Siju George
2010-Mar-30 11:06 UTC
[Samba] root is there in tdbsam but it says user name not there while Joining a Win Xp to a domain
Hi,
I have a Windows Xp that is part of Samba Domain1 on a FreeBSD.
I want to join it to Domain 2. It is a Samba server on Debian Lenny
The domain Controller for Domain2 is configured like this
=========================# testparm -s
Load smb config files from /etc/samba/smb.conf
Can't find include file /home/samba/etc/smb.conf.
Unknown parameter encountered: "SO_RCVBUF"
Ignoring unknown parameter "SO_RCVBUF"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = HIFXNX
server string = %h server
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain logons = Yes
domain master = Yes
dns proxy = No
panic action = /usr/share/samba/panic-action %d
include = /home/samba/etc/smb.conf.
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
==========================================================================================
When I try to join the Windows XP to Domain2 I use the root account (
has the same smbpaassword as the system user root ) I get the folowing
error
The following error occouurred attempting to join "domain2"
The username could not be found
The users in the samba PDC for domain2 are
srv1:~# pdbedit -L
Can't find include file /home/samba/etc/smb.conf.
Unknown parameter encountered: "SO_RCVBUF"
Ignoring unknown parameter "SO_RCVBUF"
backup:34:backup
nobody:65534:nobody
lp:7:lp
Debian-exim:101:
root:0:root
daemon:1:daemon
mail:8:mail
statd:102:
news:9:news
bin:2:bin
romym:1001:
uucp:10:uucp
hifxadm:1000:Administrator,,,
messagebus:103:
proxy:13:proxy
sys:3:sys
haldaemon:105:Hardware abstraction layer,,,
avahi:104:Avahi mDNS daemon,,,
sshd:106:
sync:4:sync
list:38:Mailing List Manager
games:5:games
irc:39:ircd
www-data:33:www-data
gnats:41:Gnats Bug-Reporting System (admin)
man:6:man
libuuid:100:
The samba log is
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[hifxnx]\[root]@[TEC-TERMINAL] with the new password interface
[2010/03/30 16:12:16, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [hifxnx]\[root]@[TEC-TERMINAL]
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [root] succeeded
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-2723056799-1276534154-4037564978-1000]
[2010/03/30 16:12:16, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
[2010/03/30 16:12:16, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/03/30 16:12:16, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/03/30 16:12:16, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088205
[2010/03/30 16:12:16, 3] smbd/password.c:register_existing_vuid(314)
register_existing_vuid: User name: root Real name: root
[2010/03/30 16:12:16, 3] smbd/password.c:register_existing_vuid(326)
register_existing_vuid: UNIX uid 0 is UNIX user root, and will be vuid 100
[2010/03/30 16:12:16, 3] smbd/password.c:register_existing_vuid(350)
Adding homes service for user 'root' using home directory:
'/root'
[2010/03/30 16:12:16, 3] param/loadparm.c:lp_add_home(5886)
adding home's share [root] for user 'root' at '/root'
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 3 of length 78 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtconX (pid 5214) conn 0x0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/service.c:make_connection_snum(944)
Connect path is '/tmp' for service [IPC$]
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] smbd/vfs.c:vfs_init_default(96)
Initialising default vfs hooks
[2010/03/30 16:12:16, 3] smbd/vfs.c:vfs_init_custom(130)
Initialising custom vfs hooks from [/[Default VFS]/]
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/service.c:make_connection_snum(1198)
tec-terminal (::ffff:172.16.50.71) connect to service IPC$ initially
as user root (uid=0, gid=0) (pid 5214)
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/reply.c:reply_tcon_and_X(727)
tconX service=IPC$
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 4 of length 104 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe lsarpc opening.
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 5 of length 140 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\lsarpc
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71d6 nwritten=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 6 of length 63 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71d6 min=1024 max=1024 nread=68
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 7 of length 172 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=84 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71d6)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 852
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 8 of length 134 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71d6)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 9 of length 134 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71d6)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 140
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 10 of length 104 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe winreg opening.
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 11 of length 140 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\winreg
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71d7 nwritten=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 12 of length 63 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71d7 min=1024 max=1024 nread=68
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 13 of length 124 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=36 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71d7)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENHKLM
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 14 of length 272 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=184 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71d7)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENKEY
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:16, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 15 of length 236 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=148 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71d7)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 36
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 16 of length 132 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71d7)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:12:16, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 17 of length 132 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71d7)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:12:16, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 18 of length 45 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 19 of length 108 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe NETLOGON opening.
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 20 of length 140 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\NETLOGON
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71d8 nwritten=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 21 of length 63 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71d8 min=1024 max=1024 nread=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 22 of length 190 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=102 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "NETLOGON" (pnum 71d8)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 75
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 23 of length 45 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 24 of length 108 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe NETLOGON opening.
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 25 of length 140 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\NETLOGON
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71d9 nwritten=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 26 of length 63 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71d9 min=1024 max=1024 nread=72
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 27 of length 234 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=146 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "NETLOGON" (pnum 71d9)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 75
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 28 of length 45 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 29 of length 132 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:16, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:16, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71d6)
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_CLOSE
[2010/03/30 16:12:16, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:16, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 30 of length 45 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 31 of length 43 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBulogoffX (pid 5214) conn 0x0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/reply.c:reply_ulogoffX(1910)
ulogoffX vuid=100
[2010/03/30 16:12:16, 3] smbd/process.c:process_smb(1570)
Transaction 32 of length 39 (0 toread)
[2010/03/30 16:12:16, 3] smbd/process.c:switch_message(1374)
switch message SMBtdis (pid 5214) conn 0xc2d330
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/service.c:close_cnum(1409)
tec-terminal (::ffff:172.16.50.71) closed connection to service IPC$
[2010/03/30 16:12:16, 3] smbd/connection.c:yield_connection(31)
Yielding connection to IPC$
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/process.c:smbd_process(2056)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2010/03/30 16:12:16, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:16, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2010/03/30 16:12:16, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[hifxnx]\[root]@[TEC-TERMINAL] with the new password interface
[2010/03/30 16:12:17, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [hifxnx]\[root]@[TEC-TERMINAL]
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [root] succeeded
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-2723056799-1276534154-4037564978-1000]
[2010/03/30 16:12:17, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
[2010/03/30 16:12:17, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/03/30 16:12:17, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/03/30 16:12:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088205
[2010/03/30 16:12:17, 3] smbd/password.c:register_existing_vuid(314)
register_existing_vuid: User name: root Real name: root
[2010/03/30 16:12:17, 3] smbd/password.c:register_existing_vuid(326)
register_existing_vuid: UNIX uid 0 is UNIX user root, and will be vuid 100
[2010/03/30 16:12:17, 3] smbd/password.c:register_existing_vuid(350)
Adding homes service for user 'root' using home directory:
'/root'
[2010/03/30 16:12:17, 3] param/loadparm.c:lp_add_home(5886)
adding home's share [root] for user 'root' at '/root'
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 3 of length 78 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtconX (pid 5216) conn 0x0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/service.c:make_connection_snum(944)
Connect path is '/tmp' for service [IPC$]
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] smbd/vfs.c:vfs_init_default(96)
Initialising default vfs hooks
[2010/03/30 16:12:17, 3] smbd/vfs.c:vfs_init_custom(130)
Initialising custom vfs hooks from [/[Default VFS]/]
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/service.c:make_connection_snum(1198)
tec-terminal (::ffff:172.16.50.71) connect to service IPC$ initially
as user root (uid=0, gid=0) (pid 5216)
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/reply.c:reply_tcon_and_X(727)
tconX service=IPC$
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 4 of length 104 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe lsarpc opening.
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 5 of length 140 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\lsarpc
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71e9 nwritten=72
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 6 of length 63 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71e9 min=1024 max=1024 nread=68
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 7 of length 172 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=84 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71e9)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 852
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 8 of length 134 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71e9)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 9 of length 134 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71e9)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 140
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 10 of length 104 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe winreg opening.
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 11 of length 140 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\winreg
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71ea nwritten=72
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 12 of length 63 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71ea min=1024 max=1024 nread=68
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 13 of length 124 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=36 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71ea)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENHKLM
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 14 of length 272 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=184 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71ea)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENKEY
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 15 of length 236 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=148 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71ea)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 36
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 16 of length 132 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71ea)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:12:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 17 of length 132 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 71ea)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:12:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 18 of length 45 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 19 of length 100 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe samr opening.
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 20 of length 140 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\samr -> \PIPE\samr
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\samr
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=71eb nwritten=72
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 21 of length 63 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=71eb min=1024 max=1024 nread=68
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 22 of length 164 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 71
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CONNECT5
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 1016
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 23 of length 140 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=52 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 64
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 24 of length 164 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN
[2010/03/30 16:12:17, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
Returning domain sid for domain HIFXNX ->
S-1-5-21-2723056799-1276534154-4037564978
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 68
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 25 of length 164 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_OPENDOMAIN
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:12:17, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 1016
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 26 of length 188 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=100 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CREATEUSER2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] passdb/pdb_interface.c:pdb_default_create_user(319)
Could not find user TEC-TERMINAL$ and no add script defined
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 425
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 27 of length 132 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CLOSE
[2010/03/30 16:12:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 28 of length 132 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 71eb)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CLOSE
[2010/03/30 16:12:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 29 of length 45 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 30 of length 132 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:12:17, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:12:17, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 71e9)
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_CLOSE
[2010/03/30 16:12:17, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:12:17, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 31 of length 45 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 32 of length 43 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBulogoffX (pid 5216) conn 0x0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/reply.c:reply_ulogoffX(1910)
ulogoffX vuid=100
[2010/03/30 16:12:17, 3] smbd/process.c:process_smb(1570)
Transaction 33 of length 39 (0 toread)
[2010/03/30 16:12:17, 3] smbd/process.c:switch_message(1374)
switch message SMBtdis (pid 5216) conn 0xc2d330
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/service.c:close_cnum(1409)
tec-terminal (::ffff:172.16.50.71) closed connection to service IPC$
[2010/03/30 16:12:17, 3] smbd/connection.c:yield_connection(31)
Yielding connection to IPC$
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/process.c:smbd_process(2056)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2010/03/30 16:12:17, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:12:17, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2010/03/30 16:12:17, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[hifxnx]\[root]@[TEC-TERMINAL] with the new password interface
[2010/03/30 16:23:35, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [hifxnx]\[root]@[TEC-TERMINAL]
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [root] succeeded
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-2723056799-1276534154-4037564978-1000]
[2010/03/30 16:23:35, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
[2010/03/30 16:23:35, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/03/30 16:23:35, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/03/30 16:23:35, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088205
[2010/03/30 16:23:35, 3] smbd/password.c:register_existing_vuid(314)
register_existing_vuid: User name: root Real name: root
[2010/03/30 16:23:35, 3] smbd/password.c:register_existing_vuid(326)
register_existing_vuid: UNIX uid 0 is UNIX user root, and will be vuid 100
[2010/03/30 16:23:35, 3] smbd/password.c:register_existing_vuid(350)
Adding homes service for user 'root' using home directory:
'/root'
[2010/03/30 16:23:35, 3] param/loadparm.c:lp_add_home(5886)
adding home's share [root] for user 'root' at '/root'
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 3 of length 78 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtconX (pid 5252) conn 0x0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/service.c:make_connection_snum(944)
Connect path is '/tmp' for service [IPC$]
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] smbd/vfs.c:vfs_init_default(96)
Initialising default vfs hooks
[2010/03/30 16:23:35, 3] smbd/vfs.c:vfs_init_custom(130)
Initialising custom vfs hooks from [/[Default VFS]/]
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/service.c:make_connection_snum(1198)
tec-terminal (::ffff:172.16.50.71) connect to service IPC$ initially
as user root (uid=0, gid=0) (pid 5252)
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/reply.c:reply_tcon_and_X(727)
tconX service=IPC$
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 4 of length 104 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe lsarpc opening.
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 5 of length 140 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\lsarpc
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74ab nwritten=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 6 of length 63 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74ab min=1024 max=1024 nread=68
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 7 of length 172 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=84 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74ab)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 852
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 8 of length 134 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74ab)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 9 of length 134 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74ab)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 140
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 10 of length 104 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe winreg opening.
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 11 of length 140 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\winreg
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74ac nwritten=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 12 of length 63 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74ac min=1024 max=1024 nread=68
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 13 of length 124 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=36 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74ac)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENHKLM
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 14 of length 272 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=184 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74ac)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENKEY
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:35, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 15 of length 236 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=148 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74ac)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 36
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 16 of length 132 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74ac)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:23:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 17 of length 132 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74ac)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:23:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 18 of length 45 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 19 of length 108 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe NETLOGON opening.
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 20 of length 140 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\NETLOGON
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74ad nwritten=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 21 of length 63 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74ad min=1024 max=1024 nread=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 22 of length 190 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=102 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "NETLOGON" (pnum 74ad)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 75
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 23 of length 45 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 24 of length 108 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe NETLOGON opening.
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 25 of length 140 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\NETLOGON
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74ae nwritten=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 26 of length 63 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74ae min=1024 max=1024 nread=72
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 27 of length 234 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=146 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "NETLOGON" (pnum 74ae)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 75
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 28 of length 45 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 29 of length 132 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:35, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:35, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74ab)
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_CLOSE
[2010/03/30 16:23:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 30 of length 45 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 31 of length 43 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBulogoffX (pid 5252) conn 0x0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/reply.c:reply_ulogoffX(1910)
ulogoffX vuid=100
[2010/03/30 16:23:35, 3] smbd/process.c:process_smb(1570)
Transaction 32 of length 39 (0 toread)
[2010/03/30 16:23:35, 3] smbd/process.c:switch_message(1374)
switch message SMBtdis (pid 5252) conn 0xc2efc0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/service.c:close_cnum(1409)
tec-terminal (::ffff:172.16.50.71) closed connection to service IPC$
[2010/03/30 16:23:35, 3] smbd/connection.c:yield_connection(31)
Yielding connection to IPC$
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/process.c:smbd_process(2056)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2010/03/30 16:23:35, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:35, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2010/03/30 16:23:35, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[hifxnx]\[root]@[TEC-TERMINAL] with the new password interface
[2010/03/30 16:23:36, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [hifxnx]\[root]@[TEC-TERMINAL]
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [root] succeeded
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-2723056799-1276534154-4037564978-1000]
[2010/03/30 16:23:36, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
[2010/03/30 16:23:36, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/03/30 16:23:36, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/03/30 16:23:36, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088205
[2010/03/30 16:23:36, 3] smbd/password.c:register_existing_vuid(314)
register_existing_vuid: User name: root Real name: root
[2010/03/30 16:23:36, 3] smbd/password.c:register_existing_vuid(326)
register_existing_vuid: UNIX uid 0 is UNIX user root, and will be vuid 100
[2010/03/30 16:23:36, 3] smbd/password.c:register_existing_vuid(350)
Adding homes service for user 'root' using home directory:
'/root'
[2010/03/30 16:23:36, 3] param/loadparm.c:lp_add_home(5886)
adding home's share [root] for user 'root' at '/root'
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 3 of length 78 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtconX (pid 5254) conn 0x0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/service.c:make_connection_snum(944)
Connect path is '/tmp' for service [IPC$]
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] smbd/vfs.c:vfs_init_default(96)
Initialising default vfs hooks
[2010/03/30 16:23:36, 3] smbd/vfs.c:vfs_init_custom(130)
Initialising custom vfs hooks from [/[Default VFS]/]
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/service.c:make_connection_snum(1198)
tec-terminal (::ffff:172.16.50.71) connect to service IPC$ initially
as user root (uid=0, gid=0) (pid 5254)
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/reply.c:reply_tcon_and_X(727)
tconX service=IPC$
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 4 of length 104 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe lsarpc opening.
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 5 of length 140 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\lsarpc
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74b6 nwritten=72
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 6 of length 63 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74b6 min=1024 max=1024 nread=68
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 7 of length 172 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=84 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74b6)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 852
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 8 of length 134 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74b6)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 9 of length 134 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=46 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74b6)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 140
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 10 of length 104 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe winreg opening.
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 11 of length 140 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\winreg
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74b7 nwritten=72
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 12 of length 63 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74b7 min=1024 max=1024 nread=68
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 13 of length 124 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=36 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74b7)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 73
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENHKLM
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 14 of length 272 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=184 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74b7)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_OPENKEY
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 15 of length 236 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=148 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74b7)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 36
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 16 of length 132 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74b7)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:23:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 17 of length 132 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "winreg" (pnum 74b7)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2010/03/30 16:23:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 18 of length 45 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 19 of length 100 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBntcreateX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/nttrans.c:nt_open_pipe(320)
nt_open_pipe: Known pipe samr opening.
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 20 of length 140 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBwriteX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
api_pipe_bind_req: \PIPE\samr -> \PIPE\samr
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:check_bind_req(991)
check_bind_req for \PIPE\samr
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_write_and_X(251)
writeX-IPC pnum=74b8 nwritten=72
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 21 of length 63 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBreadX (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/pipes.c:reply_pipe_read_and_X(301)
readX-IPC pnum=74b8 min=1024 max=1024 nread=68
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 22 of length 164 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 71
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CONNECT5
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 1016
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 23 of length 140 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=52 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 64
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 24 of length 164 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN
[2010/03/30 16:23:36, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
Returning domain sid for domain HIFXNX ->
S-1-5-21-2723056799-1276534154-4037564978
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 68
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 25 of length 164 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=76 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_OPENDOMAIN
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(249)
[2010/03/30 16:23:36, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2723056799-1276534154-4037564978-1000
se_access_check: also S-1-22-2-0
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 1016
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 26 of length 188 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=100 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CREATEUSER2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] passdb/pdb_interface.c:pdb_default_create_user(319)
Could not find user TEC-TERMINAL$ and no add script defined
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 425
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 27 of length 132 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CLOSE
[2010/03/30 16:23:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 28 of length 132 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "samr" (pnum 74b8)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: SAMR_CLOSE
[2010/03/30 16:23:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 29 of length 45 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 30 of length 132 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtrans (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/ipc.c:handle_trans(436)
trans <\PIPE\> data=44 params=0 setup=2
[2010/03/30 16:23:36, 3] smbd/ipc.c:named_pipe(387)
named pipe command on <> name
[2010/03/30 16:23:36, 3] smbd/ipc.c:api_fd_reply(345)
Got API command 0x26 on pipe "lsarpc" (pnum 74b6)
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
api_rpcTNP: rpc command: LSA_CLOSE
[2010/03/30 16:23:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
Closed policy
[2010/03/30 16:23:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
free_pipe_context: destroying talloc pool of size 0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 31 of length 45 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBclose (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 32 of length 43 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBulogoffX (pid 5254) conn 0x0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/reply.c:reply_ulogoffX(1910)
ulogoffX vuid=100
[2010/03/30 16:23:36, 3] smbd/process.c:process_smb(1570)
Transaction 33 of length 39 (0 toread)
[2010/03/30 16:23:36, 3] smbd/process.c:switch_message(1374)
switch message SMBtdis (pid 5254) conn 0xc2efc0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/service.c:close_cnum(1409)
tec-terminal (::ffff:172.16.50.71) closed connection to service IPC$
[2010/03/30 16:23:36, 3] smbd/connection.c:yield_connection(31)
Yielding connection to IPC$
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/process.c:smbd_process(2056)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2010/03/30 16:23:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/03/30 16:23:36, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2010/03/30 16:23:36, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
Maybe Matching Threads
Wisdom of the Ancients
