x24)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=37
[2008/03/13 00:17:02, 3] smbd/process.c:process_smb(1110)
Transaction 39 of length 45
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41281
smt_wct=3
smb_vwv[ 0]=29256 (0x7248)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:02, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845db28
[2008/03/13 00:17:02, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7248
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name NETLOGON pnum=7248 (pipes_open=2)
[2008/03/13 00:17:02, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=2)
[2008/03/13 00:17:02, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:7248
[2008/03/13 00:17:02, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name NETLOGON pnum=7248 (pipes_open=1)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:02, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41281
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 40 of length 132
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41345
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29253 (0x7245)
smb_bcc=61
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845db28
[2008/03/13 00:17:03, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:03, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:03, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:03, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:03, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:03, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:03, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:03, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7245)
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:03, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0000
[2008/03/13 00:17:03, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:03, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:03, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_close
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000001
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 6c 64 d8 47 29 1e 00 00
[2008/03/13 00:17:03, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 6C 64
D8 47 ........ ....ld.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:03, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 6C 64
D8 47 ........ ....ld.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:03, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_close
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:03, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:03, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:03, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:03, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=105
smb_mid=41345
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 41 of length 45
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41409
smt_wct=3
smb_vwv[ 0]=29253 (0x7245)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845db28
[2008/03/13 00:17:03, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:03, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7245
[2008/03/13 00:17:03, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7245 (pipes_open=1)
[2008/03/13 00:17:03, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:7245
[2008/03/13 00:17:03, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name lsarpc pnum=7245 (pipes_open=0)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41409
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 42 of length 43
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=105
smb_mid=41473
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBulogoffX (pid 7721) conn 0x0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 3] smbd/reply.c:reply_ulogoffX(1618)
ulogoffX vuid=105
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=105
smb_mid=41473
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 43 of length 39
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41537
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBtdis (pid 7721) conn 0x845db28
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 3] smbd/service.c:close_cnum(1150)
serve (192.168.0.57) closed connection to service IPC$
[2008/03/13 00:17:03, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2008/03/13 00:17:03, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=105
smb_mid=41537
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 44 of length 240
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=236
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=41601
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 236 (0xEC)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 74 (0x4A)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=177
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:17:03, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 40
[2008/03/13 00:17:03, 5] auth/auth.c:make_auth_context_subsystem(484)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match guest
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method guest has a valid init
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match sam
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method sam has a valid init
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(391)
load_auth_module: Attempting to find an auth method to match trustdomain
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method trustdomain has a valid init
[2008/03/13 00:17:03, 5] auth/auth.c:load_auth_module(416)
load_auth_module: auth method winbind has a valid init
[2008/03/13 00:17:03, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:17:03, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module guest did not want to specify a challenge
[2008/03/13 00:17:03, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module sam did not want to specify a challenge
[2008/03/13 00:17:03, 5] auth/auth.c:get_ntlm_challenge(97)
auth_get_challenge: module winbind did not want to specify a challenge
[2008/03/13 00:17:03, 5] auth/auth.c:get_ntlm_challenge(137)
auth_context challenge created by random
[2008/03/13 00:17:03, 5] auth/auth.c:get_ntlm_challenge(138)
challenge is:
[2008/03/13 00:17:03, 5] lib/util.c:dump_data(2222)
[000] 23 73 ED 33 A5 EE 1D 2B #s.3...+
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=244
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=106
smb_mid=41601
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 149 (0x95)
smb_bcc=201
[2008/03/13 00:17:03, 3] smbd/process.c:process_smb(1110)
Transaction 45 of length 364
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:03, 5] lib/util.c:show_msg(495)
size=360
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=106
smb_mid=41665
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 360 (0x168)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 198 (0xC6)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=301
[2008/03/13 00:17:03, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 7721) conn 0x0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2008/03/13 00:17:03, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2008/03/13 00:17:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/03/13 00:17:03, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672)
Got user=[administrator] domain=[EXAMPLE] workstation=[SERVE] len1=24
len2=24
[2008/03/13 00:17:03, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2008/03/13 00:17:03, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2008/03/13 00:17:03, 5] lib/util.c:dump_data(2222)
[000] DF A9 82 77 75 31 71 72 ...wu1qr
[2008/03/13 00:17:03, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [EXAMPLE]\[administrator] from
workstation [SERVE]
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] auth/auth_util.c:is_trusted_domain(2020)
is_trusted_domain: Checking for domain trust with [EXAMPLE]
[2008/03/13 00:17:03, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain EXAMPLE found.
[2008/03/13 00:17:03, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for administrator (administrator)
[2008/03/13 00:17:03, 5] auth/auth_util.c:make_user_info(85)
making strings for administrator's user_info struct
[2008/03/13 00:17:03, 5] auth/auth_util.c:make_user_info(117)
making blobs for administrator's user_info struct
[2008/03/13 00:17:03, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[EXAMPLE]\[administrator]@[SERVE] with the new password interface
[2008/03/13 00:17:03, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [EXAMPLE]\[administrator]@[SERVE]
[2008/03/13 00:17:03, 5] lib/util.c:dump_data(2222)
[000] DF A9 82 77 75 31 71 72 ...wu1qr
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:17:03, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: administrator
[2008/03/13 00:17:03, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:03, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:03, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
[2008/03/13 00:17:03, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
init_group_from_ldap: Entry found for group: 513
[2008/03/13 00:17:03, 3] passdb/pdb_get_set.c:pdb_get_group_sid(189)
Primary group for user administrator is a UNKNOWN and not a domain group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:03, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 4] libsmb/ntlm_check.c:ntlm_password_check(326)
ntlm_password_check: Checking NT MD4 password
[2008/03/13 00:17:03, 4] auth/auth_sam.c:sam_account_ok(138)
sam_account_ok: Checking SMB password for user administrator
[2008/03/13 00:17:03, 5] auth/auth_sam.c:logon_hours_ok(120)
logon_hours_ok: user administrator allowed to logon at this time (Wed
Mar 12 23:17:03 2008
)
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
fetch sid from gid cache 513 ->
S-1-5-21-862544283-2880828001-3584954034-513
[2008/03/13 00:17:03, 5] auth/auth_util.c:make_server_info_sam(625)
make_server_info_sam: made server info for user administrator ->
administrator
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [administrator] succeeded
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] auth/auth.c:check_ntlm_password(296)
check_ntlm_password: PAM Account for user [administrator] succeeded
[2008/03/13 00:17:03, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [administrator] ->
[administrator] -> [administrator] succeeded
[2008/03/13 00:17:03, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/03/13 00:17:03, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 544 -> S-1-5-32-544
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
[2008/03/13 00:17:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-3024)(sambaSIDList=S-1-5-21-862544283-2880828001-3584954034-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-513)))],
scope => [2]
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-20043454-3907201459-4213964173-3024)(sambaSIDList=S-1-5-21-862544283-2880828001-3584954034-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-513)))],
scope => [2]
[2008/03/13 00:17:03, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-20043454-3907201459-4213964173-3024]
[2008/03/13 00:17:03, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-862544283-2880828001-3584954034-513]
[2008/03/13 00:17:03, 5] lib/privileges.c:get_privileges_for_sids(459)
get_privileges_for_sids: sid = S-1-1-0
Privilege set:
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:03, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/03/13 00:17:03, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/03/13 00:17:03, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-513]
[2008/03/13 00:17:03, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015)
fetch gid from cache 513 -> S-1-5-21-862544283-2880828001-3584954034-513
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
[2008/03/13 00:17:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
[2008/03/13 00:17:03, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:03, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:03, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:03, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2]
[2008/03/13 00:17:04, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2008/03/13 00:17:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2008/03/13 00:17:04, 3] smbd/password.c:register_vuid(280)
User name: administrator Real name: administrateur
[2008/03/13 00:17:04, 3] smbd/password.c:register_vuid(301)
UNIX uid 1012 is UNIX user administrator, and will be vuid 107
[2008/03/13 00:17:04, 3] smbd/password.c:register_vuid(341)
Using static (or previously created) service for user 'administrator';
path = '/home/administrateur'
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=107
smb_mid=41665
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=61
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 46 of length 76
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=72
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=107
smb_mid=41729
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 8 (0x8)
smb_vwv[ 3]= 1 (0x1)
smb_bcc=29
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtconX (pid 7721) conn 0x0
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:04, 4] smbd/reply.c:reply_tcon_and_X(668)
Client requested device type [?????] for share [IPC$]
[2008/03/13 00:17:04, 5] smbd/service.c:make_connection(1125)
making a connection to 'normal' service ipc$
[2008/03/13 00:17:04, 3] lib/access.c:check_access(312)
check_access: no hostnames in host allow/deny list.
[2008/03/13 00:17:04, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.57)
[2008/03/13 00:17:04, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user administrator
[2008/03/13 00:17:04, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is administrator
[2008/03/13 00:17:04, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [administrator]!
[2008/03/13 00:17:04, 3] smbd/service.c:make_connection_snum(761)
Connect path is '/tmp' for service [IPC$]
[2008/03/13 00:17:04, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:04, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (2) granted.
[2008/03/13 00:17:04, 3] smbd/vfs.c:vfs_init_default(219)
Initialising default vfs hooks
[2008/03/13 00:17:04, 5] smbd/connection.c:claim_connection(170)
claiming IPC$ 0
[2008/03/13 00:17:04, 4] lib/sharesec.c:get_share_security(130)
get_share_security: using default secdesc for IPC$
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:04, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (1) granted.
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-3024
contains 6 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-3024
SID[ 1]: S-1-5-21-862544283-2880828001-3584954034-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-513
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 1012
Primary group is 513 and contains 1 supplementary groups
Group[ 0]: 513
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(1012,1012) gid=(0,513)
[2008/03/13 00:17:04, 3] smbd/service.c:make_connection_snum(950)
serve (192.168.0.57) connect to service IPC$ initially as user
administrator (uid=1012, gid=513) (pid 7721)
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:04, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2008/03/13 00:17:04, 3] smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=48
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=41729
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 3 (0x3)
smb_bcc=7
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 47 of length 104
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=41793
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=17
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-3024
contains 6 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-3024
SID[ 1]: S-1-5-21-862544283-2880828001-3584954034-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-513
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 1012
Primary group is 513 and contains 1 supplementary groups
Group[ 0]: 513
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(1012,1012) gid=(0,513)
[2008/03/13 00:17:04, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /tmp
[2008/03/13 00:17:04, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \lsarpc.
[2008/03/13 00:17:04, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe lsarpc opening.
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested lsarpc (pipes_open=0)
[2008/03/13 00:17:04, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested lsarpc
[2008/03/13 00:17:04, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe lsarpc (pipes_open=0)
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe lsarpc with handle 7249 (pipes_open=1)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7249
[2008/03/13 00:17:04, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \lsarpc
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=41793
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=18688 (0x4900)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 48 of length 140
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=41857
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29257 (0x7249)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345778
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 89 ab
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\lsarpc
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=7249 nwritten=72
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=41857
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 49 of length 63
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=41921
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29257 (0x7249)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(454)
NT user token of user S-1-5-21-20043454-3907201459-4213964173-3024
contains 6 SIDs
SID[ 0]: S-1-5-21-20043454-3907201459-4213964173-3024
SID[ 1]: S-1-5-21-862544283-2880828001-3584954034-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-513
SE_PRIV 0x0 0x0 0x0 0x0
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 1012
Primary group is 513 and contains 1 supplementary groups
Group[ 0]: 513
[2008/03/13 00:17:04, 5] smbd/uid.c:change_to_user(268)
change_to_user uid=(1012,1012) gid=(0,513)
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:04, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=7249 min=1024 max=1024 nread=68
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=41921
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 50 of length 168
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=164
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=41985
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 80 (0x50)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 80 (0x50)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29257 (0x7249)
smb_bcc=97
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=80 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7249)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0050
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000038
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 002c
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_open_pol2
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr : 000f8020
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c len : 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 ptr_root_dir: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 ptr_obj_name: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 attributes : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c ptr_sec_desc: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 ptr_sec_qos : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 des_access: 02000000
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:04, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[1] [000] 00 00 00 00 04 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_open_pol2
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 812
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=41985
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 51 of length 134
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=130
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42049
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29257 (0x7249)
smb_bcc=63
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=46 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7249)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002e
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000016
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 002e
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x2e - unknown
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 23
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0020
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000018 smb_io_rpc_hdr_fault fault
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(797)
0018 status : DCERPC_FAULT_OP_RNG_ERROR
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c reserved: 00000000
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..32]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=88
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42049
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 32 (0x20)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 32 (0x20)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=33
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 52 of length 134
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=130
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42113
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 46 (0x2E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 46 (0x2E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29257 (0x7249)
smb_bcc=63
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=46 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7249)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002e
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000016
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0007
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_query
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 info_class: 0003
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_query
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 dom_ptr: 22000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 info_class: 0003
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 uni_dom_max_len: 000e
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a uni_dom_str_len: 0010
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c buffer_dom_name: 00000001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 buffer_dom_sid : 00000001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 uni_max_len: 00000008
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 offset : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_str_len: 00000007
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0020 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 num_auths: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0034 sid_rev_num: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0035 num_auths : 04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0036 id_auth[0] : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0037 id_auth[1] : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0038 id_auth[2] : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0039 id_auth[3] : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
003a id_auth[4] : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
003b id_auth[5] : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
003c sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
004c status: NT_STATUS_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 16
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0068
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000050
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..104]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=160
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42113
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 104 (0x68)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 104 (0x68)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=105
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 53 of length 104
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=100
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42177
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 3584 (0xE00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=17
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \winreg.
[2008/03/13 00:17:04, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe winreg opening.
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested winreg (pipes_open=1)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7249
[2008/03/13 00:17:04, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested winreg
[2008/03/13 00:17:04, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe winreg (pipes_open=1)
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe winreg with handle 724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name winreg pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7249
[2008/03/13 00:17:04, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \winreg
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42177
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=18944 (0x4A00)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 54 of length 140
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42241
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29258 (0x724A)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 338cd001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 2244
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : 31f1
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : aa aa
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 90 00 38 00 10 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\winreg
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000d
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\winreg.
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=724a nwritten=72
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42241
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 55 of length 63
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42304
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29258 (0x724A)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=724a min=1024 max=1024 nread=68
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42304
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 56 of length 124
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42368
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 36 (0x24)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 36 (0x24)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29258 (0x724A)
smb_bcc=53
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=36 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 724a)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0024
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000000c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0002
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_open_hive
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: 0093f508
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 server: 3b48
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 access: 02000000
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:04, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:04, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:04, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:04, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[1] [000] 00 00 00 00 05 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_open_hive
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000005
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 510
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42368
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 57 of length 272
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=268
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42432
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 184 (0xB8)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 184 (0xB8)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29258 (0x724A)
smb_bcc=201
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=184 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 724a)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 00b8
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 000000a0
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 000f
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_open_entry
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000005
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 length: 006e
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 size: 006e
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 ptr: 772e7a30
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000037
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000037
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer :
S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0098 unknown_0 : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
009c access: 00020019
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:04, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:04, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (20019) granted.
[2008/03/13 00:17:04, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[2] [000] 00 00 00 00 06 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_open_entry
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000006
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 634
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42432
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 58 of length 236
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=232
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42496
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 148 (0x94)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 148 (0x94)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29258 (0x724A)
smb_bcc=165
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=148 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 724a)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0094
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000007c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0011
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_query_value
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000006
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 length: 002a
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 size: 002a
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 ptr: 772e7a04
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000015
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000015
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e...
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0054 ptr_reserved: 0093f564
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0058 ptr_buf: 0093f594
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
005c ptr_bufsize: 0093f594
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0060 bufsize: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0064 buf_unk: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0068 unk1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
006c ptr_buflen: 0093f55c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0070 buflen: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0074 ptr_buflen2: 0093f554
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0078 buflen2: 00000000
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332)
_reg_info: looking up value: [RefusePasswordChange]
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_query_value
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: f000baaa
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 type: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 ptr: f000baaa
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c buf_max_len: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 offset : 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 buf_len : 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0018 buffer : ....
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c ptr: f000baaa
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 buf_max_len: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 ptr: f000baaa
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 buf_len: 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_werror(828)
002c status: WERR_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 90
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..72]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42496
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 72 (0x48)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 59 of length 132
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42560
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29258 (0x724A)
smb_bcc=61
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 724a)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_close
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000006
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_close
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42560
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 60 of length 132
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42624
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29258 (0x724A)
smb_bcc=61
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:04, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:04, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:04, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "winreg" (pnum 724a)
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:04, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\winreg
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_q_close
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000005
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:04, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 reg_io_r_close
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_werror(828)
0014 status: WERR_OK
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called winreg successfully
[2008/03/13 00:17:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:04, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:04, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42624
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:04, 3] smbd/process.c:process_smb(1110)
Transaction 61 of length 45
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42688
smt_wct=3
smb_vwv[ 0]=29258 (0x724A)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:04, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:04, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724a
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name winreg pnum=724a (pipes_open=2)
[2008/03/13 00:17:04, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:04, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:724a
[2008/03/13 00:17:04, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name winreg pnum=724a (pipes_open=1)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:04, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42688
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 62 of length 100
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=96
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42752
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 2560 (0xA00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=13
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \samr.
[2008/03/13 00:17:05, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe samr opening.
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested samr (pipes_open=1)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7249
[2008/03/13 00:17:05, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested samr
[2008/03/13 00:17:05, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe samr (pipes_open=1)
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe samr with handle 724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name samr pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7249
[2008/03/13 00:17:05, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \samr
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42752
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=19200 (0x4B00)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 63 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42816
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29259 (0x724B)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345778
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 89 ac
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\samr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=724b nwritten=72
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42816
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 64 of length 63
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42880
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29259 (0x724B)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=724b min=1024 max=1024 nread=68
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=42880
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 65 of length 160
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=156
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42944
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=89
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=72 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0040
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 68
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr_srv_name: 02f76b30
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c access_mask: 00000030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 info1_unk1: 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c info1_unk2: 00000000
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2722)
_samr_connect5: 2722
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (30) granted.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_connect5: access GRANTED (requested: 0x00000030, granted:
0x00000030)
[2008/03/13 00:17:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[2] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2754)
_samr_connect: 2754
[2008/03/13 00:17:05, 5] rpc_parse/parse_samr.c:init_samr_r_connect5(7147)
init_samr_q_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 info1_unk1: 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c info1_unk2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0018 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0024 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 968
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0040
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000028
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..64]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=42944
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 64 (0x40)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 64 (0x40)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=65
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 66 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43008
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 52 (0x34)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 52 (0x34)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=69
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=52 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000001c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0006
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 start_idx: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 max_size : 00002000
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_enum_domains: access check ((granted: 0x00000030; required:
0x00000010)
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2815)
make_enum_domains
[2008/03/13 00:17:05, 5]
rpc_parse/parse_samr.c:init_samr_r_enum_domains(3291)
init_samr_r_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 next_idx : 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 ptr_entries1: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 num_entries2: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c ptr_entries2: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 num_entries3: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 rid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0018 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001a uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c buffer : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 rid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 buffer : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0038 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0048 uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
004c offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0050 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0054 buffer : B.u.i.l.t.i.n.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0064 num_entries4: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0068 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 88
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0084
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 0000006c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..132]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=188
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43008
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 132 (0x84)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 132 (0x84)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=133
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 67 of length 166
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=162
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43072
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 78 (0x4E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 78 (0x4E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=95
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=78 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 004e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000036
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 buffer : 00172748
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_lookup_domain: access check ((granted: 0x00000030; required:
0x00000020)
[2008/03/13 00:17:05, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
Returning domain sid for domain EXAMPLE ->
S-1-5-21-20043454-3907201459-4213964173
[2008/03/13 00:17:05, 5]
rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136)
init_samr_r_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 num_auths: 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 sid_rev_num: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0009 num_auths : 04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000a id_auth[0] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000b id_auth[1] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000c id_auth[2] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000d id_auth[3] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e id_auth[4] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000f id_auth[5] : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
0010 sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0020 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 14
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 003c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000024
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..60]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=116
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43072
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 60 (0x3C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 60 (0x3C)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 68 of length 164
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=160
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43136
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 76 (0x4C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 76 (0x4C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=93
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=76 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 004c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0007
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 flags: 00000211
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 num_auths: 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001c sid_rev_num: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001d num_auths : 04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001e id_auth[0] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001f id_auth[1] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0020 id_auth[2] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0021 id_auth[3] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0022 id_auth[4] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0023 id_auth[5] : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
0024 sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_open_domain: access check ((granted: 0x00000030; required:
0x00000020)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(314)
se_access_check: access (211) denied.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_open_domain: access DENIED (requested: 0x00000211, granted:
0x000d047a)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_ACCESS_DENIED
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 956
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43136
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 69 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43200
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 52 (0x34)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 52 (0x34)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=69
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=52 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000001c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0006
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 start_idx: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 max_size : 00002000
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_enum_domains: access check ((granted: 0x00000030; required:
0x00000010)
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2815)
make_enum_domains
[2008/03/13 00:17:05, 5]
rpc_parse/parse_samr.c:init_samr_r_enum_domains(3291)
init_samr_r_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_enum_domains
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 next_idx : 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 ptr_entries1: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 num_entries2: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c ptr_entries2: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 num_entries3: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 rid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0018 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001a uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c buffer : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 rid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 buffer : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0038 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0048 uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
004c offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0050 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0054 buffer : B.u.i.l.t.i.n.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0064 num_entries4: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0068 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 88
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0084
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 0000006c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..132]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=188
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43200
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 132 (0x84)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 132 (0x84)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=133
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 70 of length 166
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=162
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43264
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 78 (0x4E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 78 (0x4E)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=95
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=78 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 004e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000006
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000036
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0005
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 uni_str_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 buffer : 00172748
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : E.X.A.M.P.L.E.
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_lookup_domain: access check ((granted: 0x00000030; required:
0x00000020)
[2008/03/13 00:17:05, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2797)
Returning domain sid for domain EXAMPLE ->
S-1-5-21-20043454-3907201459-4213964173
[2008/03/13 00:17:05, 5]
rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136)
init_samr_r_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_lookup_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 num_auths: 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 sid_rev_num: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0009 num_auths : 04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000a id_auth[0] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000b id_auth[1] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000c id_auth[2] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000d id_auth[3] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e id_auth[4] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000f id_auth[5] : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
0010 sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0020 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 14
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 003c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000024
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..60]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=116
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43264
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 60 (0x3C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 60 (0x3C)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 71 of length 164
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=160
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43328
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 76 (0x4C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 76 (0x4C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=93
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=76 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 004c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000007
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0007
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 flags: 00000201
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 num_auths: 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001c sid_rev_num: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001d num_auths : 04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001e id_auth[0] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001f id_auth[1] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0020 id_auth[2] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0021 id_auth[3] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0022 id_auth[4] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0023 id_auth[5] : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
0024 sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_open_domain: access check ((granted: 0x00000030; required:
0x00000020)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (201) granted.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_open_domain: access GRANTED (requested: 0x00000201, granted:
0x000d067b)
[2008/03/13 00:17:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[3] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(625)
samr_open_domain: 625
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000008
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 956
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43328
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 72 of length 172
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=168
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43392
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 84 (0x54)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 84 (0x54)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=101
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=84 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0054
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000008
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000003c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0032
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_create_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000008
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 uni_str_len: 000c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 buffer : 02f666f0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 uni_str_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0028 buffer : S.E.R.V.E.$.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 acb_info : 00000080
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0038 access_mask: e00500b0
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_create_user: access check ((granted: 0x000d067b; required:
0x00000010)
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
secrets_fetch failed!
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=SERVE$)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:17:05, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: serve$
[2008/03/13 00:17:05, 4] lib/substitute.c:automount_server(407)
Home server: pdc
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user serve$
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is serve$
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [serve$]!
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=1005))], scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:05, 4] lib/substitute.c:automount_server(407)
Home server: pdc
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:can_create(2404)
trying to create SERVE$, exists as User
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_create_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 access_granted: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 user_rid : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
001c status: NT_STATUS_USER_EXISTS
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 21
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0038
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000008
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000020
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..56]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=112
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43392
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 56 (0x38)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 56 (0x38)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=57
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 73 of length 132
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43456
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000009
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0001
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000008
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564)
samr_reply_close_hnd: 564
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000009
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43456
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 74 of length 132
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43520
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29259 (0x724B)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724b)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 0000000a
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0001
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564)
samr_reply_close_hnd: 564
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43520
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 75 of length 45
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43584
smt_wct=3
smb_vwv[ 0]=29259 (0x724B)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724b
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724b (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:724b
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name samr pnum=724b (pipes_open=1)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43584
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 76 of length 100
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=96
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43648
smt_wct=24
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]= 2560 (0xA00)
smb_vwv[ 3]= 5632 (0x1600)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]=40704 (0x9F00)
smb_vwv[ 8]= 513 (0x201)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 768 (0x300)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 256 (0x100)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]=16384 (0x4000)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]= 512 (0x200)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 768 (0x300)
smb_bcc=13
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] smbd/nttrans.c:nt_open_pipe(325)
nt_open_pipe: Opening pipe \samr.
[2008/03/13 00:17:05, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe samr opening.
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180)
Open pipe requested samr (pipes_open=1)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210)
open_rpc_pipe_p: name lsarpc pnum=7249
[2008/03/13 00:17:05, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285)
Create pipe requested samr
[2008/03/13 00:17:05, 4]
rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366)
Created internal pipe samr (pipes_open=1)
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263)
Opened pipe samr with handle 724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name samr pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269)
open pipes: name lsarpc pnum=7249
[2008/03/13 00:17:05, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395)
do_ntcreate_pipe_open: open pipe = \samr
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=103
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43648
smt_wct=34
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=19456 (0x4C00)
smb_vwv[ 3]= 370 (0x172)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_vwv[14]= 0 (0x0)
smb_vwv[15]= 0 (0x0)
smb_vwv[16]= 0 (0x0)
smb_vwv[17]= 0 (0x0)
smb_vwv[18]= 0 (0x0)
smb_vwv[19]= 0 (0x0)
smb_vwv[20]= 0 (0x0)
smb_vwv[21]=32768 (0x8000)
smb_vwv[22]= 0 (0x0)
smb_vwv[23]= 0 (0x0)
smb_vwv[24]= 0 (0x0)
smb_vwv[25]= 0 (0x0)
smb_vwv[26]= 0 (0x0)
smb_vwv[27]= 0 (0x0)
smb_vwv[28]= 0 (0x0)
smb_vwv[29]= 0 (0x0)
smb_vwv[30]= 0 (0x0)
smb_vwv[31]= 512 (0x200)
smb_vwv[32]=65280 (0xFF00)
smb_vwv[33]= 5 (0x5)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 77 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43712
smt_wct=14
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29260 (0x724C)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]=65535 (0xFFFF)
smb_vwv[ 6]=65535 (0xFFFF)
smb_vwv[ 7]= 8 (0x8)
smb_vwv[ 8]= 72 (0x48)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 72 (0x48)
smb_vwv[11]= 64 (0x40)
smb_vwv[12]= 0 (0x0)
smb_vwv[13]= 0 (0x0)
smb_bcc=73
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0b
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1523)
api_pipe_bind_req: decode request. 1523
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_rb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0008 num_contexts: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000c context_id : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
000e num_transfer_syntaxes: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data : 12345778
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 data : 1234
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0016 data : abcd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0018 data : ef 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001a data : 01 23 45 67 89 ac
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 version: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 data : 8a885d04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0028 data : 1ceb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
002a data : 11c9
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002c data : 9f e8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002e data : 08 00 2b 10 48 60
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 version: 00000002
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1576)
api_pipe_bind_req: make response. 1576
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\samr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_ba
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0000 max_tsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0002 max_rsize: 10b8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 assoc_gid: 000053f0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 len: 000c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000a str: \PIPE\lsass.
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0018 num_results: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001c result : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001e reason : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 data : 8a885d04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 data : 1ceb
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 data : 11c9
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
0028 data : 9f e8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
002a data : 08 00 2b 10 48 60
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 version: 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 0c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0044
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=724c nwritten=72
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=47
smb_com=0x2f
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43712
smt_wct=6
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 72 (0x48)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 78 of length 63
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=59
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43776
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]=57054 (0xDEDE)
smb_vwv[ 2]=29260 (0x724C)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 1024 (0x400)
smb_vwv[ 6]= 1024 (0x400)
smb_vwv[ 7]=65535 (0xFFFF)
smb_vwv[ 8]=65535 (0xFFFF)
smb_vwv[ 9]= 1024 (0x400)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=724c min=1024 max=1024 nread=68
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=127
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=43776
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 68 (0x44)
smb_vwv[ 6]= 59 (0x3B)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 0 (0x0)
smb_vwv[11]= 0 (0x0)
smb_bcc=68
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 79 of length 160
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=156
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43840
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 72 (0x48)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 72 (0x48)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=89
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=72 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0048
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0040
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 68
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 ptr_srv_name: 000f8020
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 uni_max_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c uni_str_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0010 buffer : \.\.P.D.C...
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c access_mask: 00000021
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0024 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 info1_unk1: 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c info1_unk2: 00000000
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2722)
_samr_connect5: 2722
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (21) granted.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_connect5: access GRANTED (requested: 0x00000021, granted:
0x00000021)
[2008/03/13 00:17:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[2] [000] 00 00 00 00 09 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2754)
_samr_connect: 2754
[2008/03/13 00:17:05, 5] rpc_parse/parse_samr.c:init_samr_r_connect5(7147)
init_samr_q_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_connect5
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 level: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 info1_unk1: 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c info1_unk2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 data2: 00000009
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0018 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
001a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
001c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0024 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 968
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0040
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000028
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..64]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=120
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43840
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 64 (0x40)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 64 (0x40)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=65
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 80 of length 164
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=160
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43904
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 76 (0x4C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 76 (0x4C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=93
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=76 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 004c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0007
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000009
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 flags: 00000200
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 num_auths: 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001c sid_rev_num: 01
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001d num_auths : 04
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001e id_auth[0] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
001f id_auth[1] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0020 id_auth[2] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0021 id_auth[3] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0022 id_auth[4] : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0023 id_auth[5] : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32s(995)
0024 sub_auths : 00000015 0131d6be e8e329b3 fb2bfd8d
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 09 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_open_domain: access check ((granted: 0x00000021; required:
0x00000020)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(308)
se_access_check: access (200) granted.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_open_domain: access GRANTED (requested: 0x00000200, granted:
0x000d067a)
[2008/03/13 00:17:05, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142)
Opened policy hnd[3] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(625)
samr_open_domain: 625
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_open_domain
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 956
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000002
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43904
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 81 of length 180
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=176
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43968
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 92 (0x5C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 92 (0x5C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=109
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=92 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 005c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000044
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0011
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_lookup_names
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 num_names1: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 flags : 000003e8
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c ptr : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0020 num_names2: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0024 uni_str_len: 000c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0026 uni_max_len: 000e
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0028 buffer : 02f666f0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
002c uni_max_len: 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0030 offset : 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0034 uni_str_len: 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940)
0038 buffer : S.E.R.V.E.$.
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1389)
_samr_lookup_names: 1389
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_lookup_names: access check ((granted: 0x000d067a; required:
0000000000)
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1408)
_samr_lookup_names: looking name on SID
S-1-5-21-20043454-3907201459-4213964173
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(uid=SERVE$)(objectclass=sambaSamAccount))], scope => [2]
[2008/03/13 00:17:05, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
init_sam_from_ldap: Entry found for user: serve$
[2008/03/13 00:17:05, 4] lib/substitute.c:automount_server(407)
Home server: pdc
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user serve$
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is serve$
[2008/03/13 00:17:05, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [serve$]!
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=1005))], scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:05, 4] lib/substitute.c:automount_server(407)
Home server: pdc
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480)
lookup_global_sam_rid: looking up RID 513.
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=mondomaine,dc=net], filter =>
[(&(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513)(objectclass=sambaSamAccount))],
scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-20043454-3907201459-4213964173-513] count=0
[2008/03/13 00:17:05, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=Group,dc=mondomaine,dc=net], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-20043454-3907201459-4213964173-513))],
scope => [2]
[2008/03/13 00:17:05, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
ldapsam_getgroup: Did not find group
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2008/03/13 00:17:05, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1542)
Can't find a unix id for an unmapped group
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5]
rpc_parse/parse_samr.c:init_samr_r_lookup_names(4902)
init_samr_r_lookup_names
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1440)
_samr_lookup_names: 1440
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_lookup_names
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 num_rids1: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 ptr_rids : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0008 num_rids2: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c rid[00] : 00000bc2
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 num_types1: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 ptr_types : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 num_types2: 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
001c type[00] : 00000001
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0020 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 46
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 003c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000003
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000024
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..60]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=116
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=43968
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 60 (0x3C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 60 (0x3C)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 82 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44032
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 52 (0x34)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 52 (0x34)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=69
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=52 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000001c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0022
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_open_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 access_mask: 000000b0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 user_rid : 00000bc2
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_open_user: access check ((granted: 0x000d067a; required:
0x00000200)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(314)
se_access_check: access (b0) denied.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_open_user: access DENIED (requested: 0x000000b0, granted:
0x000d04e4)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_open_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_ACCESS_DENIED
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 1452
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44032
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 83 of length 140
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=136
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44096
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 52 (0x34)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 52 (0x34)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=69
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=52 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0034
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 0000001c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0022
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_open_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0014 access_mask: 00000090
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0018 user_rid : 00000bc2
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(222)
_samr_open_user: access check ((granted: 0x000d067a; required:
0x00000200)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(250)
[2008/03/13 00:17:05, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-20043454-3907201459-4213964173-3024
se_access_check: also S-1-5-21-862544283-2880828001-3584954034-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-513
[2008/03/13 00:17:05, 5] lib/util_seaccess.c:se_access_check(314)
se_access_check: access (90) denied.
[2008/03/13 00:17:05, 4]
rpc_server/srv_samr_nt.c:access_check_samr_object(210)
_samr_open_user: access DENIED (requested: 0x00000090, granted:
0x000d04e4)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_open_user
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_ACCESS_DENIED
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 1452
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000005
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44096
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 84 of length 132
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44160
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000006
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0001
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 0000000a
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 0A 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564)
samr_reply_close_hnd: 564
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000006
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44160
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 85 of length 132
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44224
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29260 (0x724C)
smb_bcc=61
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:05, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:05, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:05, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "samr" (pnum 724c)
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000007
[2008/03/13 00:17:05, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0001
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\samr
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_q_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000009
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 71 64 d8 47 29 1e 00 00
[2008/03/13 00:17:05, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 09 00 00 00 00 00 00 00 71 64
D8 47 ........ ....qd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:05, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(1012, 513) : sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(107) : conn_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:05, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:05, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (1012, 513) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:05, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564)
samr_reply_close_hnd: 564
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_close_hnd
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called samr successfully
[2008/03/13 00:17:05, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000007
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:05, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:05, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44224
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:05, 3] smbd/process.c:process_smb(1110)
Transaction 86 of length 45
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44288
smt_wct=3
smb_vwv[ 0]=29260 (0x724C)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:05, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:05, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=724c
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name samr pnum=724c (pipes_open=2)
[2008/03/13 00:17:05, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=2)
[2008/03/13 00:17:05, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:724c
[2008/03/13 00:17:05, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name samr pnum=724c (pipes_open=1)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:05, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44288
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:process_smb(1110)
Transaction 87 of length 132
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=128
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44352
smt_wct=16
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 44 (0x2C)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 84 (0x54)
smb_vwv[11]= 44 (0x2C)
smb_vwv[12]= 84 (0x54)
smb_vwv[13]= 2 (0x2)
smb_vwv[14]= 38 (0x26)
smb_vwv[15]=29257 (0x7249)
smb_bcc=61
[2008/03/13 00:17:06, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:06, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:06, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=44 params=0 setup=2
[2008/03/13 00:17:06, 5] smbd/ipc.c:handle_trans(404)
calling named_pipe
[2008/03/13 00:17:06, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2008/03/13 00:17:06, 5] smbd/ipc.c:api_fd_reply(265)
api_fd_reply
[2008/03/13 00:17:06, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:06, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:06, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 7249)
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 002c
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:06, 5]
rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
unmarshall_rpc_header: using little-endian RPC
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr_req req
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 alloc_hint: 00000014
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0004 context_id: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0006 opnum : 0000
[2008/03/13 00:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:06, 5] rpc_server/srv_pipe.c:api_pipe_request(2223)
Requested \PIPE\lsarpc
[2008/03/13 00:17:06, 4] rpc_server/srv_pipe.c:api_rpcTNP(2258)
api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_q_close
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000004
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 70 64 d8 47 29 1e 00 00
[2008/03/13 00:17:06, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:06, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 70 64
D8 47 ........ ....pd.G
[010] 29 1E 00 00 )...
[2008/03/13 00:17:06, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 lsa_io_r_close
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0000 data1: 00000000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0004 data2: 00000000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 data3: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a data4: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8s(855)
000c data5: 00 00 00 00 00 00 00 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
0014 status: NT_STATUS_OK
[2008/03/13 00:17:06, 5] rpc_server/srv_pipe.c:api_rpcTNP(2305)
api_rpcTNP: called lsarpc successfully
[2008/03/13 00:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 0
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_rpc_hdr hdr
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0000 major : 05
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0001 minor : 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0002 pkt_type : 02
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0003 flags : 03
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0004 pack_type0: 10
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0005 pack_type1: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0006 pack_type2: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0007 pack_type3: 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0008 frag_len : 0030
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
000a auth_len : 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
000c call_id : 00000004
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_debug(84)
000010 smb_io_rpc_hdr_resp resp
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint32(708)
0010 alloc_hint: 00000018
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint16(679)
0014 context_id: 0000
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0016 cancel_ct : 00
[2008/03/13 00:17:06, 5] rpc_parse/parse_prs.c:prs_uint8(615)
0017 reserved : 00
[2008/03/13 00:17:06, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..48]
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=104
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=1936
smb_uid=107
smb_mid=44352
smt_wct=10
smb_vwv[ 0]= 0 (0x0)
smb_vwv[ 1]= 48 (0x30)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 0 (0x0)
smb_vwv[ 4]= 56 (0x38)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 48 (0x30)
smb_vwv[ 7]= 56 (0x38)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_bcc=49
[2008/03/13 00:17:06, 3] smbd/process.c:process_smb(1110)
Transaction 88 of length 45
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44416
smt_wct=3
smb_vwv[ 0]=29257 (0x7249)
smb_vwv[ 1]=65535 (0xFFFF)
smb_vwv[ 2]=65535 (0xFFFF)
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:switch_message(914)
switch message SMBclose (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:06, 4] smbd/uid.c:change_to_user(178)
change_to_user: Skipping user change - already user
[2008/03/13 00:17:06, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
search for pipe pnum=7249
[2008/03/13 00:17:06, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
pipe name lsarpc pnum=7249 (pipes_open=1)
[2008/03/13 00:17:06, 5] smbd/pipes.c:reply_pipe_close(282)
reply_pipe_close: pnum:7249
[2008/03/13 00:17:06, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169)
closed pipe name lsarpc pnum=7249 (pipes_open=0)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44416
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:process_smb(1110)
Transaction 89 of length 43
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=0
smb_pid=65279
smb_uid=107
smb_mid=44480
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:switch_message(914)
switch message SMBulogoffX (pid 7721) conn 0x0
[2008/03/13 00:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:06, 3] smbd/reply.c:reply_ulogoffX(1618)
ulogoffX vuid=107
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=39
smb_com=0x74
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=107
smb_mid=44480
smt_wct=2
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:process_smb(1110)
Transaction 90 of length 39
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44544
smt_wct=0
smb_bcc=0
[2008/03/13 00:17:06, 3] smbd/process.c:switch_message(914)
switch message SMBtdis (pid 7721) conn 0x845e2d8
[2008/03/13 00:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:06, 3] smbd/service.c:close_cnum(1150)
serve (192.168.0.57) closed connection to service IPC$
[2008/03/13 00:17:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2008/03/13 00:17:06, 4] smbd/vfs.c:vfs_ChDir(741)
vfs_ChDir to /
[2008/03/13 00:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:17:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:17:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(485)
[2008/03/13 00:17:06, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=65279
smb_uid=107
smb_mid=44544
smt_wct=0
smb_bcc=0
[2008/03/13 00:18:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:18:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:18:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:18:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:19:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:19:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:19:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:19:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:19:06, 2] smbd/process.c:timeout_processing(1393)
Closing idle connection
[2008/03/13 00:19:06, 5] lib/gencache.c:gencache_shutdown(94)
Closing cache file
[2008/03/13 00:19:06, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2008/03/13 00:19:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/03/13 00:19:06, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/03/13 00:19:06, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/03/13 00:19:06, 5] smbd/uid.c:change_to_root_user(283)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2008/03/13 00:19:06, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2008/03/13 00:19:06, 3] smbd/server.c:exit_server_common(675)
Server exit (normal exit)
################### smb.conf ##################
#########
# P D C #
#########
[global]
#############################
# identification du serveur #
#############################
; nom du domaine
workgroup = EXAMPLE
; nom du serveur dans le domain
netbios name = PDC
; description qui sera affich?e chez les clients
server string = Samba Server %v on %L
#########################
# controleur de domaine #
#########################
; les clients peuvent s'authentifier sur ce serveur
domain logons = yes
; le serveur fait office de serveur wins
wins support = yes
; ce serveur sera toujours le serveur maitre avec un
; niveau de 255, pour l'instant (2005) les produits
; microsoft doivent ?tre au alentour de 70 au maximum
os level = 255
; tiens ? jour la liste de toutes les machines du domaine
; ce role doit etre accord? ? la machine qui agit en
; tant que PDC
domain master = yes
; ce serveur est le serveur de son sous reseau
local master = yes
; astuce pour etre certain de devenir le local
; master browser de son sous reseau
prefered master = yes
; l'authentification est faite sur cette machine
security = user
; les mot de passe sont crypt?s
encrypt passwords = true
; authorise les clients ? synchroniser leur horloge
time server = yes
host msdfs = yes
; option cens? augment? les performance tcp/ip
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; methode de resolution des noms
name resolve order = wins hosts bcast
; hote authoris? ? se connect?
hosts allow = 192.168.0., 192.168.1., 127.
; serveur wins annexe qui doit etre synchronis?
;remote browse sync = 192.168.0.2
; alias des comptes
username map = /etc/samba/smbusers
####################
# profile et logon #
####################
; chemin d'acces aux profiles
logon path = \\%L\profiles\%U
; script ? executer lorsque un utilisateur se connecte
logon script = logon.bat
; lettre du lecteur sur lequel sera le home de l'utilisateur
logon drive = Z:
obey pam restrictions = no
ldap passwd sync = yes
#############################
# parametre d'acces au LDAP #
#############################
; adresse du serveur LDAP
; le fait de definir 2 sources de donnees authorise
; la creation de comptes machines sur le serveur
; samba et non sur le serveur ldap. comme cela
; chacun gere ses machines mais les utilisateurs
; sont g?r? de facon globale
passdb backend = ldapsam:ldap://127.0.0.1/
; dn de l'admin du LDAP, il faut authoriser samba
; a modifier et ajouter certain attributs du LDAP
ldap admin dn = cn=Manager,dc=mondomaine,dc=net
; suffixe de la base LDAP
ldap suffix = dc=mondomaine,dc=net
; ou sont les groupes
ldap group suffix = ou=Group
; ou sont les utilisateur
ldap user suffix = ou=People
; ou sont les machines
ldap machine suffix = ou=machines
; parametre ssl
# si on veut du tls :
#ldap ssl = start tls
# si on en veut pas :
ldap ssl = no
ldap delete dn = no
##################
# journalisation #
##################
; niveau de log
log level = 5
; le log se fait par machine
log file = /var/log/samba/log.%m
; taille maximum d'un fichier de log
max log size = 1000
; horodatage des actions logg?es
debug timestamp = yes
##################################
# option concernant les fichiers #
##################################
; option pour la casse des noms de fichiers
case sensitive = yes
default case = lower
preserve case = yes
short preserve case = yes
; encodage des caracteres
Dos charset = 850
Unix charset = ISO8859-1
; masque de creation des fichiers
create mask = 0744
directory mask = 0750
; fichier cache
hide dot files = yes
; lien symbolique
follow symlinks = yes
wide links = no
; pas de compte invite
guest ok = no
[homes]
comment = repertoire de %U, %u
read only = no
writeable = yes
browseable = no
delete read only = yes
map archive = yes
# preexec = echo "(`date`) connection %u, machine %m\" >>
/tmp/samba.log
# postexec = echo "(`date`) deconnection %u, machine %m\" >>
/tmp/samba.log
[netlogon]
path = /var/samba/netlogon
browseable = no
writable = no
read only = yes
[profiles]
path = /var/samba/profiles
writeable = yes
read only = no
browseable = no
create mask = 0640
directory mask = 0700
###################### smbldap.conf ################################
SID="S-1-5-21-20043454-3907201459-4213964173"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=mondomaine,dc=net"
usersdn="ou=People,${suffix}"
computersdn="ou=machines,${suffix}"
groupsdn="ou=Group,${suffix}"
idmapdn="ou=People,${suffix}"
sambaUnixIdPooldn="cn=EXAMPLE,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="$1$%.8s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="90"
userSmbHome="\\pdc\homes\%U"
userProfile="\\pdc\profiles\%U"
userHomeDrive="U:"
userScript="logon.bat"
mailDomain="domaine.net"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
################# import.ldif ###################
# LDIF Export for: dc=mondomaine,dc=net
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on
March 13, 2008 12:01 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 30
dn: dc=mondomaine,dc=net
objectClass: dcObject
objectClass: organization
o: Example Company
dc: mondomaine
dn: cn=debian,dc=mondomaine,dc=net
gidNumber: 1000
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
cn: debian
sn: debian
uidNumber: 1015
dn: cn=Manager,dc=mondomaine,dc=net
cn: Manager
telephoneNumber: 0663057489
description: Manager du domaine
postalAddress: 15 rue du mauconduit
postalCode: 76540
postalCode: Criquetot le mauconduit
objectClass: organizationalRole
dn: ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Group
dn: cn=Account Operators,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
dn: cn=Administrators,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaD
omainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
dn: cn=Backup Operators,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up file
s
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
dn: cn=Domain Admins,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-862544283-2880828001-3584954034-512
sambaGroupType: 2
displayName: Domain Admins
dn: cn=Domain Computers,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-862544283-2880828001-3584954034-515
sambaGroupType: 2
displayName: Domain Computers
dn: cn=Domain Guests,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-862544283-2880828001-3584954034-514
sambaGroupType: 2
displayName: Domain Guests
dn: cn=Domain Users,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaGroupType: 2
displayName: Domain Users
dn: cn=Print Operators,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
dn: cn=Replicators,ou=Group,dc=mondomaine,dc=net
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
dn: ou=Idmap,dc=mondomaine,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Idmap
dn: ou=machines,dc=mondomaine,dc=net
ou: machines
objectClass: organizationalUnit
objectClass: top
dn: uid=go$,ou=machines,dc=mondomaine,dc=net
uid: go$
sambaSID: S-1-5-21-20043454-3907201459-4213964173-61002
displayName: Machine go
sambaPwdCanChange: 1205362435
sambaPwdMustChange: 2147483647
sambaLMPassword: 4BDAE471CD4144E8AAD3B435B51404EE
sambaNTPassword: F26825B02A8BE4821A1A7A9FB553E655
sambaPwdLastSet: 1205362435
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
dn: uid=moon$,ou=machines,dc=mondomaine,dc=net
uid: moon$
sambaSID: S-1-5-21-20043454-3907201459-4213964173-61004
displayName: Machine moon
sambaPwdCanChange: 1205362436
sambaPwdMustChange: 2147483647
sambaLMPassword: 11A3BD7970FA0CE5AAD3B435B51404EE
sambaNTPassword: 8AAC832554B943625D431368287760A0
sambaPwdLastSet: 1205362436
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
dn: uid=pc$,ou=machines,dc=mondomaine,dc=net
uid: pc$
sambaSID: S-1-5-21-20043454-3907201459-4213964173-61000
displayName: Machine pc
sambaPwdCanChange: 1205362434
sambaPwdMustChange: 2147483647
sambaLMPassword: 3D2D7CCD0BE9F5A4AAD3B435B51404EE
sambaNTPassword: E72882AC5015EE9987B62DBB5F506331
sambaPwdLastSet: 1205362434
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
dn: uid=serve$,ou=machines,dc=mondomaine,dc=net
uid: serve$
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3010
sambaPwdCanChange: 1205362435
sambaPwdMustChange: 2147483647
sambaLMPassword: 587574A5B695D85AAAD3B435B51404EE
sambaNTPassword: 072321F3EEF2DDA2DB88A5C7BB3628FD
sambaPwdLastSet: 1205362435
sambaAcctFlags: [W ]
objectClass: sambaSamAccount
objectClass: account
dn: ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: organizationalUnit
ou: People
dn: uid=admin,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: admin
sn: admin
givenName: admin
uid: admin
uidNumber: 1013
gidNumber: 513
homeDirectory: /home/admin
loginShell: /bin/bash
gecos: admin
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: admin
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3026
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\admin
sambaHomePath: \\debian\homes\admin
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205355551
sambaPwdMustChange: 1213131551
userPassword: {SSHA}uq0nG3pSe5yGv5/mqFUZLBwwQK5YYnNW
dn: uid=administrateur,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: administrateur
sn: administrateur
givenName: administrateur
uid: administrateur
uidNumber: 1012
gidNumber: 513
homeDirectory: /home/administrateur
loginShell: /bin/bash
gecos: administrateur
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: administrateur
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3024
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\administrateur
sambaHomePath: \\debian\homes\administrateur
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205355538
sambaPwdMustChange: 1213131538
userPassword: {SSHA}B2HM20sx7KEgNdfOjgLTHmJ1699qZkNo
dn: uid=oops,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: oops
sn: oops
givenName: oops
uid: oops
uidNumber: 1014
gidNumber: 513
homeDirectory: /home/oops
loginShell: /bin/bash
gecos: oops
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: oops
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3028
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\oops
sambaHomePath: \\debian\homes\oops
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205356669
sambaPwdMustChange: 1213132669
userPassword: {SSHA}msmU6OtxAd6w4EMwcCd0ID4IML4xUTl4
dn: uid=titi,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: titi
sn: titi
givenName: titi
uid: titi
uidNumber: 1009
gidNumber: 513
homeDirectory: /home/titi
loginShell: /bin/bash
gecos: titi
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: titi
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3018
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\titi
sambaHomePath: \\debian\homes\titi
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205355284
sambaPwdMustChange: 1213131284
userPassword: {SSHA}ATqKOe33npfM/92cgWWzscqbhdc0Y3Vw
dn: uid=toto,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: toto
sn: toto
givenName: toto
uid: toto
uidNumber: 1010
gidNumber: 513
homeDirectory: /home/toto
loginShell: /bin/bash
gecos: toto
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: toto
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3020
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\toto
sambaHomePath: \\debian\homes\toto
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205355497
sambaPwdMustChange: 1213131497
userPassword: {SSHA}v4Yzq5UPya96wLKna9zaogl93lV4ZTNP
dn: uid=tutu,ou=People,dc=mondomaine,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: tutu
sn: tutu
givenName: tutu
uid: tutu
uidNumber: 1011
gidNumber: 513
homeDirectory: /home/tutu
loginShell: /bin/bash
gecos: tutu
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: tutu
sambaSID: S-1-5-21-20043454-3907201459-4213964173-3022
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-513
sambaLogonScript: logon.bat
sambaProfilePath: \\debian\profiles\tutu
sambaHomePath: \\debian\homes\tutu
sambaHomeDrive: U:
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205355509
sambaPwdMustChange: 1213131509
userPassword: {SSHA}OW+LkWx1dbdMQGqR2AWuf2CiKEIuaW1X
dn: ou=users,dc=mondomaine,dc=net
ou: users
objectClass: organizationalUnit
objectClass: top
dn: uid=nobody,ou=Users,dc=mondomaine,dc=net
cn: nobody
sn: nobody
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD ]
sambaSID: S-1-5-21-862544283-2880828001-3584954034-2998
loginShell: /bin/false
dn: uid=root,ou=Users,dc=mondomaine,dc=net
cn: root
sn: root
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPrimaryGroupSID: S-1-5-21-862544283-2880828001-3584954034-512
sambaSID: S-1-5-21-862544283-2880828001-3584954034-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaLMPassword: 5ABB8B7D728DAD9FAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 30FE997E5B1952EADD217C9F8D01375F
sambaPwdLastSet: 1205269850
sambaPwdMustChange: 1209157850
userPassword: {SSHA}ERELK5S1k93p0lJuU/SHzuoy2q10RGww
dn: sambaDomainName=EXAMPLE,dc=mondomaine,dc=net
sambaDomainName: EXAMPLE
sambaSID: S-1-5-21-20043454-3907201459-4213964173
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBR9hnABrEXSEgvy0YAQLFAxAAnmHuYgfjKhay5GWX3kBYo4YWFYRmgfGP
fsF6i/8CtASu/vIGXh5z3127UJfJqYejTxYyJlsxOs/GQT+oeDGsAxd3yiv7b4J/
ogUaabmAT0GPq+486uoN581WC4AcSOFRWlkFybkDFZU6awq+M6Q6UAZ9rWJEN+SG
jTj/RwkMUtbQU5GtFQzamv9WWADz9w2aUzXO+iU8a9cSeTN8Gk8C/q5ddKTuj4uJ
HunDMyWxeJZfjGYe3i7oxD0UeEBbCo75tVnpUI89eeE6rJByuHvYVKn3edIh/yeN
lLpnP5zFdMUaR8SvxGINGzQLSYo+QYAbTRB7SmfHLsMAVpa9qnrxIpun2+iCLR4o
QeP5p3+8pS0KxTm+LpjKLR8Fgwu4l8mGn47sAQS/USuewhXhQmEIgcmrCdXU0Iq7
k/xgGFMIWk8LZexUwhLSZwZ54D/RmpNyqzSGyQkBbO5coCGTGJZxGdxeHelBl0z1
TLwK963ZJXeCFzr50MhtgKUU1N4Z5LTP5q/qEI0Mf08yN0i8DHbIqDAeLSJSQuJo
KTyoWeIk8ONy4oJ4YdzTirojrUohq9aAGQaAT2hSr/UwQPzdj0KayRb1lDdLrKyX
2dZIRjGHq0Ah5EXRQodSoLyEjlZJP3g1bSfs7TtSa+m01L5Z+ehYptmfEK3KOvzZ
Ja9FxltCaHo=eG/c
-----END PGP SIGNATURE-----
