smbd.log

1. [2012/09/23 22:42:32.902828, 3] param/loadparm.c:9572(lp_load_ex)
2. lp_load_ex: refreshing parameters
3. [2012/09/23 22:42:32.902907, 3] param/loadparm.c:5192(init_globals)
4. Initialising global parameters
5. [2012/09/23 22:42:32.902964, 2] param/loadparm.c:4985(max_open_files)
6. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
7. [2012/09/23 22:42:32.903047, 3] ../lib/util/params.c:550(pm_process)
8. params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
9. [2012/09/23 22:42:32.903101, 3] param/loadparm.c:8310(do_section)
10. Processing section "[global]"
11. doing parameter workgroup = rlz
12. doing parameter server string = m3-laptop
13. doing parameter security = user
14. doing parameter load printers = no
15. doing parameter debug level = 10
16. [2012/09/23 22:42:32.903268, 5] ../lib/util/debug.c:330(debug_dump_status)
17. INFO: Current debug levels:
18. all: 10
19. tdb: 10
20. printdrivers: 10
21. lanman: 10
22. smb: 10
23. rpc_parse: 10
24. rpc_srv: 10
25. rpc_cli: 10
26. passdb: 10
27. sam: 10
28. auth: 10
29. winbind: 10
30. vfs: 10
31. idmap: 10
32. quota: 10
33. acls: 10
34. locking: 10
35. msdfs: 10
36. dmapi: 10
37. registry: 10
38. doing parameter log file = /var/log/samba/%m.log
39. doing parameter max log size = 5000
40. doing parameter dns proxy = no
41. doing parameter printing = bsd
42. doing parameter printcap name = /dev/null
43. doing parameter disable spoolss = yes
44. doing parameter unix extensions = no
45. doing parameter follow symlinks = yes
46. doing parameter wide links = yes
47. [2012/09/23 22:42:32.903944, 2] param/loadparm.c:8327(do_section)
48. Processing section "[writable]"
49. [2012/09/23 22:42:32.904050, 8] param/loadparm.c:6480(add_a_service)
50. add_a_service: Creating snum = 0 for writable
51. [2012/09/23 22:42:32.904104, 10] param/loadparm.c:6518(hash_a_service)
52. hash_a_service: creating servicehash
53. [2012/09/23 22:42:32.904153, 10] param/loadparm.c:6527(hash_a_service)
54. hash_a_service: hashing index 0 for service name writable
55. doing parameter comment = test
56. doing parameter writable = yes
57. doing parameter valid users = shareuser
58. doing parameter path = /home/shareuser/writable
59. [2012/09/23 22:42:32.904322, 4] param/loadparm.c:9608(lp_load_ex)
60. pm_process() returned Yes
61. [2012/09/23 22:42:32.904384, 7] param/loadparm.c:9834(lp_servicenumber)
62. lp_servicenumber: couldn't find homes
63. [2012/09/23 22:42:32.904467, 8] param/loadparm.c:6480(add_a_service)
64. add_a_service: Creating snum = 1 for IPC$
65. [2012/09/23 22:42:32.904519, 10] param/loadparm.c:6527(hash_a_service)
66. hash_a_service: hashing index 1 for service name IPC$
67. [2012/09/23 22:42:32.904576, 3] param/loadparm.c:6630(lp_add_ipc)
68. adding IPC service
69. [2012/09/23 22:42:32.904626, 10] param/loadparm_server_role.c:101(set_server_role)
70. set_server_role: role = ROLE_STANDALONE
71. [2012/09/23 22:42:32.904681, 5] ../lib/util/charset/codepoints.c:235(map_locale)
72. Substituting charset 'UTF-8' for LOCALE
73. [2012/09/23 22:42:32.904747, 6] param/loadparm.c:7490(lp_file_list_changed)
74. lp_file_list_changed()
75. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sun Sep 23 22:40:11 2012
76.  
77. [2012/09/23 22:42:32.909123, 2] lib/interface.c:341(add_interface)
78. added interface wlan0 ip=fe80::219:7eff:fe52:16d3%wlan0 bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff::
79. [2012/09/23 22:42:32.909269, 2] lib/interface.c:341(add_interface)
80. added interface wlan0 ip=192.168.178.104 bcast=192.168.178.255 netmask=255.255.255.0
81. [2012/09/23 22:42:32.909347, 3] smbd/server.c:1088(main)
82. loaded services
83. [2012/09/23 22:42:32.909404, 5] lib/util.c:242(init_names)
84. Netbios name list:-
85. my_netbios_names[0]="M3-LAPTOP"
86. [2012/09/23 22:42:32.909524, 0] smbd/server.c:1109(main)
87. standard input is not a socket, assuming -D option
88. [2012/09/23 22:42:32.909638, 3] smbd/server.c:1120(main)
89. Becoming a daemon.
90. [2012/09/23 22:42:32.909749, 8] ../lib/util/util.c:263(fcntl_lock)
91. fcntl_lock 10 6 0 1 1
92. [2012/09/23 22:42:32.909834, 8] ../lib/util/util.c:298(fcntl_lock)
93. fcntl_lock: Lock call successful
94. [2012/09/23 22:42:32.910996, 5] passdb/pdb_interface.c:71(smb_register_passdb)
95. Attempting to register passdb backend ldapsam
96. [2012/09/23 22:42:32.911074, 5] passdb/pdb_interface.c:84(smb_register_passdb)
97. Successfully added passdb backend 'ldapsam'
98. [2012/09/23 22:42:32.911126, 5] passdb/pdb_interface.c:71(smb_register_passdb)
99. Attempting to register passdb backend ldapsam_compat
100. [2012/09/23 22:42:32.911179, 5] passdb/pdb_interface.c:84(smb_register_passdb)
101. Successfully added passdb backend 'ldapsam_compat'
102. [2012/09/23 22:42:32.911231, 5] passdb/pdb_interface.c:71(smb_register_passdb)
103. Attempting to register passdb backend NDS_ldapsam
104. [2012/09/23 22:42:32.911281, 5] passdb/pdb_interface.c:84(smb_register_passdb)
105. Successfully added passdb backend 'NDS_ldapsam'
106. [2012/09/23 22:42:32.911331, 5] passdb/pdb_interface.c:71(smb_register_passdb)
107. Attempting to register passdb backend NDS_ldapsam_compat
108. [2012/09/23 22:42:32.911380, 5] passdb/pdb_interface.c:84(smb_register_passdb)
109. Successfully added passdb backend 'NDS_ldapsam_compat'
110. [2012/09/23 22:42:32.911432, 5] passdb/pdb_interface.c:71(smb_register_passdb)
111. Attempting to register passdb backend IPA_ldapsam
112. [2012/09/23 22:42:32.911483, 5] passdb/pdb_interface.c:84(smb_register_passdb)
113. Successfully added passdb backend 'IPA_ldapsam'
114. [2012/09/23 22:42:32.911535, 5] passdb/pdb_interface.c:71(smb_register_passdb)
115. Attempting to register passdb backend smbpasswd
116. [2012/09/23 22:42:32.911585, 5] passdb/pdb_interface.c:84(smb_register_passdb)
117. Successfully added passdb backend 'smbpasswd'
118. [2012/09/23 22:42:32.911636, 5] passdb/pdb_interface.c:71(smb_register_passdb)
119. Attempting to register passdb backend tdbsam
120. [2012/09/23 22:42:32.911686, 5] passdb/pdb_interface.c:84(smb_register_passdb)
121. Successfully added passdb backend 'tdbsam'
122. [2012/09/23 22:42:32.911735, 5] passdb/pdb_interface.c:71(smb_register_passdb)
123. Attempting to register passdb backend wbc_sam
124. [2012/09/23 22:42:32.911787, 5] passdb/pdb_interface.c:84(smb_register_passdb)
125. Successfully added passdb backend 'wbc_sam'
126. [2012/09/23 22:42:32.911837, 5] passdb/pdb_interface.c:141(make_pdb_method_name)
127. Attempting to find a passdb backend to match tdbsam (tdbsam)
128. [2012/09/23 22:42:32.911887, 5] passdb/pdb_interface.c:162(make_pdb_method_name)
129. Found pdb backend tdbsam
130. [2012/09/23 22:42:32.911944, 5] passdb/pdb_interface.c:173(make_pdb_method_name)
131. pdb backend tdbsam has a valid init
132. [2012/09/23 22:42:32.913095, 10] registry/reg_backend_db.c:526(regdb_init)
133. regdb_init: registry db openend. refcount reset (1)
134. [2012/09/23 22:42:32.913167, 10] registry/reg_cachehook.c:70(reghook_cache_init)
135. reghook_cache_init: new tree with default ops 0x7f0ef0501340 for key []
136. [2012/09/23 22:42:32.913424, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
137. regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
138. [2012/09/23 22:42:32.913508, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
139. regdb_unpack_values: value[0]: name[Samba Printer Port] len[2]
140. [2012/09/23 22:42:32.913564, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
141. regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
142. [2012/09/23 22:42:32.913636, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
143. regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70]
144. [2012/09/23 22:42:32.913691, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
145. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
146. [2012/09/23 22:42:32.913761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
147. regdb_unpack_values: value[0]: name[DisplayName] len[20]
148. [2012/09/23 22:42:32.913815, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
149. regdb_unpack_values: value[1]: name[ErrorControl] len[4]
150. [2012/09/23 22:42:32.913871, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
151. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
152. [2012/09/23 22:42:32.913940, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
153. regdb_unpack_values: value[0]: name[DisplayName] len[20]
154. [2012/09/23 22:42:32.914045, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
155. regdb_unpack_values: value[1]: name[ErrorControl] len[4]
156. [2012/09/23 22:42:32.914107, 10] registry/reg_cachehook.c:94(reghook_cache_add)
157. reghook_cache_add: Adding ops 0x7f0ef05014a0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers]
158. [2012/09/23 22:42:32.914159, 8] lib/adt_tree.c:215(pathtree_add)
159. pathtree_add: Enter
160. [2012/09/23 22:42:32.914215, 10] lib/adt_tree.c:282(pathtree_add)
161. pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree
162. [2012/09/23 22:42:32.914267, 8] lib/adt_tree.c:284(pathtree_add)
163. pathtree_add: Exit
164. [2012/09/23 22:42:32.914319, 10] registry/reg_cachehook.c:94(reghook_cache_add)
165. reghook_cache_add: Adding ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
166. [2012/09/23 22:42:32.914371, 8] lib/adt_tree.c:215(pathtree_add)
167. pathtree_add: Enter
168. [2012/09/23 22:42:32.914424, 10] lib/adt_tree.c:282(pathtree_add)
169. pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree
170. [2012/09/23 22:42:32.914476, 8] lib/adt_tree.c:284(pathtree_add)
171. pathtree_add: Exit
172. [2012/09/23 22:42:32.914528, 10] registry/reg_cachehook.c:94(reghook_cache_add)
173. reghook_cache_add: Adding ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
174. [2012/09/23 22:42:32.914579, 8] lib/adt_tree.c:215(pathtree_add)
175. pathtree_add: Enter
176. [2012/09/23 22:42:32.914630, 10] lib/adt_tree.c:282(pathtree_add)
177. pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree
178. [2012/09/23 22:42:32.914682, 8] lib/adt_tree.c:284(pathtree_add)
179. pathtree_add: Exit
180. [2012/09/23 22:42:32.914734, 10] registry/reg_cachehook.c:94(reghook_cache_add)
181. reghook_cache_add: Adding ops 0x7f0ef0501500 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares]
182. [2012/09/23 22:42:32.914785, 8] lib/adt_tree.c:215(pathtree_add)
183. pathtree_add: Enter
184. [2012/09/23 22:42:32.914837, 10] lib/adt_tree.c:282(pathtree_add)
185. pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree
186. [2012/09/23 22:42:32.914889, 8] lib/adt_tree.c:284(pathtree_add)
187. pathtree_add: Exit
188. [2012/09/23 22:42:32.914940, 10] registry/reg_cachehook.c:94(reghook_cache_add)
189. reghook_cache_add: Adding ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
190. [2012/09/23 22:42:32.914990, 8] lib/adt_tree.c:215(pathtree_add)
191. pathtree_add: Enter
192. [2012/09/23 22:42:32.915042, 10] lib/adt_tree.c:282(pathtree_add)
193. pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree
194. [2012/09/23 22:42:32.915092, 8] lib/adt_tree.c:284(pathtree_add)
195. pathtree_add: Exit
196. [2012/09/23 22:42:32.915144, 10] registry/reg_cachehook.c:94(reghook_cache_add)
197. reghook_cache_add: Adding ops 0x7f0ef0501560 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
198. [2012/09/23 22:42:32.915194, 8] lib/adt_tree.c:215(pathtree_add)
199. pathtree_add: Enter
200. [2012/09/23 22:42:32.915246, 10] lib/adt_tree.c:282(pathtree_add)
201. pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree
202. [2012/09/23 22:42:32.915297, 8] lib/adt_tree.c:284(pathtree_add)
203. pathtree_add: Exit
204. [2012/09/23 22:42:32.915350, 10] registry/reg_cachehook.c:94(reghook_cache_add)
205. reghook_cache_add: Adding ops 0x7f0ef05015c0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions]
206. [2012/09/23 22:42:32.915400, 8] lib/adt_tree.c:215(pathtree_add)
207. pathtree_add: Enter
208. [2012/09/23 22:42:32.915452, 10] lib/adt_tree.c:282(pathtree_add)
209. pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree
210. [2012/09/23 22:42:32.915503, 8] lib/adt_tree.c:284(pathtree_add)
211. pathtree_add: Exit
212. [2012/09/23 22:42:32.915555, 10] registry/reg_cachehook.c:94(reghook_cache_add)
213. reghook_cache_add: Adding ops 0x7f0ef0501620 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
214. [2012/09/23 22:42:32.915614, 8] lib/adt_tree.c:215(pathtree_add)
215. pathtree_add: Enter
216. [2012/09/23 22:42:32.915666, 10] lib/adt_tree.c:282(pathtree_add)
217. pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree
218. [2012/09/23 22:42:32.915717, 8] lib/adt_tree.c:284(pathtree_add)
219. pathtree_add: Exit
220. [2012/09/23 22:42:32.915768, 10] registry/reg_cachehook.c:94(reghook_cache_add)
221. reghook_cache_add: Adding ops 0x7f0ef0501680 for key [\HKPT]
222. [2012/09/23 22:42:32.915817, 8] lib/adt_tree.c:215(pathtree_add)
223. pathtree_add: Enter
224. [2012/09/23 22:42:32.915868, 10] lib/adt_tree.c:282(pathtree_add)
225. pathtree_add: Successfully added node [HKPT] to tree
226. [2012/09/23 22:42:32.915917, 8] lib/adt_tree.c:284(pathtree_add)
227. pathtree_add: Exit
228. [2012/09/23 22:42:32.915969, 10] registry/reg_cachehook.c:94(reghook_cache_add)
229. reghook_cache_add: Adding ops 0x7f0ef05016e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
230. [2012/09/23 22:42:32.916019, 8] lib/adt_tree.c:215(pathtree_add)
231. pathtree_add: Enter
232. [2012/09/23 22:42:32.916069, 10] lib/adt_tree.c:282(pathtree_add)
233. pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree
234. [2012/09/23 22:42:32.916119, 8] lib/adt_tree.c:284(pathtree_add)
235. pathtree_add: Exit
236. [2012/09/23 22:42:32.916171, 10] registry/reg_cachehook.c:94(reghook_cache_add)
237. reghook_cache_add: Adding ops 0x7f0ef0501740 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
238. [2012/09/23 22:42:32.916222, 8] lib/adt_tree.c:215(pathtree_add)
239. pathtree_add: Enter
240. [2012/09/23 22:42:32.916273, 10] lib/adt_tree.c:282(pathtree_add)
241. pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree
242. [2012/09/23 22:42:32.916324, 8] lib/adt_tree.c:284(pathtree_add)
243. pathtree_add: Exit
244. [2012/09/23 22:42:32.916373, 10] registry/reg_backend_db.c:619(regdb_close)
245. regdb_close: decrementing refcount (1->0)
246. [2012/09/23 22:42:32.916772, 5] lib/username.c:171(Get_Pwnam_alloc)
247. Finding user M3-LAPTOP\root
248. [2012/09/23 22:42:32.916828, 5] lib/username.c:116(Get_Pwnam_internals)
249. Trying _Get_Pwnam(), username as lowercase is m3-laptop\root
250. [2012/09/23 22:42:32.916919, 5] lib/username.c:124(Get_Pwnam_internals)
251. Trying _Get_Pwnam(), username as given is M3-LAPTOP\root
252. [2012/09/23 22:42:32.916998, 5] lib/username.c:134(Get_Pwnam_internals)
253. Trying _Get_Pwnam(), username as uppercase is M3-LAPTOP\ROOT
254. [2012/09/23 22:42:32.917075, 5] lib/username.c:143(Get_Pwnam_internals)
255. Checking combinations of 0 uppercase letters in m3-laptop\root
256. [2012/09/23 22:42:32.917127, 5] lib/username.c:149(Get_Pwnam_internals)
257. Get_Pwnam_internals didn't find user [M3-LAPTOP\root]!
258. [2012/09/23 22:42:32.917178, 5] lib/username.c:171(Get_Pwnam_alloc)
259. Finding user root
260. [2012/09/23 22:42:32.917228, 5] lib/username.c:116(Get_Pwnam_internals)
261. Trying _Get_Pwnam(), username as lowercase is root
262. [2012/09/23 22:42:32.917320, 5] lib/username.c:149(Get_Pwnam_internals)
263. Get_Pwnam_internals did find user [root]!
264. [2012/09/23 22:42:32.917400, 10] passdb/lookup_sid.c:76(lookup_name)
265. lookup_name: M3-LAPTOP\root => domain=[M3-LAPTOP], name=[root]
266. [2012/09/23 22:42:32.917455, 10] passdb/lookup_sid.c:77(lookup_name)
267. lookup_name: flags = 0x073
268. [2012/09/23 22:42:32.917513, 4] smbd/sec_ctx.c:214(push_sec_ctx)
269. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
270. [2012/09/23 22:42:32.917565, 4] smbd/uid.c:460(push_conn_ctx)
271. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
272. [2012/09/23 22:42:32.917618, 4] smbd/sec_ctx.c:314(set_sec_ctx)
273. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
274. [2012/09/23 22:42:32.917668, 5] ../libcli/security/security_token.c:53(security_token_debug)
275. Security token: (NULL)
276. [2012/09/23 22:42:32.917719, 5] auth/token_util.c:527(debug_unix_user_token)
277. UNIX token of user 0
278. Primary group is 0 and contains 0 supplementary groups
279. [2012/09/23 22:42:32.917852, 4] passdb/pdb_tdb.c:523(tdbsam_open)
280. tdbsam_open: successfully opened /etc/samba/private/passdb.tdb
281. [2012/09/23 22:42:32.917921, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam)
282. pdb_getsampwnam (TDB): error fetching database.
283. Key: USER_root
284. [2012/09/23 22:42:32.917995, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
285. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
286. [2012/09/23 22:42:32.918051, 4] smbd/sec_ctx.c:214(push_sec_ctx)
287. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
288. [2012/09/23 22:42:32.918101, 4] smbd/uid.c:460(push_conn_ctx)
289. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
290. [2012/09/23 22:42:32.918151, 4] smbd/sec_ctx.c:314(set_sec_ctx)
291. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
292. [2012/09/23 22:42:32.918202, 5] ../libcli/security/security_token.c:53(security_token_debug)
293. Security token: (NULL)
294. [2012/09/23 22:42:32.918251, 5] auth/token_util.c:527(debug_unix_user_token)
295. UNIX token of user 0
296. Primary group is 0 and contains 0 supplementary groups
297. [2012/09/23 22:42:32.918388, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
298. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
299. [2012/09/23 22:42:32.918446, 10] passdb/lookup_sid.c:76(lookup_name)
300. lookup_name: Unix User\root => domain=[Unix User], name=[root]
301. [2012/09/23 22:42:32.918496, 10] passdb/lookup_sid.c:77(lookup_name)
302. lookup_name: flags = 0x073
303. [2012/09/23 22:42:32.918588, 5] lib/username.c:171(Get_Pwnam_alloc)
304. Finding user root
305. [2012/09/23 22:42:32.918640, 5] lib/username.c:116(Get_Pwnam_internals)
306. Trying _Get_Pwnam(), username as lowercase is root
307. [2012/09/23 22:42:32.918692, 5] lib/username.c:149(Get_Pwnam_internals)
308. Get_Pwnam_internals did find user [root]!
309. [2012/09/23 22:42:32.918750, 10] passdb/lookup_sid.c:1544(sid_to_uid)
310. sid S-1-22-1-0 -> uid 0
311. [2012/09/23 22:42:32.918854, 10] lib/system_smbd.c:175(sys_getgrouplist)
312. sys_getgrouplist: user [root]
313. [2012/09/23 22:42:32.919023, 5] lib/gencache.c:68(gencache_init)
314. Opening cache file at /var/cache/samba/gencache.tdb
315. [2012/09/23 22:42:32.919130, 5] lib/gencache.c:111(gencache_init)
316. Opening cache file at /var/cache/samba/gencache_notrans.tdb
317. [2012/09/23 22:42:32.919283, 5] passdb/lookup_sid.c:1384(gid_to_sid)
318. gid_to_sid: winbind failed to find a sid for gid 0
319. [2012/09/23 22:42:32.919339, 4] smbd/sec_ctx.c:214(push_sec_ctx)
320. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
321. [2012/09/23 22:42:32.919390, 4] smbd/uid.c:460(push_conn_ctx)
322. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
323. [2012/09/23 22:42:32.919440, 4] smbd/sec_ctx.c:314(set_sec_ctx)
324. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
325. [2012/09/23 22:42:32.919490, 5] ../libcli/security/security_token.c:53(security_token_debug)
326. Security token: (NULL)
327. [2012/09/23 22:42:32.919539, 5] auth/token_util.c:527(debug_unix_user_token)
328. UNIX token of user 0
329. Primary group is 0 and contains 0 supplementary groups
330. [2012/09/23 22:42:32.919630, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
331. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
332. [2012/09/23 22:42:32.919683, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
333. LEGACY: gid 0 -> sid S-1-22-2-0
334. [2012/09/23 22:42:32.919759, 5] passdb/lookup_sid.c:1384(gid_to_sid)
335. gid_to_sid: winbind failed to find a sid for gid 1
336. [2012/09/23 22:42:32.919810, 4] smbd/sec_ctx.c:214(push_sec_ctx)
337. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
338. [2012/09/23 22:42:32.919861, 4] smbd/uid.c:460(push_conn_ctx)
339. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
340. [2012/09/23 22:42:32.919911, 4] smbd/sec_ctx.c:314(set_sec_ctx)
341. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
342. [2012/09/23 22:42:32.919961, 5] ../libcli/security/security_token.c:53(security_token_debug)
343. Security token: (NULL)
344. [2012/09/23 22:42:32.920009, 5] auth/token_util.c:527(debug_unix_user_token)
345. UNIX token of user 0
346. Primary group is 0 and contains 0 supplementary groups
347. [2012/09/23 22:42:32.920095, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
348. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
349. [2012/09/23 22:42:32.920147, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
350. LEGACY: gid 1 -> sid S-1-22-2-1
351. [2012/09/23 22:42:32.920219, 5] passdb/lookup_sid.c:1384(gid_to_sid)
352. gid_to_sid: winbind failed to find a sid for gid 2
353. [2012/09/23 22:42:32.920279, 4] smbd/sec_ctx.c:214(push_sec_ctx)
354. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
355. [2012/09/23 22:42:32.920331, 4] smbd/uid.c:460(push_conn_ctx)
356. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
357. [2012/09/23 22:42:32.920380, 4] smbd/sec_ctx.c:314(set_sec_ctx)
358. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
359. [2012/09/23 22:42:32.920430, 5] ../libcli/security/security_token.c:53(security_token_debug)
360. Security token: (NULL)
361. [2012/09/23 22:42:32.920479, 5] auth/token_util.c:527(debug_unix_user_token)
362. UNIX token of user 0
363. Primary group is 0 and contains 0 supplementary groups
364. [2012/09/23 22:42:32.920564, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
365. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
366. [2012/09/23 22:42:32.920615, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
367. LEGACY: gid 2 -> sid S-1-22-2-2
368. [2012/09/23 22:42:32.920722, 5] passdb/lookup_sid.c:1384(gid_to_sid)
369. gid_to_sid: winbind failed to find a sid for gid 3
370. [2012/09/23 22:42:32.920774, 4] smbd/sec_ctx.c:214(push_sec_ctx)
371. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
372. [2012/09/23 22:42:32.920825, 4] smbd/uid.c:460(push_conn_ctx)
373. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
374. [2012/09/23 22:42:32.920875, 4] smbd/sec_ctx.c:314(set_sec_ctx)
375. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
376. [2012/09/23 22:42:32.920925, 5] ../libcli/security/security_token.c:53(security_token_debug)
377. Security token: (NULL)
378. [2012/09/23 22:42:32.920974, 5] auth/token_util.c:527(debug_unix_user_token)
379. UNIX token of user 0
380. Primary group is 0 and contains 0 supplementary groups
381. [2012/09/23 22:42:32.921059, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
382. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
383. [2012/09/23 22:42:32.921111, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
384. LEGACY: gid 3 -> sid S-1-22-2-3
385. [2012/09/23 22:42:32.921182, 5] passdb/lookup_sid.c:1384(gid_to_sid)
386. gid_to_sid: winbind failed to find a sid for gid 4
387. [2012/09/23 22:42:32.921233, 4] smbd/sec_ctx.c:214(push_sec_ctx)
388. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
389. [2012/09/23 22:42:32.921284, 4] smbd/uid.c:460(push_conn_ctx)
390. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
391. [2012/09/23 22:42:32.921334, 4] smbd/sec_ctx.c:314(set_sec_ctx)
392. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
393. [2012/09/23 22:42:32.921384, 5] ../libcli/security/security_token.c:53(security_token_debug)
394. Security token: (NULL)
395. [2012/09/23 22:42:32.921433, 5] auth/token_util.c:527(debug_unix_user_token)
396. UNIX token of user 0
397. Primary group is 0 and contains 0 supplementary groups
398. [2012/09/23 22:42:32.921520, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
399. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
400. [2012/09/23 22:42:32.921572, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
401. LEGACY: gid 4 -> sid S-1-22-2-4
402. [2012/09/23 22:42:32.921645, 5] passdb/lookup_sid.c:1384(gid_to_sid)
403. gid_to_sid: winbind failed to find a sid for gid 6
404. [2012/09/23 22:42:32.921697, 4] smbd/sec_ctx.c:214(push_sec_ctx)
405. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
406. [2012/09/23 22:42:32.921748, 4] smbd/uid.c:460(push_conn_ctx)
407. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
408. [2012/09/23 22:42:32.921797, 4] smbd/sec_ctx.c:314(set_sec_ctx)
409. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
410. [2012/09/23 22:42:32.921847, 5] ../libcli/security/security_token.c:53(security_token_debug)
411. Security token: (NULL)
412. [2012/09/23 22:42:32.921896, 5] auth/token_util.c:527(debug_unix_user_token)
413. UNIX token of user 0
414. Primary group is 0 and contains 0 supplementary groups
415. [2012/09/23 22:42:32.922031, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
416. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
417. [2012/09/23 22:42:32.922086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
418. LEGACY: gid 6 -> sid S-1-22-2-6
419. [2012/09/23 22:42:32.922160, 5] passdb/lookup_sid.c:1384(gid_to_sid)
420. gid_to_sid: winbind failed to find a sid for gid 10
421. [2012/09/23 22:42:32.922213, 4] smbd/sec_ctx.c:214(push_sec_ctx)
422. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
423. [2012/09/23 22:42:32.922266, 4] smbd/uid.c:460(push_conn_ctx)
424. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
425. [2012/09/23 22:42:32.922316, 4] smbd/sec_ctx.c:314(set_sec_ctx)
426. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
427. [2012/09/23 22:42:32.922375, 5] ../libcli/security/security_token.c:53(security_token_debug)
428. Security token: (NULL)
429. [2012/09/23 22:42:32.922425, 5] auth/token_util.c:527(debug_unix_user_token)
430. UNIX token of user 0
431. Primary group is 0 and contains 0 supplementary groups
432. [2012/09/23 22:42:32.922509, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
433. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
434. [2012/09/23 22:42:32.922561, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
435. LEGACY: gid 10 -> sid S-1-22-2-10
436. [2012/09/23 22:42:32.922634, 5] passdb/lookup_sid.c:1384(gid_to_sid)
437. gid_to_sid: winbind failed to find a sid for gid 19
438. [2012/09/23 22:42:32.922685, 4] smbd/sec_ctx.c:214(push_sec_ctx)
439. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
440. [2012/09/23 22:42:32.922736, 4] smbd/uid.c:460(push_conn_ctx)
441. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
442. [2012/09/23 22:42:32.922786, 4] smbd/sec_ctx.c:314(set_sec_ctx)
443. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
444. [2012/09/23 22:42:32.922836, 5] ../libcli/security/security_token.c:53(security_token_debug)
445. Security token: (NULL)
446. [2012/09/23 22:42:32.922885, 5] auth/token_util.c:527(debug_unix_user_token)
447. UNIX token of user 0
448. Primary group is 0 and contains 0 supplementary groups
449. [2012/09/23 22:42:32.922970, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
450. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
451. [2012/09/23 22:42:32.923022, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid)
452. LEGACY: gid 19 -> sid S-1-22-2-19
453. [2012/09/23 22:42:32.923082, 10] auth/token_util.c:339(create_local_nt_token)
454. Create local NT token for S-1-22-1-0
455. [2012/09/23 22:42:32.923170, 10] passdb/lookup_sid.c:1628(sid_to_gid)
456. winbind failed to find a gid for sid S-1-5-32-544
457. [2012/09/23 22:42:32.923225, 4] smbd/sec_ctx.c:214(push_sec_ctx)
458. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
459. [2012/09/23 22:42:32.923277, 4] smbd/uid.c:460(push_conn_ctx)
460. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
461. [2012/09/23 22:42:32.923327, 4] smbd/sec_ctx.c:314(set_sec_ctx)
462. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
463. [2012/09/23 22:42:32.923377, 5] ../libcli/security/security_token.c:53(security_token_debug)
464. Security token: (NULL)
465. [2012/09/23 22:42:32.923426, 5] auth/token_util.c:527(debug_unix_user_token)
466. UNIX token of user 0
467. Primary group is 0 and contains 0 supplementary groups
468. [2012/09/23 22:42:32.923514, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
469. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
470. [2012/09/23 22:42:32.923565, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
471. LEGACY: mapping failed for sid S-1-5-32-544
472. [2012/09/23 22:42:32.923618, 4] smbd/sec_ctx.c:214(push_sec_ctx)
473. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
474. [2012/09/23 22:42:32.923669, 4] smbd/uid.c:460(push_conn_ctx)
475. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
476. [2012/09/23 22:42:32.923719, 4] smbd/sec_ctx.c:314(set_sec_ctx)
477. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
478. [2012/09/23 22:42:32.923770, 5] ../libcli/security/security_token.c:53(security_token_debug)
479. Security token: (NULL)
480. [2012/09/23 22:42:32.923819, 5] auth/token_util.c:527(debug_unix_user_token)
481. UNIX token of user 0
482. Primary group is 0 and contains 0 supplementary groups
483. [2012/09/23 22:42:32.923902, 3] auth/token_util.c:438(finalize_local_nt_token)
484. Failed to fetch domain sid for RLZ
485. [2012/09/23 22:42:32.923957, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
486. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
487. [2012/09/23 22:42:32.924056, 10] passdb/lookup_sid.c:1628(sid_to_gid)
488. winbind failed to find a gid for sid S-1-5-32-545
489. [2012/09/23 22:42:32.924110, 4] smbd/sec_ctx.c:214(push_sec_ctx)
490. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
491. [2012/09/23 22:42:32.924161, 4] smbd/uid.c:460(push_conn_ctx)
492. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
493. [2012/09/23 22:42:32.924211, 4] smbd/sec_ctx.c:314(set_sec_ctx)
494. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
495. [2012/09/23 22:42:32.924261, 5] ../libcli/security/security_token.c:53(security_token_debug)
496. Security token: (NULL)
497. [2012/09/23 22:42:32.924309, 5] auth/token_util.c:527(debug_unix_user_token)
498. UNIX token of user 0
499. Primary group is 0 and contains 0 supplementary groups
500. [2012/09/23 22:42:32.924406, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
501. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
502. [2012/09/23 22:42:32.924458, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
503. LEGACY: mapping failed for sid S-1-5-32-545
504. [2012/09/23 22:42:32.924510, 4] smbd/sec_ctx.c:214(push_sec_ctx)
505. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
506. [2012/09/23 22:42:32.924561, 4] smbd/uid.c:460(push_conn_ctx)
507. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
508. [2012/09/23 22:42:32.924611, 4] smbd/sec_ctx.c:314(set_sec_ctx)
509. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
510. [2012/09/23 22:42:32.924661, 5] ../libcli/security/security_token.c:53(security_token_debug)
511. Security token: (NULL)
512. [2012/09/23 22:42:32.924710, 5] auth/token_util.c:527(debug_unix_user_token)
513. UNIX token of user 0
514. Primary group is 0 and contains 0 supplementary groups
515. [2012/09/23 22:42:32.924791, 3] auth/token_util.c:469(finalize_local_nt_token)
516. Failed to fetch domain sid for RLZ
517. [2012/09/23 22:42:32.924845, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
518. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
519. [2012/09/23 22:42:32.924897, 4] smbd/sec_ctx.c:214(push_sec_ctx)
520. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
521. [2012/09/23 22:42:32.924948, 4] smbd/uid.c:460(push_conn_ctx)
522. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
523. [2012/09/23 22:42:32.924998, 4] smbd/sec_ctx.c:314(set_sec_ctx)
524. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
525. [2012/09/23 22:42:32.925048, 5] ../libcli/security/security_token.c:53(security_token_debug)
526. Security token: (NULL)
527. [2012/09/23 22:42:32.925096, 5] auth/token_util.c:527(debug_unix_user_token)
528. UNIX token of user 0
529. Primary group is 0 and contains 0 supplementary groups
530. [2012/09/23 22:42:32.925275, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
531. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
532. [2012/09/23 22:42:32.925384, 4] lib/privileges.c:97(get_privileges)
533. get_privileges: No privileges assigned to SID [S-1-22-1-0]
534. [2012/09/23 22:42:32.925450, 4] lib/privileges.c:97(get_privileges)
535. get_privileges: No privileges assigned to SID [S-1-22-2-0]
536. [2012/09/23 22:42:32.925510, 4] lib/privileges.c:97(get_privileges)
537. get_privileges: No privileges assigned to SID [S-1-22-2-1]
538. [2012/09/23 22:42:32.925569, 4] lib/privileges.c:97(get_privileges)
539. get_privileges: No privileges assigned to SID [S-1-22-2-2]
540. [2012/09/23 22:42:32.925628, 4] lib/privileges.c:97(get_privileges)
541. get_privileges: No privileges assigned to SID [S-1-22-2-3]
542. [2012/09/23 22:42:32.925687, 4] lib/privileges.c:97(get_privileges)
543. get_privileges: No privileges assigned to SID [S-1-22-2-4]
544. [2012/09/23 22:42:32.925746, 4] lib/privileges.c:97(get_privileges)
545. get_privileges: No privileges assigned to SID [S-1-22-2-6]
546. [2012/09/23 22:42:32.925805, 4] lib/privileges.c:97(get_privileges)
547. get_privileges: No privileges assigned to SID [S-1-22-2-10]
548. [2012/09/23 22:42:32.925864, 4] lib/privileges.c:97(get_privileges)
549. get_privileges: No privileges assigned to SID [S-1-22-2-19]
550. [2012/09/23 22:42:32.925924, 5] lib/privileges.c:175(get_privileges_for_sids)
551. get_privileges_for_sids: sid = S-1-1-0
552. Privilege set: 0x0
553. [2012/09/23 22:42:32.926001, 4] lib/privileges.c:97(get_privileges)
554. get_privileges: No privileges assigned to SID [S-1-5-2]
555. [2012/09/23 22:42:32.926059, 4] lib/privileges.c:97(get_privileges)
556. get_privileges: No privileges assigned to SID [S-1-5-11]
557. [2012/09/23 22:42:32.926183, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids)
558. wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE
559. [2012/09/23 22:42:32.926239, 4] smbd/sec_ctx.c:214(push_sec_ctx)
560. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
561. [2012/09/23 22:42:32.926290, 4] smbd/uid.c:460(push_conn_ctx)
562. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
563. [2012/09/23 22:42:32.926341, 4] smbd/sec_ctx.c:314(set_sec_ctx)
564. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
565. [2012/09/23 22:42:32.926391, 5] ../libcli/security/security_token.c:53(security_token_debug)
566. Security token: (NULL)
567. [2012/09/23 22:42:32.926440, 5] auth/token_util.c:527(debug_unix_user_token)
568. UNIX token of user 0
569. Primary group is 0 and contains 0 supplementary groups
570. [2012/09/23 22:42:32.926535, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
571. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
572. [2012/09/23 22:42:32.926587, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
573. LEGACY: mapping failed for sid S-1-1-0
574. [2012/09/23 22:42:32.926639, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
575. LEGACY: mapping failed for sid S-1-1-0
576. [2012/09/23 22:42:32.926692, 4] smbd/sec_ctx.c:214(push_sec_ctx)
577. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
578. [2012/09/23 22:42:32.926744, 4] smbd/uid.c:460(push_conn_ctx)
579. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
580. [2012/09/23 22:42:32.926793, 4] smbd/sec_ctx.c:314(set_sec_ctx)
581. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
582. [2012/09/23 22:42:32.926843, 5] ../libcli/security/security_token.c:53(security_token_debug)
583. Security token: (NULL)
584. [2012/09/23 22:42:32.926892, 5] auth/token_util.c:527(debug_unix_user_token)
585. UNIX token of user 0
586. Primary group is 0 and contains 0 supplementary groups
587. [2012/09/23 22:42:32.926980, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
588. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
589. [2012/09/23 22:42:32.927031, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
590. LEGACY: mapping failed for sid S-1-5-2
591. [2012/09/23 22:42:32.927083, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
592. LEGACY: mapping failed for sid S-1-5-2
593. [2012/09/23 22:42:32.927136, 4] smbd/sec_ctx.c:214(push_sec_ctx)
594. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
595. [2012/09/23 22:42:32.927186, 4] smbd/uid.c:460(push_conn_ctx)
596. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
597. [2012/09/23 22:42:32.927237, 4] smbd/sec_ctx.c:314(set_sec_ctx)
598. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
599. [2012/09/23 22:42:32.927287, 5] ../libcli/security/security_token.c:53(security_token_debug)
600. Security token: (NULL)
601. [2012/09/23 22:42:32.927357, 5] auth/token_util.c:527(debug_unix_user_token)
602. UNIX token of user 0
603. Primary group is 0 and contains 0 supplementary groups
604. [2012/09/23 22:42:32.927444, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
605. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
606. [2012/09/23 22:42:32.927495, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
607. LEGACY: mapping failed for sid S-1-5-11
608. [2012/09/23 22:42:32.927548, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
609. LEGACY: mapping failed for sid S-1-5-11
610. [2012/09/23 22:42:32.927602, 10] auth/auth_util.c:505(create_local_token)
611. Could not convert SID S-1-1-0 to gid, ignoring it
612. [2012/09/23 22:42:32.927654, 10] auth/auth_util.c:505(create_local_token)
613. Could not convert SID S-1-5-2 to gid, ignoring it
614. [2012/09/23 22:42:32.927706, 10] auth/auth_util.c:505(create_local_token)
615. Could not convert SID S-1-5-11 to gid, ignoring it
616. [2012/09/23 22:42:32.927760, 10] ../libcli/security/security_token.c:63(security_token_debug)
617. Security token SIDs (12):
618. SID[ 0]: S-1-22-1-0
619. SID[ 1]: S-1-22-2-0
620. SID[ 2]: S-1-22-2-1
621. SID[ 3]: S-1-22-2-2
622. SID[ 4]: S-1-22-2-3
623. SID[ 5]: S-1-22-2-4
624. SID[ 6]: S-1-22-2-6
625. SID[ 7]: S-1-22-2-10
626. SID[ 8]: S-1-22-2-19
627. SID[ 9]: S-1-1-0
628. SID[ 10]: S-1-5-2
629. SID[ 11]: S-1-5-11
630. Privileges (0x 0):
631. Rights (0x 0):
632. [2012/09/23 22:42:32.928105, 10] auth/token_util.c:527(debug_unix_user_token)
633. UNIX token of user 0
634. Primary group is 0 and contains 8 supplementary groups
635. Group[ 0]: 0
636. Group[ 1]: 1
637. Group[ 2]: 2
638. Group[ 3]: 3
639. Group[ 4]: 4
640. Group[ 5]: 6
641. Group[ 6]: 10
642. Group[ 7]: 19
643. [2012/09/23 22:42:32.928336, 5] lib/username.c:171(Get_Pwnam_alloc)
644. Finding user nobody
645. [2012/09/23 22:42:32.928387, 5] lib/username.c:116(Get_Pwnam_internals)
646. Trying _Get_Pwnam(), username as lowercase is nobody
647. [2012/09/23 22:42:32.928468, 5] lib/username.c:149(Get_Pwnam_internals)
648. Get_Pwnam_internals did find user [nobody]!
649. [2012/09/23 22:42:32.928528, 5] lib/username.c:171(Get_Pwnam_alloc)
650. Finding user M3-LAPTOP\nobody
651. [2012/09/23 22:42:32.928578, 5] lib/username.c:116(Get_Pwnam_internals)
652. Trying _Get_Pwnam(), username as lowercase is m3-laptop\nobody
653. [2012/09/23 22:42:32.928656, 5] lib/username.c:124(Get_Pwnam_internals)
654. Trying _Get_Pwnam(), username as given is M3-LAPTOP\nobody
655. [2012/09/23 22:42:32.928743, 5] lib/username.c:134(Get_Pwnam_internals)
656. Trying _Get_Pwnam(), username as uppercase is M3-LAPTOP\NOBODY
657. [2012/09/23 22:42:32.928820, 5] lib/username.c:143(Get_Pwnam_internals)
658. Checking combinations of 0 uppercase letters in m3-laptop\nobody
659. [2012/09/23 22:42:32.928871, 5] lib/username.c:149(Get_Pwnam_internals)
660. Get_Pwnam_internals didn't find user [M3-LAPTOP\nobody]!
661. [2012/09/23 22:42:32.928922, 5] lib/username.c:171(Get_Pwnam_alloc)
662. Finding user nobody
663. [2012/09/23 22:42:32.928971, 5] lib/username.c:116(Get_Pwnam_internals)
664. Trying _Get_Pwnam(), username as lowercase is nobody
665. [2012/09/23 22:42:32.929022, 5] lib/username.c:149(Get_Pwnam_internals)
666. Get_Pwnam_internals did find user [nobody]!
667. [2012/09/23 22:42:32.929076, 10] auth/token_util.c:223(create_local_nt_token_from_info3)
668. Create local NT token for nobody
669. [2012/09/23 22:42:32.929151, 10] passdb/lookup_sid.c:1628(sid_to_gid)
670. winbind failed to find a gid for sid S-1-5-32-544
671. [2012/09/23 22:42:32.929205, 4] smbd/sec_ctx.c:214(push_sec_ctx)
672. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
673. [2012/09/23 22:42:32.929256, 4] smbd/uid.c:460(push_conn_ctx)
674. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
675. [2012/09/23 22:42:32.929307, 4] smbd/sec_ctx.c:314(set_sec_ctx)
676. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
677. [2012/09/23 22:42:32.929357, 5] ../libcli/security/security_token.c:53(security_token_debug)
678. Security token: (NULL)
679. [2012/09/23 22:42:32.929406, 5] auth/token_util.c:527(debug_unix_user_token)
680. UNIX token of user 0
681. Primary group is 0 and contains 0 supplementary groups
682. [2012/09/23 22:42:32.929494, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
683. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
684. [2012/09/23 22:42:32.929546, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
685. LEGACY: mapping failed for sid S-1-5-32-544
686. [2012/09/23 22:42:32.929599, 4] smbd/sec_ctx.c:214(push_sec_ctx)
687. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
688. [2012/09/23 22:42:32.929649, 4] smbd/uid.c:460(push_conn_ctx)
689. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
690. [2012/09/23 22:42:32.929700, 4] smbd/sec_ctx.c:314(set_sec_ctx)
691. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
692. [2012/09/23 22:42:32.929750, 5] ../libcli/security/security_token.c:53(security_token_debug)
693. Security token: (NULL)
694. [2012/09/23 22:42:32.929799, 5] auth/token_util.c:527(debug_unix_user_token)
695. UNIX token of user 0
696. Primary group is 0 and contains 0 supplementary groups
697. [2012/09/23 22:42:32.929880, 3] auth/token_util.c:438(finalize_local_nt_token)
698. Failed to fetch domain sid for RLZ
699. [2012/09/23 22:42:32.929934, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
700. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
701. [2012/09/23 22:42:32.930006, 10] passdb/lookup_sid.c:1628(sid_to_gid)
702. winbind failed to find a gid for sid S-1-5-32-545
703. [2012/09/23 22:42:32.930059, 4] smbd/sec_ctx.c:214(push_sec_ctx)
704. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
705. [2012/09/23 22:42:32.930110, 4] smbd/uid.c:460(push_conn_ctx)
706. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
707. [2012/09/23 22:42:32.930160, 4] smbd/sec_ctx.c:314(set_sec_ctx)
708. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
709. [2012/09/23 22:42:32.930211, 5] ../libcli/security/security_token.c:53(security_token_debug)
710. Security token: (NULL)
711. [2012/09/23 22:42:32.930260, 5] auth/token_util.c:527(debug_unix_user_token)
712. UNIX token of user 0
713. Primary group is 0 and contains 0 supplementary groups
714. [2012/09/23 22:42:32.930348, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
715. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
716. [2012/09/23 22:42:32.930399, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
717. LEGACY: mapping failed for sid S-1-5-32-545
718. [2012/09/23 22:42:32.930452, 4] smbd/sec_ctx.c:214(push_sec_ctx)
719. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
720. [2012/09/23 22:42:32.930503, 4] smbd/uid.c:460(push_conn_ctx)
721. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
722. [2012/09/23 22:42:32.930553, 4] smbd/sec_ctx.c:314(set_sec_ctx)
723. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
724. [2012/09/23 22:42:32.930603, 5] ../libcli/security/security_token.c:53(security_token_debug)
725. Security token: (NULL)
726. [2012/09/23 22:42:32.930696, 5] auth/token_util.c:527(debug_unix_user_token)
727. UNIX token of user 0
728. Primary group is 0 and contains 0 supplementary groups
729. [2012/09/23 22:42:32.930779, 3] auth/token_util.c:469(finalize_local_nt_token)
730. Failed to fetch domain sid for RLZ
731. [2012/09/23 22:42:32.930834, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
732. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
733. [2012/09/23 22:42:32.930886, 4] smbd/sec_ctx.c:214(push_sec_ctx)
734. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
735. [2012/09/23 22:42:32.930936, 4] smbd/uid.c:460(push_conn_ctx)
736. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
737. [2012/09/23 22:42:32.930986, 4] smbd/sec_ctx.c:314(set_sec_ctx)
738. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
739. [2012/09/23 22:42:32.931036, 5] ../libcli/security/security_token.c:53(security_token_debug)
740. Security token: (NULL)
741. [2012/09/23 22:42:32.931085, 5] auth/token_util.c:527(debug_unix_user_token)
742. UNIX token of user 0
743. Primary group is 0 and contains 0 supplementary groups
744. [2012/09/23 22:42:32.931216, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
745. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
746. [2012/09/23 22:42:32.931277, 4] lib/privileges.c:97(get_privileges)
747. get_privileges: No privileges assigned to SID [S-1-5-21-1307200228-2420893719-2273888605-501]
748. [2012/09/23 22:42:32.931341, 4] lib/privileges.c:97(get_privileges)
749. get_privileges: No privileges assigned to SID [S-1-5-21-1307200228-2420893719-2273888605-514]
750. [2012/09/23 22:42:32.931403, 5] lib/privileges.c:175(get_privileges_for_sids)
751. get_privileges_for_sids: sid = S-1-1-0
752. Privilege set: 0x0
753. [2012/09/23 22:42:32.931479, 4] lib/privileges.c:97(get_privileges)
754. get_privileges: No privileges assigned to SID [S-1-5-2]
755. [2012/09/23 22:42:32.931538, 4] lib/privileges.c:97(get_privileges)
756. get_privileges: No privileges assigned to SID [S-1-5-32-546]
757. [2012/09/23 22:42:32.931684, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids)
758. wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE
759. [2012/09/23 22:42:32.931736, 4] smbd/sec_ctx.c:214(push_sec_ctx)
760. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
761. [2012/09/23 22:42:32.931788, 4] smbd/uid.c:460(push_conn_ctx)
762. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
763. [2012/09/23 22:42:32.931838, 4] smbd/sec_ctx.c:314(set_sec_ctx)
764. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
765. [2012/09/23 22:42:32.931889, 5] ../libcli/security/security_token.c:53(security_token_debug)
766. Security token: (NULL)
767. [2012/09/23 22:42:32.931938, 5] auth/token_util.c:527(debug_unix_user_token)
768. UNIX token of user 0
769. Primary group is 0 and contains 0 supplementary groups
770. [2012/09/23 22:42:32.932016, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
771. lookup_global_sam_rid: looking up RID 501.
772. [2012/09/23 22:42:32.932069, 4] smbd/sec_ctx.c:214(push_sec_ctx)
773. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
774. [2012/09/23 22:42:32.932120, 4] smbd/uid.c:460(push_conn_ctx)
775. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
776. [2012/09/23 22:42:32.932170, 4] smbd/sec_ctx.c:314(set_sec_ctx)
777. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
778. [2012/09/23 22:42:32.932221, 5] ../libcli/security/security_token.c:53(security_token_debug)
779. Security token: (NULL)
780. [2012/09/23 22:42:32.932270, 5] auth/token_util.c:527(debug_unix_user_token)
781. UNIX token of user 0
782. Primary group is 0 and contains 0 supplementary groups
783. [2012/09/23 22:42:32.932344, 6] passdb/pdb_interface.c:401(pdb_getsampwsid)
784. pdb_getsampwsid: Building guest account
785. [2012/09/23 22:42:32.932394, 5] lib/username.c:171(Get_Pwnam_alloc)
786. Finding user nobody
787. [2012/09/23 22:42:32.932444, 5] lib/username.c:116(Get_Pwnam_internals)
788. Trying _Get_Pwnam(), username as lowercase is nobody
789. [2012/09/23 22:42:32.932496, 5] lib/username.c:149(Get_Pwnam_internals)
790. Get_Pwnam_internals did find user [nobody]!
791. [2012/09/23 22:42:32.932548, 10] passdb/pdb_get_set.c:575(pdb_set_username)
792. pdb_set_username: setting username nobody, was
793. [2012/09/23 22:42:32.932607, 10] passdb/pdb_get_set.c:644(pdb_set_fullname)
794. pdb_set_full_name: setting full name nobody, was
795. [2012/09/23 22:42:32.932666, 10] passdb/pdb_get_set.c:598(pdb_set_domain)
796. pdb_set_domain: setting domain M3-LAPTOP, was
797. [2012/09/23 22:42:32.932723, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid)
798. pdb_set_user_sid: setting user sid S-1-5-21-1307200228-2420893719-2273888605-501
799. [2012/09/23 22:42:32.932778, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
800. pdb_set_user_sid_from_rid:
801. setting user sid S-1-5-21-1307200228-2420893719-2273888605-501 from rid 501
802. [2012/09/23 22:42:32.932857, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
803. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
804. [2012/09/23 22:42:32.932911, 5] lib/username.c:171(Get_Pwnam_alloc)
805. Finding user nobody
806. [2012/09/23 22:42:32.932961, 5] lib/username.c:116(Get_Pwnam_internals)
807. Trying _Get_Pwnam(), username as lowercase is nobody
808. [2012/09/23 22:42:32.933012, 5] lib/username.c:149(Get_Pwnam_internals)
809. Get_Pwnam_internals did find user [nobody]!
810. [2012/09/23 22:42:32.933067, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
811. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
812. [2012/09/23 22:42:32.933118, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid)
813. LEGACY: sid S-1-5-21-1307200228-2420893719-2273888605-501 is a User, expected a group
814. [2012/09/23 22:42:32.933174, 4] smbd/sec_ctx.c:214(push_sec_ctx)
815. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
816. [2012/09/23 22:42:32.933225, 4] smbd/uid.c:460(push_conn_ctx)
817. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
818. [2012/09/23 22:42:32.933275, 4] smbd/sec_ctx.c:314(set_sec_ctx)
819. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
820. [2012/09/23 22:42:32.933325, 5] ../libcli/security/security_token.c:53(security_token_debug)
821. Security token: (NULL)
822. [2012/09/23 22:42:32.933374, 5] auth/token_util.c:527(debug_unix_user_token)
823. UNIX token of user 0
824. Primary group is 0 and contains 0 supplementary groups
825. [2012/09/23 22:42:32.933450, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
826. lookup_global_sam_rid: looking up RID 501.
827. [2012/09/23 22:42:32.933502, 4] smbd/sec_ctx.c:214(push_sec_ctx)
828. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
829. [2012/09/23 22:42:32.933552, 4] smbd/uid.c:460(push_conn_ctx)
830. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
831. [2012/09/23 22:42:32.933602, 4] smbd/sec_ctx.c:314(set_sec_ctx)
832. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
833. [2012/09/23 22:42:32.933652, 5] ../libcli/security/security_token.c:53(security_token_debug)
834. Security token: (NULL)
835. [2012/09/23 22:42:32.933701, 5] auth/token_util.c:527(debug_unix_user_token)
836. UNIX token of user 0
837. Primary group is 0 and contains 0 supplementary groups
838. [2012/09/23 22:42:32.933775, 6] passdb/pdb_interface.c:401(pdb_getsampwsid)
839. pdb_getsampwsid: Building guest account
840. [2012/09/23 22:42:32.933825, 5] lib/username.c:171(Get_Pwnam_alloc)
841. Finding user nobody
842. [2012/09/23 22:42:32.933875, 5] lib/username.c:116(Get_Pwnam_internals)
843. Trying _Get_Pwnam(), username as lowercase is nobody
844. [2012/09/23 22:42:32.933926, 5] lib/username.c:149(Get_Pwnam_internals)
845. Get_Pwnam_internals did find user [nobody]!
846. [2012/09/23 22:42:32.933996, 10] passdb/pdb_get_set.c:575(pdb_set_username)
847. pdb_set_username: setting username nobody, was
848. [2012/09/23 22:42:32.934049, 10] passdb/pdb_get_set.c:644(pdb_set_fullname)
849. pdb_set_full_name: setting full name nobody, was
850. [2012/09/23 22:42:32.934099, 10] passdb/pdb_get_set.c:598(pdb_set_domain)
851. pdb_set_domain: setting domain M3-LAPTOP, was
852. [2012/09/23 22:42:32.934151, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid)
853. pdb_set_user_sid: setting user sid S-1-5-21-1307200228-2420893719-2273888605-501
854. [2012/09/23 22:42:32.934205, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
855. pdb_set_user_sid_from_rid:
856. setting user sid S-1-5-21-1307200228-2420893719-2273888605-501 from rid 501
857. [2012/09/23 22:42:32.934284, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
858. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
859. [2012/09/23 22:42:32.934338, 5] lib/username.c:171(Get_Pwnam_alloc)
860. Finding user nobody
861. [2012/09/23 22:42:32.934387, 5] lib/username.c:116(Get_Pwnam_internals)
862. Trying _Get_Pwnam(), username as lowercase is nobody
863. [2012/09/23 22:42:32.934439, 5] lib/username.c:149(Get_Pwnam_internals)
864. Get_Pwnam_internals did find user [nobody]!
865. [2012/09/23 22:42:32.934503, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
866. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
867. [2012/09/23 22:42:32.934554, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid)
868. LEGACY: sid S-1-5-21-1307200228-2420893719-2273888605-501 -> uid 99
869. [2012/09/23 22:42:32.934611, 4] smbd/sec_ctx.c:214(push_sec_ctx)
870. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
871. [2012/09/23 22:42:32.934662, 4] smbd/uid.c:460(push_conn_ctx)
872. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
873. [2012/09/23 22:42:32.934713, 4] smbd/sec_ctx.c:314(set_sec_ctx)
874. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
875. [2012/09/23 22:42:32.934763, 5] ../libcli/security/security_token.c:53(security_token_debug)
876. Security token: (NULL)
877. [2012/09/23 22:42:32.934812, 5] auth/token_util.c:527(debug_unix_user_token)
878. UNIX token of user 0
879. Primary group is 0 and contains 0 supplementary groups
880. [2012/09/23 22:42:32.934888, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
881. lookup_global_sam_rid: looking up RID 514.
882. [2012/09/23 22:42:32.934940, 4] smbd/sec_ctx.c:214(push_sec_ctx)
883. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
884. [2012/09/23 22:42:32.934990, 4] smbd/uid.c:460(push_conn_ctx)
885. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
886. [2012/09/23 22:42:32.935040, 4] smbd/sec_ctx.c:314(set_sec_ctx)
887. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
888. [2012/09/23 22:42:32.935090, 5] ../libcli/security/security_token.c:53(security_token_debug)
889. Security token: (NULL)
890. [2012/09/23 22:42:32.935139, 5] auth/token_util.c:527(debug_unix_user_token)
891. UNIX token of user 0
892. Primary group is 0 and contains 0 supplementary groups
893. [2012/09/23 22:42:32.935222, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid)
894. pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
895. [2012/09/23 22:42:32.935291, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
896. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
897. [2012/09/23 22:42:32.935343, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid)
898. Can't find a unix id for an unmapped group
899. [2012/09/23 22:42:32.935399, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
900. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
901. [2012/09/23 22:42:32.935450, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid)
902. LEGACY: mapping failed for sid S-1-5-21-1307200228-2420893719-2273888605-514
903. [2012/09/23 22:42:32.935505, 4] smbd/sec_ctx.c:214(push_sec_ctx)
904. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
905. [2012/09/23 22:42:32.935556, 4] smbd/uid.c:460(push_conn_ctx)
906. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
907. [2012/09/23 22:42:32.935607, 4] smbd/sec_ctx.c:314(set_sec_ctx)
908. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
909. [2012/09/23 22:42:32.935657, 5] ../libcli/security/security_token.c:53(security_token_debug)
910. Security token: (NULL)
911. [2012/09/23 22:42:32.935706, 5] auth/token_util.c:527(debug_unix_user_token)
912. UNIX token of user 0
913. Primary group is 0 and contains 0 supplementary groups
914. [2012/09/23 22:42:32.935781, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid)
915. lookup_global_sam_rid: looking up RID 514.
916. [2012/09/23 22:42:32.935833, 4] smbd/sec_ctx.c:214(push_sec_ctx)
917. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
918. [2012/09/23 22:42:32.935884, 4] smbd/uid.c:460(push_conn_ctx)
919. push_conn_ctx(0) : conn_ctx_stack_ndx = 1
920. [2012/09/23 22:42:32.935934, 4] smbd/sec_ctx.c:314(set_sec_ctx)
921. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
922. [2012/09/23 22:42:32.935984, 5] ../libcli/security/security_token.c:53(security_token_debug)
923. Security token: (NULL)
924. [2012/09/23 22:42:32.936033, 5] auth/token_util.c:527(debug_unix_user_token)
925. UNIX token of user 0
926. Primary group is 0 and contains 0 supplementary groups
927. [2012/09/23 22:42:32.936114, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid)
928. pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
929. [2012/09/23 22:42:32.936182, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
930. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
931. [2012/09/23 22:42:32.936234, 5] passdb/pdb_interface.c:1668(lookup_global_sam_rid)
932. Can't find a unix id for an unmapped group
933. [2012/09/23 22:42:32.936288, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
934. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
935. [2012/09/23 22:42:32.936348, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
936. LEGACY: mapping failed for sid S-1-5-21-1307200228-2420893719-2273888605-514
937. [2012/09/23 22:42:32.936403, 4] smbd/sec_ctx.c:214(push_sec_ctx)
938. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
939. [2012/09/23 22:42:32.936454, 4] smbd/uid.c:460(push_conn_ctx)
940. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
941. [2012/09/23 22:42:32.936504, 4] smbd/sec_ctx.c:314(set_sec_ctx)
942. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
943. [2012/09/23 22:42:32.936554, 5] ../libcli/security/security_token.c:53(security_token_debug)
944. Security token: (NULL)
945. [2012/09/23 22:42:32.936603, 5] auth/token_util.c:527(debug_unix_user_token)
946. UNIX token of user 0
947. Primary group is 0 and contains 0 supplementary groups
948. [2012/09/23 22:42:32.936691, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
949. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
950. [2012/09/23 22:42:32.936744, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
951. LEGACY: mapping failed for sid S-1-1-0
952. [2012/09/23 22:42:32.936796, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
953. LEGACY: mapping failed for sid S-1-1-0
954. [2012/09/23 22:42:32.936849, 4] smbd/sec_ctx.c:214(push_sec_ctx)
955. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
956. [2012/09/23 22:42:32.936900, 4] smbd/uid.c:460(push_conn_ctx)
957. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
958. [2012/09/23 22:42:32.936950, 4] smbd/sec_ctx.c:314(set_sec_ctx)
959. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
960. [2012/09/23 22:42:32.937000, 5] ../libcli/security/security_token.c:53(security_token_debug)
961. Security token: (NULL)
962. [2012/09/23 22:42:32.937049, 5] auth/token_util.c:527(debug_unix_user_token)
963. UNIX token of user 0
964. Primary group is 0 and contains 0 supplementary groups
965. [2012/09/23 22:42:32.937136, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
966. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
967. [2012/09/23 22:42:32.937187, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
968. LEGACY: mapping failed for sid S-1-5-2
969. [2012/09/23 22:42:32.937240, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
970. LEGACY: mapping failed for sid S-1-5-2
971. [2012/09/23 22:42:32.937302, 4] smbd/sec_ctx.c:214(push_sec_ctx)
972. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
973. [2012/09/23 22:42:32.937356, 4] smbd/uid.c:460(push_conn_ctx)
974. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
975. [2012/09/23 22:42:32.937406, 4] smbd/sec_ctx.c:314(set_sec_ctx)
976. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
977. [2012/09/23 22:42:32.937457, 5] ../libcli/security/security_token.c:53(security_token_debug)
978. Security token: (NULL)
979. [2012/09/23 22:42:32.937506, 5] auth/token_util.c:527(debug_unix_user_token)
980. UNIX token of user 0
981. Primary group is 0 and contains 0 supplementary groups
982. [2012/09/23 22:42:32.937595, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
983. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
984. [2012/09/23 22:42:32.937646, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid)
985. LEGACY: mapping failed for sid S-1-5-32-546
986. [2012/09/23 22:42:32.937699, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid)
987. LEGACY: mapping failed for sid S-1-5-32-546
988. [2012/09/23 22:42:32.937752, 10] auth/auth_util.c:505(create_local_token)
989. Could not convert SID S-1-5-21-1307200228-2420893719-2273888605-514 to gid, ignoring it
990. [2012/09/23 22:42:32.937806, 10] auth/auth_util.c:505(create_local_token)
991. Could not convert SID S-1-1-0 to gid, ignoring it
992. [2012/09/23 22:42:32.937858, 10] auth/auth_util.c:505(create_local_token)
993. Could not convert SID S-1-5-2 to gid, ignoring it
994. [2012/09/23 22:42:32.937909, 10] auth/auth_util.c:505(create_local_token)
995. Could not convert SID S-1-5-32-546 to gid, ignoring it
996. [2012/09/23 22:42:32.937965, 10] ../libcli/security/security_token.c:63(security_token_debug)
997. Security token SIDs (6):
998. SID[ 0]: S-1-5-21-1307200228-2420893719-2273888605-501
999. SID[ 1]: S-1-5-21-1307200228-2420893719-2273888605-514
1000. SID[ 2]: S-1-1-0
1001. SID[ 3]: S-1-5-2
1002. SID[ 4]: S-1-5-32-546
1003. SID[ 5]: S-1-22-1-99
1004. Privileges (0x 0):
1005. Rights (0x 0):
1006. [2012/09/23 22:42:32.938185, 10] auth/token_util.c:527(debug_unix_user_token)
1007. UNIX token of user 99
1008. Primary group is 99 and contains 0 supplementary groups
1009. [2012/09/23 22:42:32.938367, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg)
1010. Initialise the svcctl registry keys if needed.
1011. [2012/09/23 22:42:32.938422, 4] smbd/sec_ctx.c:214(push_sec_ctx)
1012. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
1013. [2012/09/23 22:42:32.938474, 4] smbd/uid.c:460(push_conn_ctx)
1014. push_conn_ctx(0) : conn_ctx_stack_ndx = 0
1015. [2012/09/23 22:42:32.938524, 4] smbd/sec_ctx.c:314(set_sec_ctx)
1016. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
1017. [2012/09/23 22:42:32.938574, 5] ../libcli/security/security_token.c:53(security_token_debug)
1018. Security token: (NULL)
1019. [2012/09/23 22:42:32.938623, 5] auth/token_util.c:527(debug_unix_user_token)
1020. UNIX token of user 0
1021. Primary group is 0 and contains 0 supplementary groups
1022. [2012/09/23 22:42:32.938734, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
1023. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
1024. [2012/09/23 22:42:32.938788, 10] registry/reg_backend_db.c:602(regdb_open)
1025. regdb_open: registry db opened. refcount reset (1)
1026. [2012/09/23 22:42:32.938856, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p)
1027. Create pipe requested \winreg
1028. [2012/09/23 22:42:32.938936, 10] rpc_server/rpc_handles.c:116(init_pipe_handles)
1029. init_pipe_handle_list: created handle list for pipe \winreg
1030. [2012/09/23 22:42:32.938990, 10] rpc_server/rpc_handles.c:133(init_pipe_handles)
1031. init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg
1032. [2012/09/23 22:42:32.939047, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p)
1033. Created internal pipe \winreg (pipes_open=0)
1034. [2012/09/23 22:42:32.939131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1035. winreg_OpenHKLM: struct winreg_OpenHKLM
1036. in: struct winreg_OpenHKLM
1037. system_name : NULL
1038. access_mask : 0x02000000 (33554432)
1039. 0: KEY_QUERY_VALUE
1040. 0: KEY_SET_VALUE
1041. 0: KEY_CREATE_SUB_KEY
1042. 0: KEY_ENUMERATE_SUB_KEYS
1043. 0: KEY_NOTIFY
1044. 0: KEY_CREATE_LINK
1045. 0: KEY_WOW64_64KEY
1046. 0: KEY_WOW64_32KEY
1047. [2012/09/23 22:42:32.939444, 7] registry/reg_api.c:141(regkey_open_onelevel)
1048. regkey_open_onelevel: name = [HKLM]
1049. [2012/09/23 22:42:32.939496, 10] registry/reg_backend_db.c:583(regdb_open)
1050. regdb_open: incrementing refcount (1->2)
1051. [2012/09/23 22:42:32.939553, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1052. reghook_cache_find: Searching for keyname [\HKLM]
1053. [2012/09/23 22:42:32.939603, 10] lib/adt_tree.c:367(pathtree_find)
1054. pathtree_find: Enter [\HKLM]
1055. [2012/09/23 22:42:32.939654, 10] lib/adt_tree.c:440(pathtree_find)
1056. pathtree_find: Exit
1057. [2012/09/23 22:42:32.939703, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1058. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
1059. [2012/09/23 22:42:32.939780, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
1060. Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1061. [0010] D2 24 00 00 .$..
1062. [2012/09/23 22:42:32.939889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1063. winreg_OpenHKLM: struct winreg_OpenHKLM
1064. out: struct winreg_OpenHKLM
1065. handle : *
1066. handle: struct policy_handle
1067. handle_type : 0x00000000 (0)
1068. uuid : 00000001-0000-0000-5f50-3874d2240000
1069. result : WERR_OK
1070. [2012/09/23 22:42:32.940161, 5] ../lib/util/charset/codepoints.c:235(map_locale)
1071. Substituting charset 'UTF-8' for LOCALE
1072. [2012/09/23 22:42:32.940227, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1073. winreg_OpenKey: struct winreg_OpenKey
1074. in: struct winreg_OpenKey
1075. parent_handle : *
1076. parent_handle: struct policy_handle
1077. handle_type : 0x00000000 (0)
1078. uuid : 00000001-0000-0000-5f50-3874d2240000
1079. keyname: struct winreg_String
1080. name_len : 0x0044 (68)
1081. name_size : 0x0044 (68)
1082. name : *
1083. name : 'SYSTEM\CurrentControlSet\Services'
1084. options : 0x00000000 (0)
1085. 0: REG_OPTION_VOLATILE
1086. 0: REG_OPTION_CREATE_LINK
1087. 0: REG_OPTION_BACKUP_RESTORE
1088. 0: REG_OPTION_OPEN_LINK
1089. access_mask : 0x02000000 (33554432)
1090. 0: KEY_QUERY_VALUE
1091. 0: KEY_SET_VALUE
1092. 0: KEY_CREATE_SUB_KEY
1093. 0: KEY_ENUMERATE_SUB_KEYS
1094. 0: KEY_NOTIFY
1095. 0: KEY_CREATE_LINK
1096. 0: KEY_WOW64_64KEY
1097. 0: KEY_WOW64_32KEY
1098. [2012/09/23 22:42:32.940916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1099. Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1100. [0010] D2 24 00 00 .$..
1101. [2012/09/23 22:42:32.941023, 7] registry/reg_api.c:141(regkey_open_onelevel)
1102. regkey_open_onelevel: name = [SYSTEM]
1103. [2012/09/23 22:42:32.941075, 10] registry/reg_backend_db.c:583(regdb_open)
1104. regdb_open: incrementing refcount (2->3)
1105. [2012/09/23 22:42:32.941129, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1106. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
1107. [2012/09/23 22:42:32.941179, 10] lib/adt_tree.c:367(pathtree_find)
1108. pathtree_find: Enter [\HKLM\SYSTEM]
1109. [2012/09/23 22:42:32.941230, 10] lib/adt_tree.c:440(pathtree_find)
1110. pathtree_find: Exit
1111. [2012/09/23 22:42:32.941278, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1112. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
1113. [2012/09/23 22:42:32.941352, 7] registry/reg_api.c:141(regkey_open_onelevel)
1114. regkey_open_onelevel: name = [CurrentControlSet]
1115. [2012/09/23 22:42:32.941405, 10] registry/reg_backend_db.c:583(regdb_open)
1116. regdb_open: incrementing refcount (3->4)
1117. [2012/09/23 22:42:32.941461, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1118. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
1119. [2012/09/23 22:42:32.941510, 10] lib/adt_tree.c:367(pathtree_find)
1120. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
1121. [2012/09/23 22:42:32.941561, 10] lib/adt_tree.c:440(pathtree_find)
1122. pathtree_find: Exit
1123. [2012/09/23 22:42:32.941610, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1124. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
1125. [2012/09/23 22:42:32.941679, 7] registry/reg_api.c:141(regkey_open_onelevel)
1126. regkey_open_onelevel: name = [Services]
1127. [2012/09/23 22:42:32.941735, 10] registry/reg_backend_db.c:583(regdb_open)
1128. regdb_open: incrementing refcount (4->5)
1129. [2012/09/23 22:42:32.941792, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1130. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
1131. [2012/09/23 22:42:32.941841, 10] lib/adt_tree.c:367(pathtree_find)
1132. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
1133. [2012/09/23 22:42:32.941893, 10] lib/adt_tree.c:440(pathtree_find)
1134. pathtree_find: Exit
1135. [2012/09/23 22:42:32.941942, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1136. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
1137. [2012/09/23 22:42:32.942021, 10] registry/reg_backend_db.c:619(regdb_close)
1138. regdb_close: decrementing refcount (5->4)
1139. [2012/09/23 22:42:32.942075, 10] registry/reg_backend_db.c:619(regdb_close)
1140. regdb_close: decrementing refcount (4->3)
1141. [2012/09/23 22:42:32.942128, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
1142. Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1143. [0010] D2 24 00 00 .$..
1144. [2012/09/23 22:42:32.942240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1145. winreg_OpenKey: struct winreg_OpenKey
1146. out: struct winreg_OpenKey
1147. handle : *
1148. handle: struct policy_handle
1149. handle_type : 0x00000000 (0)
1150. uuid : 00000002-0000-0000-5f50-3874d2240000
1151. result : WERR_OK
1152. [2012/09/23 22:42:32.942455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1153. winreg_QueryInfoKey: struct winreg_QueryInfoKey
1154. in: struct winreg_QueryInfoKey
1155. handle : *
1156. handle: struct policy_handle
1157. handle_type : 0x00000000 (0)
1158. uuid : 00000002-0000-0000-5f50-3874d2240000
1159. classname : *
1160. classname: struct winreg_String
1161. name_len : 0x0000 (0)
1162. name_size : 0x0000 (0)
1163. name : NULL
1164. [2012/09/23 22:42:32.942740, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1165. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1166. [0010] D2 24 00 00 .$..
1167. [2012/09/23 22:42:32.942845, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
1168. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0x7f0ef0501340)
1169. [2012/09/23 22:42:32.942897, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
1170. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services]
1171. [2012/09/23 22:42:32.942961, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc)
1172. regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services]
1173. [2012/09/23 22:42:32.943029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1174. winreg_QueryInfoKey: struct winreg_QueryInfoKey
1175. out: struct winreg_QueryInfoKey
1176. classname : *
1177. classname: struct winreg_String
1178. name_len : 0x0000 (0)
1179. name_size : 0x0000 (0)
1180. name : NULL
1181. num_subkeys : *
1182. num_subkeys : 0x00000007 (7)
1183. max_subkeylen : *
1184. max_subkeylen : 0x0000001c (28)
1185. max_classlen : *
1186. max_classlen : 0x00000000 (0)
1187. num_values : *
1188. num_values : 0x00000000 (0)
1189. max_valnamelen : *
1190. max_valnamelen : 0x00000002 (2)
1191. max_valbufsize : *
1192. max_valbufsize : 0x00000000 (0)
1193. secdescsize : *
1194. secdescsize : 0x00000078 (120)
1195. last_changed_time : *
1196. last_changed_time : NTTIME(0)
1197. result : WERR_OK
1198. [2012/09/23 22:42:32.943606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1199. winreg_EnumKey: struct winreg_EnumKey
1200. in: struct winreg_EnumKey
1201. handle : *
1202. handle: struct policy_handle
1203. handle_type : 0x00000000 (0)
1204. uuid : 00000002-0000-0000-5f50-3874d2240000
1205. enum_index : 0x00000000 (0)
1206. name : *
1207. name: struct winreg_StringBuf
1208. length : 0x0000 (0)
1209. size : 0x001e (30)
1210. name : *
1211. name : ''
1212. keyclass : *
1213. keyclass: struct winreg_StringBuf
1214. length : 0x0000 (0)
1215. size : 0x0002 (2)
1216. name : *
1217. name : ''
1218. last_changed_time : *
1219. last_changed_time : NTTIME(0)
1220. [2012/09/23 22:42:32.944126, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1221. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1222. [0010] D2 24 00 00 .$..
1223. [2012/09/23 22:42:32.944230, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1224. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1225. [2012/09/23 22:42:32.944282, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1226. winreg_EnumKey: struct winreg_EnumKey
1227. out: struct winreg_EnumKey
1228. name : *
1229. name: struct winreg_StringBuf
1230. length : 0x001a (26)
1231. size : 0x001e (30)
1232. name : *
1233. name : 'LanmanServer'
1234. keyclass : *
1235. keyclass: struct winreg_StringBuf
1236. length : 0x0000 (0)
1237. size : 0x0002 (2)
1238. name : *
1239. name : ''
1240. last_changed_time : *
1241. last_changed_time : NTTIME(0)
1242. result : WERR_OK
1243. [2012/09/23 22:42:32.944701, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1244. winreg_EnumKey: struct winreg_EnumKey
1245. in: struct winreg_EnumKey
1246. handle : *
1247. handle: struct policy_handle
1248. handle_type : 0x00000000 (0)
1249. uuid : 00000002-0000-0000-5f50-3874d2240000
1250. enum_index : 0x00000001 (1)
1251. name : *
1252. name: struct winreg_StringBuf
1253. length : 0x0000 (0)
1254. size : 0x001e (30)
1255. name : *
1256. name : ''
1257. keyclass : *
1258. keyclass: struct winreg_StringBuf
1259. length : 0x0000 (0)
1260. size : 0x0002 (2)
1261. name : *
1262. name : ''
1263. last_changed_time : *
1264. last_changed_time : NTTIME(0)
1265. [2012/09/23 22:42:32.945195, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1266. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1267. [0010] D2 24 00 00 .$..
1268. [2012/09/23 22:42:32.945297, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1269. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1270. [2012/09/23 22:42:32.945349, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1271. winreg_EnumKey: struct winreg_EnumKey
1272. out: struct winreg_EnumKey
1273. name : *
1274. name: struct winreg_StringBuf
1275. length : 0x0012 (18)
1276. size : 0x001e (30)
1277. name : *
1278. name : 'Eventlog'
1279. keyclass : *
1280. keyclass: struct winreg_StringBuf
1281. length : 0x0000 (0)
1282. size : 0x0002 (2)
1283. name : *
1284. name : ''
1285. last_changed_time : *
1286. last_changed_time : NTTIME(0)
1287. result : WERR_OK
1288. [2012/09/23 22:42:32.945777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1289. winreg_EnumKey: struct winreg_EnumKey
1290. in: struct winreg_EnumKey
1291. handle : *
1292. handle: struct policy_handle
1293. handle_type : 0x00000000 (0)
1294. uuid : 00000002-0000-0000-5f50-3874d2240000
1295. enum_index : 0x00000002 (2)
1296. name : *
1297. name: struct winreg_StringBuf
1298. length : 0x0000 (0)
1299. size : 0x001e (30)
1300. name : *
1301. name : ''
1302. keyclass : *
1303. keyclass: struct winreg_StringBuf
1304. length : 0x0000 (0)
1305. size : 0x0002 (2)
1306. name : *
1307. name : ''
1308. last_changed_time : *
1309. last_changed_time : NTTIME(0)
1310. [2012/09/23 22:42:32.946273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1311. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1312. [0010] D2 24 00 00 .$..
1313. [2012/09/23 22:42:32.946376, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1314. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1315. [2012/09/23 22:42:32.946428, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1316. winreg_EnumKey: struct winreg_EnumKey
1317. out: struct winreg_EnumKey
1318. name : *
1319. name: struct winreg_StringBuf
1320. length : 0x000c (12)
1321. size : 0x001e (30)
1322. name : *
1323. name : 'Tcpip'
1324. keyclass : *
1325. keyclass: struct winreg_StringBuf
1326. length : 0x0000 (0)
1327. size : 0x0002 (2)
1328. name : *
1329. name : ''
1330. last_changed_time : *
1331. last_changed_time : NTTIME(0)
1332. result : WERR_OK
1333. [2012/09/23 22:42:32.946846, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1334. winreg_EnumKey: struct winreg_EnumKey
1335. in: struct winreg_EnumKey
1336. handle : *
1337. handle: struct policy_handle
1338. handle_type : 0x00000000 (0)
1339. uuid : 00000002-0000-0000-5f50-3874d2240000
1340. enum_index : 0x00000003 (3)
1341. name : *
1342. name: struct winreg_StringBuf
1343. length : 0x0000 (0)
1344. size : 0x001e (30)
1345. name : *
1346. name : ''
1347. keyclass : *
1348. keyclass: struct winreg_StringBuf
1349. length : 0x0000 (0)
1350. size : 0x0002 (2)
1351. name : *
1352. name : ''
1353. last_changed_time : *
1354. last_changed_time : NTTIME(0)
1355. [2012/09/23 22:42:32.947363, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1356. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1357. [0010] D2 24 00 00 .$..
1358. [2012/09/23 22:42:32.947466, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1359. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1360. [2012/09/23 22:42:32.947518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1361. winreg_EnumKey: struct winreg_EnumKey
1362. out: struct winreg_EnumKey
1363. name : *
1364. name: struct winreg_StringBuf
1365. length : 0x0012 (18)
1366. size : 0x001e (30)
1367. name : *
1368. name : 'Netlogon'
1369. keyclass : *
1370. keyclass: struct winreg_StringBuf
1371. length : 0x0000 (0)
1372. size : 0x0002 (2)
1373. name : *
1374. name : ''
1375. last_changed_time : *
1376. last_changed_time : NTTIME(0)
1377. result : WERR_OK
1378. [2012/09/23 22:42:32.947935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1379. winreg_EnumKey: struct winreg_EnumKey
1380. in: struct winreg_EnumKey
1381. handle : *
1382. handle: struct policy_handle
1383. handle_type : 0x00000000 (0)
1384. uuid : 00000002-0000-0000-5f50-3874d2240000
1385. enum_index : 0x00000004 (4)
1386. name : *
1387. name: struct winreg_StringBuf
1388. length : 0x0000 (0)
1389. size : 0x001e (30)
1390. name : *
1391. name : ''
1392. keyclass : *
1393. keyclass: struct winreg_StringBuf
1394. length : 0x0000 (0)
1395. size : 0x0002 (2)
1396. name : *
1397. name : ''
1398. last_changed_time : *
1399. last_changed_time : NTTIME(0)
1400. [2012/09/23 22:42:32.948429, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1401. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1402. [0010] D2 24 00 00 .$..
1403. [2012/09/23 22:42:32.948531, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1404. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1405. [2012/09/23 22:42:32.948583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1406. winreg_EnumKey: struct winreg_EnumKey
1407. out: struct winreg_EnumKey
1408. name : *
1409. name: struct winreg_StringBuf
1410. length : 0x0010 (16)
1411. size : 0x001e (30)
1412. name : *
1413. name : 'Spooler'
1414. keyclass : *
1415. keyclass: struct winreg_StringBuf
1416. length : 0x0000 (0)
1417. size : 0x0002 (2)
1418. name : *
1419. name : ''
1420. last_changed_time : *
1421. last_changed_time : NTTIME(0)
1422. result : WERR_OK
1423. [2012/09/23 22:42:32.949004, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1424. winreg_EnumKey: struct winreg_EnumKey
1425. in: struct winreg_EnumKey
1426. handle : *
1427. handle: struct policy_handle
1428. handle_type : 0x00000000 (0)
1429. uuid : 00000002-0000-0000-5f50-3874d2240000
1430. enum_index : 0x00000005 (5)
1431. name : *
1432. name: struct winreg_StringBuf
1433. length : 0x0000 (0)
1434. size : 0x001e (30)
1435. name : *
1436. name : ''
1437. keyclass : *
1438. keyclass: struct winreg_StringBuf
1439. length : 0x0000 (0)
1440. size : 0x0002 (2)
1441. name : *
1442. name : ''
1443. last_changed_time : *
1444. last_changed_time : NTTIME(0)
1445. [2012/09/23 22:42:32.949506, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1446. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1447. [0010] D2 24 00 00 .$..
1448. [2012/09/23 22:42:32.949609, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1449. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1450. [2012/09/23 22:42:32.949661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1451. winreg_EnumKey: struct winreg_EnumKey
1452. out: struct winreg_EnumKey
1453. name : *
1454. name: struct winreg_StringBuf
1455. length : 0x001e (30)
1456. size : 0x001e (30)
1457. name : *
1458. name : 'RemoteRegistry'
1459. keyclass : *
1460. keyclass: struct winreg_StringBuf
1461. length : 0x0000 (0)
1462. size : 0x0002 (2)
1463. name : *
1464. name : ''
1465. last_changed_time : *
1466. last_changed_time : NTTIME(0)
1467. result : WERR_OK
1468. [2012/09/23 22:42:32.950078, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1469. winreg_EnumKey: struct winreg_EnumKey
1470. in: struct winreg_EnumKey
1471. handle : *
1472. handle: struct policy_handle
1473. handle_type : 0x00000000 (0)
1474. uuid : 00000002-0000-0000-5f50-3874d2240000
1475. enum_index : 0x00000006 (6)
1476. name : *
1477. name: struct winreg_StringBuf
1478. length : 0x0000 (0)
1479. size : 0x001e (30)
1480. name : *
1481. name : ''
1482. keyclass : *
1483. keyclass: struct winreg_StringBuf
1484. length : 0x0000 (0)
1485. size : 0x0002 (2)
1486. name : *
1487. name : ''
1488. last_changed_time : *
1489. last_changed_time : NTTIME(0)
1490. [2012/09/23 22:42:32.950570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1491. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1492. [0010] D2 24 00 00 .$..
1493. [2012/09/23 22:42:32.950701, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey)
1494. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services]
1495. [2012/09/23 22:42:32.950762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1496. winreg_EnumKey: struct winreg_EnumKey
1497. out: struct winreg_EnumKey
1498. name : *
1499. name: struct winreg_StringBuf
1500. length : 0x000a (10)
1501. size : 0x001e (30)
1502. name : *
1503. name : 'WINS'
1504. keyclass : *
1505. keyclass: struct winreg_StringBuf
1506. length : 0x0000 (0)
1507. size : 0x0002 (2)
1508. name : *
1509. name : ''
1510. last_changed_time : *
1511. last_changed_time : NTTIME(0)
1512. result : WERR_OK
1513. [2012/09/23 22:42:32.951200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1514. winreg_CreateKey: struct winreg_CreateKey
1515. in: struct winreg_CreateKey
1516. handle : *
1517. handle: struct policy_handle
1518. handle_type : 0x00000000 (0)
1519. uuid : 00000001-0000-0000-5f50-3874d2240000
1520. name: struct winreg_String
1521. name_len : 0x0054 (84)
1522. name_size : 0x0054 (84)
1523. name : *
1524. name : 'SYSTEM\CurrentControlSet\Services\Spooler'
1525. keyclass: struct winreg_String
1526. name_len : 0x0002 (2)
1527. name_size : 0x0002 (2)
1528. name : *
1529. name : ''
1530. options : 0x00000000 (0)
1531. 0: REG_OPTION_VOLATILE
1532. 0: REG_OPTION_CREATE_LINK
1533. 0: REG_OPTION_BACKUP_RESTORE
1534. 0: REG_OPTION_OPEN_LINK
1535. access_mask : 0x02000000 (33554432)
1536. 0: KEY_QUERY_VALUE
1537. 0: KEY_SET_VALUE
1538. 0: KEY_CREATE_SUB_KEY
1539. 0: KEY_ENUMERATE_SUB_KEYS
1540. 0: KEY_NOTIFY
1541. 0: KEY_CREATE_LINK
1542. 0: KEY_WOW64_64KEY
1543. 0: KEY_WOW64_32KEY
1544. secdesc : NULL
1545. action_taken : *
1546. action_taken : REG_ACTION_NONE (0)
1547. [2012/09/23 22:42:32.951959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1548. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1549. [0010] D2 24 00 00 .$..
1550. [2012/09/23 22:42:32.952063, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
1551. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler'
1552. [2012/09/23 22:42:32.952123, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1553. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1554. [2012/09/23 22:42:32.952177, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1555. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
1556. [2012/09/23 22:42:32.952228, 7] registry/reg_api.c:141(regkey_open_onelevel)
1557. regkey_open_onelevel: name = [SYSTEM]
1558. [2012/09/23 22:42:32.952280, 10] registry/reg_backend_db.c:583(regdb_open)
1559. regdb_open: incrementing refcount (3->4)
1560. [2012/09/23 22:42:32.952334, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1561. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
1562. [2012/09/23 22:42:32.952383, 10] lib/adt_tree.c:367(pathtree_find)
1563. pathtree_find: Enter [\HKLM\SYSTEM]
1564. [2012/09/23 22:42:32.952434, 10] lib/adt_tree.c:440(pathtree_find)
1565. pathtree_find: Exit
1566. [2012/09/23 22:42:32.952492, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1567. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
1568. [2012/09/23 22:42:32.952560, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1569. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
1570. [2012/09/23 22:42:32.952613, 7] registry/reg_api.c:141(regkey_open_onelevel)
1571. regkey_open_onelevel: name = [CurrentControlSet]
1572. [2012/09/23 22:42:32.952665, 10] registry/reg_backend_db.c:583(regdb_open)
1573. regdb_open: incrementing refcount (4->5)
1574. [2012/09/23 22:42:32.952720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1575. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
1576. [2012/09/23 22:42:32.952769, 10] lib/adt_tree.c:367(pathtree_find)
1577. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
1578. [2012/09/23 22:42:32.952821, 10] lib/adt_tree.c:440(pathtree_find)
1579. pathtree_find: Exit
1580. [2012/09/23 22:42:32.952869, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1581. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
1582. [2012/09/23 22:42:32.952937, 10] registry/reg_backend_db.c:619(regdb_close)
1583. regdb_close: decrementing refcount (5->4)
1584. [2012/09/23 22:42:32.952992, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1585. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
1586. [2012/09/23 22:42:32.953043, 7] registry/reg_api.c:141(regkey_open_onelevel)
1587. regkey_open_onelevel: name = [Services]
1588. [2012/09/23 22:42:32.953094, 10] registry/reg_backend_db.c:583(regdb_open)
1589. regdb_open: incrementing refcount (4->5)
1590. [2012/09/23 22:42:32.953149, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1591. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
1592. [2012/09/23 22:42:32.953198, 10] lib/adt_tree.c:367(pathtree_find)
1593. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
1594. [2012/09/23 22:42:32.953250, 10] lib/adt_tree.c:440(pathtree_find)
1595. pathtree_find: Exit
1596. [2012/09/23 22:42:32.953298, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1597. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
1598. [2012/09/23 22:42:32.953380, 10] registry/reg_backend_db.c:619(regdb_close)
1599. regdb_close: decrementing refcount (5->4)
1600. [2012/09/23 22:42:32.953434, 7] registry/reg_api.c:141(regkey_open_onelevel)
1601. regkey_open_onelevel: name = [Spooler]
1602. [2012/09/23 22:42:32.953486, 10] registry/reg_backend_db.c:583(regdb_open)
1603. regdb_open: incrementing refcount (4->5)
1604. [2012/09/23 22:42:32.953541, 10] registry/reg_cachehook.c:122(reghook_cache_find)
1605. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
1606. [2012/09/23 22:42:32.953591, 10] lib/adt_tree.c:367(pathtree_find)
1607. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
1608. [2012/09/23 22:42:32.953642, 10] lib/adt_tree.c:440(pathtree_find)
1609. pathtree_find: Exit
1610. [2012/09/23 22:42:32.953691, 10] registry/reg_cachehook.c:127(reghook_cache_find)
1611. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
1612. [2012/09/23 22:42:32.953760, 10] registry/reg_backend_db.c:619(regdb_close)
1613. regdb_close: decrementing refcount (5->4)
1614. [2012/09/23 22:42:32.953814, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
1615. Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1616. [0010] D2 24 00 00 .$..
1617. [2012/09/23 22:42:32.953917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1618. winreg_CreateKey: struct winreg_CreateKey
1619. out: struct winreg_CreateKey
1620. new_handle : *
1621. new_handle: struct policy_handle
1622. handle_type : 0x00000000 (0)
1623. uuid : 00000003-0000-0000-5f50-3874d2240000
1624. action_taken : *
1625. action_taken : REG_OPENED_EXISTING_KEY (2)
1626. result : WERR_OK
1627. [2012/09/23 22:42:32.954255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1628. winreg_SetValue: struct winreg_SetValue
1629. in: struct winreg_SetValue
1630. handle : *
1631. handle: struct policy_handle
1632. handle_type : 0x00000000 (0)
1633. uuid : 00000003-0000-0000-5f50-3874d2240000
1634. name: struct winreg_String
1635. name_len : 0x000c (12)
1636. name_size : 0x000c (12)
1637. name : *
1638. name : 'Start'
1639. type : REG_DWORD (4)
1640. data : *
1641. data: ARRAY(4)
1642. [0] : 0x02 (2)
1643. [1] : 0x00 (0)
1644. [2] : 0x00 (0)
1645. [3] : 0x00 (0)
1646. size : 0x00000004 (4)
1647. [2012/09/23 22:42:32.954722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1648. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1649. [0010] D2 24 00 00 .$..
1650. [2012/09/23 22:42:32.954828, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1651. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start]
1652. [2012/09/23 22:42:32.954883, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1653. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1654. [2012/09/23 22:42:32.954934, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
1655. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0x7f0ef0501340)
1656. [2012/09/23 22:42:32.954987, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
1657. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
1658. [2012/09/23 22:42:32.955055, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1659. regdb_unpack_values: value[0]: name[Start] len[4]
1660. [2012/09/23 22:42:32.955109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1661. regdb_unpack_values: value[1]: name[Type] len[4]
1662. [2012/09/23 22:42:32.955162, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1663. regdb_unpack_values: value[2]: name[ErrorControl] len[4]
1664. [2012/09/23 22:42:32.955216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1665. regdb_unpack_values: value[3]: name[ObjectName] len[24]
1666. [2012/09/23 22:42:32.955270, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1667. regdb_unpack_values: value[4]: name[DisplayName] len[28]
1668. [2012/09/23 22:42:32.955323, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1669. regdb_unpack_values: value[5]: name[ImagePath] len[54]
1670. [2012/09/23 22:42:32.955377, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
1671. regdb_unpack_values: value[6]: name[Description] len[106]
1672. [2012/09/23 22:42:32.955430, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1673. winreg_SetValue: struct winreg_SetValue
1674. out: struct winreg_SetValue
1675. result : WERR_OK
1676. [2012/09/23 22:42:32.955547, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1677. winreg_SetValue: struct winreg_SetValue
1678. in: struct winreg_SetValue
1679. handle : *
1680. handle: struct policy_handle
1681. handle_type : 0x00000000 (0)
1682. uuid : 00000003-0000-0000-5f50-3874d2240000
1683. name: struct winreg_String
1684. name_len : 0x000a (10)
1685. name_size : 0x000a (10)
1686. name : *
1687. name : 'Type'
1688. type : REG_DWORD (4)
1689. data : *
1690. data: ARRAY(4)
1691. [0] : 0x10 (16)
1692. [1] : 0x00 (0)
1693. [2] : 0x00 (0)
1694. [3] : 0x00 (0)
1695. size : 0x00000004 (4)
1696. [2012/09/23 22:42:32.956015, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1697. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1698. [0010] D2 24 00 00 .$..
1699. [2012/09/23 22:42:32.956118, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1700. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type]
1701. [2012/09/23 22:42:32.956172, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1702. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1703. [2012/09/23 22:42:32.956223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1704. winreg_SetValue: struct winreg_SetValue
1705. out: struct winreg_SetValue
1706. result : WERR_OK
1707. [2012/09/23 22:42:32.956336, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1708. winreg_SetValue: struct winreg_SetValue
1709. in: struct winreg_SetValue
1710. handle : *
1711. handle: struct policy_handle
1712. handle_type : 0x00000000 (0)
1713. uuid : 00000003-0000-0000-5f50-3874d2240000
1714. name: struct winreg_String
1715. name_len : 0x001a (26)
1716. name_size : 0x001a (26)
1717. name : *
1718. name : 'ErrorControl'
1719. type : REG_DWORD (4)
1720. data : *
1721. data: ARRAY(4)
1722. [0] : 0x01 (1)
1723. [1] : 0x00 (0)
1724. [2] : 0x00 (0)
1725. [3] : 0x00 (0)
1726. size : 0x00000004 (4)
1727. [2012/09/23 22:42:32.956792, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1728. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1729. [0010] D2 24 00 00 .$..
1730. [2012/09/23 22:42:32.956894, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1731. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl]
1732. [2012/09/23 22:42:32.956948, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1733. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1734. [2012/09/23 22:42:32.957000, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1735. winreg_SetValue: struct winreg_SetValue
1736. out: struct winreg_SetValue
1737. result : WERR_OK
1738. [2012/09/23 22:42:32.957123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1739. winreg_SetValue: struct winreg_SetValue
1740. in: struct winreg_SetValue
1741. handle : *
1742. handle: struct policy_handle
1743. handle_type : 0x00000000 (0)
1744. uuid : 00000003-0000-0000-5f50-3874d2240000
1745. name: struct winreg_String
1746. name_len : 0x0016 (22)
1747. name_size : 0x0016 (22)
1748. name : *
1749. name : 'ObjectName'
1750. type : REG_SZ (1)
1751. data : *
1752. data: ARRAY(24)
1753. [0] : 0x4c (76)
1754. [1] : 0x00 (0)
1755. [2] : 0x6f (111)
1756. [3] : 0x00 (0)
1757. [4] : 0x63 (99)
1758. [5] : 0x00 (0)
1759. [6] : 0x61 (97)
1760. [7] : 0x00 (0)
1761. [8] : 0x6c (108)
1762. [9] : 0x00 (0)
1763. [10] : 0x53 (83)
1764. [11] : 0x00 (0)
1765. [12] : 0x79 (121)
1766. [13] : 0x00 (0)
1767. [14] : 0x73 (115)
1768. [15] : 0x00 (0)
1769. [16] : 0x74 (116)
1770. [17] : 0x00 (0)
1771. [18] : 0x65 (101)
1772. [19] : 0x00 (0)
1773. [20] : 0x6d (109)
1774. [21] : 0x00 (0)
1775. [22] : 0x00 (0)
1776. [23] : 0x00 (0)
1777. size : 0x00000018 (24)
1778. [2012/09/23 22:42:32.958063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1779. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1780. [0010] D2 24 00 00 .$..
1781. [2012/09/23 22:42:32.958167, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1782. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName]
1783. [2012/09/23 22:42:32.958221, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1784. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1785. [2012/09/23 22:42:32.958273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1786. winreg_SetValue: struct winreg_SetValue
1787. out: struct winreg_SetValue
1788. result : WERR_OK
1789. [2012/09/23 22:42:32.958396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1790. winreg_SetValue: struct winreg_SetValue
1791. in: struct winreg_SetValue
1792. handle : *
1793. handle: struct policy_handle
1794. handle_type : 0x00000000 (0)
1795. uuid : 00000003-0000-0000-5f50-3874d2240000
1796. name: struct winreg_String
1797. name_len : 0x0018 (24)
1798. name_size : 0x0018 (24)
1799. name : *
1800. name : 'DisplayName'
1801. type : REG_SZ (1)
1802. data : *
1803. data: ARRAY(28)
1804. [0] : 0x50 (80)
1805. [1] : 0x00 (0)
1806. [2] : 0x72 (114)
1807. [3] : 0x00 (0)
1808. [4] : 0x69 (105)
1809. [5] : 0x00 (0)
1810. [6] : 0x6e (110)
1811. [7] : 0x00 (0)
1812. [8] : 0x74 (116)
1813. [9] : 0x00 (0)
1814. [10] : 0x20 (32)
1815. [11] : 0x00 (0)
1816. [12] : 0x53 (83)
1817. [13] : 0x00 (0)
1818. [14] : 0x70 (112)
1819. [15] : 0x00 (0)
1820. [16] : 0x6f (111)
1821. [17] : 0x00 (0)
1822. [18] : 0x6f (111)
1823. [19] : 0x00 (0)
1824. [20] : 0x6c (108)
1825. [21] : 0x00 (0)
1826. [22] : 0x65 (101)
1827. [23] : 0x00 (0)
1828. [24] : 0x72 (114)
1829. [25] : 0x00 (0)
1830. [26] : 0x00 (0)
1831. [27] : 0x00 (0)
1832. size : 0x0000001c (28)
1833. [2012/09/23 22:42:32.959418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1834. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1835. [0010] D2 24 00 00 .$..
1836. [2012/09/23 22:42:32.959520, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1837. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName]
1838. [2012/09/23 22:42:32.959574, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1839. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1840. [2012/09/23 22:42:32.959627, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1841. winreg_SetValue: struct winreg_SetValue
1842. out: struct winreg_SetValue
1843. result : WERR_OK
1844. [2012/09/23 22:42:32.959742, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1845. winreg_SetValue: struct winreg_SetValue
1846. in: struct winreg_SetValue
1847. handle : *
1848. handle: struct policy_handle
1849. handle_type : 0x00000000 (0)
1850. uuid : 00000003-0000-0000-5f50-3874d2240000
1851. name: struct winreg_String
1852. name_len : 0x0014 (20)
1853. name_size : 0x0014 (20)
1854. name : *
1855. name : 'ImagePath'
1856. type : REG_SZ (1)
1857. data : *
1858. data: ARRAY(54)
1859. [0] : 0x2f (47)
1860. [1] : 0x00 (0)
1861. [2] : 0x75 (117)
1862. [3] : 0x00 (0)
1863. [4] : 0x73 (115)
1864. [5] : 0x00 (0)
1865. [6] : 0x72 (114)
1866. [7] : 0x00 (0)
1867. [8] : 0x2f (47)
1868. [9] : 0x00 (0)
1869. [10] : 0x6c (108)
1870. [11] : 0x00 (0)
1871. [12] : 0x69 (105)
1872. [13] : 0x00 (0)
1873. [14] : 0x62 (98)
1874. [15] : 0x00 (0)
1875. [16] : 0x2f (47)
1876. [17] : 0x00 (0)
1877. [18] : 0x73 (115)
1878. [19] : 0x00 (0)
1879. [20] : 0x61 (97)
1880. [21] : 0x00 (0)
1881. [22] : 0x6d (109)
1882. [23] : 0x00 (0)
1883. [24] : 0x62 (98)
1884. [25] : 0x00 (0)
1885. [26] : 0x61 (97)
1886. [27] : 0x00 (0)
1887. [28] : 0x2f (47)
1888. [29] : 0x00 (0)
1889. [30] : 0x73 (115)
1890. [31] : 0x00 (0)
1891. [32] : 0x76 (118)
1892. [33] : 0x00 (0)
1893. [34] : 0x63 (99)
1894. [35] : 0x00 (0)
1895. [36] : 0x63 (99)
1896. [37] : 0x00 (0)
1897. [38] : 0x74 (116)
1898. [39] : 0x00 (0)
1899. [40] : 0x6c (108)
1900. [41] : 0x00 (0)
1901. [42] : 0x2f (47)
1902. [43] : 0x00 (0)
1903. [44] : 0x73 (115)
1904. [45] : 0x00 (0)
1905. [46] : 0x6d (109)
1906. [47] : 0x00 (0)
1907. [48] : 0x62 (98)
1908. [49] : 0x00 (0)
1909. [50] : 0x64 (100)
1910. [51] : 0x00 (0)
1911. [52] : 0x00 (0)
1912. [53] : 0x00 (0)
1913. size : 0x00000036 (54)
1914. [2012/09/23 22:42:32.961470, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
1915. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
1916. [0010] D2 24 00 00 .$..
1917. [2012/09/23 22:42:32.961574, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
1918. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath]
1919. [2012/09/23 22:42:32.961628, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
1920. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
1921. [2012/09/23 22:42:32.961680, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1922. winreg_SetValue: struct winreg_SetValue
1923. out: struct winreg_SetValue
1924. result : WERR_OK
1925. [2012/09/23 22:42:32.961796, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
1926. winreg_SetValue: struct winreg_SetValue
1927. in: struct winreg_SetValue
1928. handle : *
1929. handle: struct policy_handle
1930. handle_type : 0x00000000 (0)
1931. uuid : 00000003-0000-0000-5f50-3874d2240000
1932. name: struct winreg_String
1933. name_len : 0x0018 (24)
1934. name_size : 0x0018 (24)
1935. name : *
1936. name : 'Description'
1937. type : REG_SZ (1)
1938. data : *
1939. data: ARRAY(106)
1940. [0] : 0x49 (73)
1941. [1] : 0x00 (0)
1942. [2] : 0x6e (110)
1943. [3] : 0x00 (0)
1944. [4] : 0x74 (116)
1945. [5] : 0x00 (0)
1946. [6] : 0x65 (101)
1947. [7] : 0x00 (0)
1948. [8] : 0x72 (114)
1949. [9] : 0x00 (0)
1950. [10] : 0x6e (110)
1951. [11] : 0x00 (0)
1952. [12] : 0x61 (97)
1953. [13] : 0x00 (0)
1954. [14] : 0x6c (108)
1955. [15] : 0x00 (0)
1956. [16] : 0x20 (32)
1957. [17] : 0x00 (0)
1958. [18] : 0x73 (115)
1959. [19] : 0x00 (0)
1960. [20] : 0x65 (101)
1961. [21] : 0x00 (0)
1962. [22] : 0x72 (114)
1963. [23] : 0x00 (0)
1964. [24] : 0x76 (118)
1965. [25] : 0x00 (0)
1966. [26] : 0x69 (105)
1967. [27] : 0x00 (0)
1968. [28] : 0x63 (99)
1969. [29] : 0x00 (0)
1970. [30] : 0x65 (101)
1971. [31] : 0x00 (0)
1972. [32] : 0x20 (32)
1973. [33] : 0x00 (0)
1974. [34] : 0x66 (102)
1975. [35] : 0x00 (0)
1976. [36] : 0x6f (111)
1977. [37] : 0x00 (0)
1978. [38] : 0x72 (114)
1979. [39] : 0x00 (0)
1980. [40] : 0x20 (32)
1981. [41] : 0x00 (0)
1982. [42] : 0x73 (115)
1983. [43] : 0x00 (0)
1984. [44] : 0x70 (112)
1985. [45] : 0x00 (0)
1986. [46] : 0x6f (111)
1987. [47] : 0x00 (0)
1988. [48] : 0x6f (111)
1989. [49] : 0x00 (0)
1990. [50] : 0x6c (108)
1991. [51] : 0x00 (0)
1992. [52] : 0x69 (105)
1993. [53] : 0x00 (0)
1994. [54] : 0x6e (110)
1995. [55] : 0x00 (0)
1996. [56] : 0x67 (103)
1997. [57] : 0x00 (0)
1998. [58] : 0x20 (32)
1999. [59] : 0x00 (0)
2000. [60] : 0x66 (102)
2001. [61] : 0x00 (0)
2002. [62] : 0x69 (105)
2003. [63] : 0x00 (0)
2004. [64] : 0x6c (108)
2005. [65] : 0x00 (0)
2006. [66] : 0x65 (101)
2007. [67] : 0x00 (0)
2008. [68] : 0x73 (115)
2009. [69] : 0x00 (0)
2010. [70] : 0x20 (32)
2011. [71] : 0x00 (0)
2012. [72] : 0x74 (116)
2013. [73] : 0x00 (0)
2014. [74] : 0x6f (111)
2015. [75] : 0x00 (0)
2016. [76] : 0x20 (32)
2017. [77] : 0x00 (0)
2018. [78] : 0x70 (112)
2019. [79] : 0x00 (0)
2020. [80] : 0x72 (114)
2021. [81] : 0x00 (0)
2022. [82] : 0x69 (105)
2023. [83] : 0x00 (0)
2024. [84] : 0x6e (110)
2025. [85] : 0x00 (0)
2026. [86] : 0x74 (116)
2027. [87] : 0x00 (0)
2028. [88] : 0x20 (32)
2029. [89] : 0x00 (0)
2030. [90] : 0x64 (100)
2031. [91] : 0x00 (0)
2032. [92] : 0x65 (101)
2033. [93] : 0x00 (0)
2034. [94] : 0x76 (118)
2035. [95] : 0x00 (0)
2036. [96] : 0x69 (105)
2037. [97] : 0x00 (0)
2038. [98] : 0x63 (99)
2039. [99] : 0x00 (0)
2040. [100] : 0x65 (101)
2041. [101] : 0x00 (0)
2042. [102] : 0x73 (115)
2043. [103] : 0x00 (0)
2044. [104] : 0x00 (0)
2045. [105] : 0x00 (0)
2046. size : 0x0000006a (106)
2047. [2012/09/23 22:42:32.964629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2048. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2049. [0010] D2 24 00 00 .$..
2050. [2012/09/23 22:42:32.964734, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2051. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description]
2052. [2012/09/23 22:42:32.964789, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2053. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2054. [2012/09/23 22:42:32.964840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2055. winreg_SetValue: struct winreg_SetValue
2056. out: struct winreg_SetValue
2057. result : WERR_OK
2058. [2012/09/23 22:42:32.964969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2059. winreg_CloseKey: struct winreg_CloseKey
2060. in: struct winreg_CloseKey
2061. handle : *
2062. handle: struct policy_handle
2063. handle_type : 0x00000000 (0)
2064. uuid : 00000003-0000-0000-5f50-3874d2240000
2065. [2012/09/23 22:42:32.965145, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2066. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2067. [0010] D2 24 00 00 .$..
2068. [2012/09/23 22:42:32.965249, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2069. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2070. [0010] D2 24 00 00 .$..
2071. [2012/09/23 22:42:32.965350, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
2072. Closed policy
2073. [2012/09/23 22:42:32.965403, 10] registry/reg_backend_db.c:619(regdb_close)
2074. regdb_close: decrementing refcount (4->3)
2075. [2012/09/23 22:42:32.965454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2076. winreg_CloseKey: struct winreg_CloseKey
2077. out: struct winreg_CloseKey
2078. handle : *
2079. handle: struct policy_handle
2080. handle_type : 0x00000000 (0)
2081. uuid : 00000000-0000-0000-0000-000000000000
2082. result : WERR_OK
2083. [2012/09/23 22:42:32.965667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2084. winreg_CreateKey: struct winreg_CreateKey
2085. in: struct winreg_CreateKey
2086. handle : *
2087. handle: struct policy_handle
2088. handle_type : 0x00000000 (0)
2089. uuid : 00000001-0000-0000-5f50-3874d2240000
2090. name: struct winreg_String
2091. name_len : 0x0066 (102)
2092. name_size : 0x0066 (102)
2093. name : *
2094. name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security'
2095. keyclass: struct winreg_String
2096. name_len : 0x0002 (2)
2097. name_size : 0x0002 (2)
2098. name : *
2099. name : ''
2100. options : 0x00000000 (0)
2101. 0: REG_OPTION_VOLATILE
2102. 0: REG_OPTION_CREATE_LINK
2103. 0: REG_OPTION_BACKUP_RESTORE
2104. 0: REG_OPTION_OPEN_LINK
2105. access_mask : 0x02000000 (33554432)
2106. 0: KEY_QUERY_VALUE
2107. 0: KEY_SET_VALUE
2108. 0: KEY_CREATE_SUB_KEY
2109. 0: KEY_ENUMERATE_SUB_KEYS
2110. 0: KEY_NOTIFY
2111. 0: KEY_CREATE_LINK
2112. 0: KEY_WOW64_64KEY
2113. 0: KEY_WOW64_32KEY
2114. secdesc : NULL
2115. action_taken : *
2116. action_taken : REG_OPENED_EXISTING_KEY (2)
2117. [2012/09/23 22:42:32.966444, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2118. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2119. [0010] D2 24 00 00 .$..
2120. [2012/09/23 22:42:32.966621, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
2121. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security'
2122. [2012/09/23 22:42:32.966679, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2123. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2124. [2012/09/23 22:42:32.966733, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2125. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2126. [2012/09/23 22:42:32.966784, 7] registry/reg_api.c:141(regkey_open_onelevel)
2127. regkey_open_onelevel: name = [SYSTEM]
2128. [2012/09/23 22:42:32.966835, 10] registry/reg_backend_db.c:583(regdb_open)
2129. regdb_open: incrementing refcount (3->4)
2130. [2012/09/23 22:42:32.966890, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2131. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
2132. [2012/09/23 22:42:32.966940, 10] lib/adt_tree.c:367(pathtree_find)
2133. pathtree_find: Enter [\HKLM\SYSTEM]
2134. [2012/09/23 22:42:32.966991, 10] lib/adt_tree.c:440(pathtree_find)
2135. pathtree_find: Exit
2136. [2012/09/23 22:42:32.967039, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2137. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
2138. [2012/09/23 22:42:32.967107, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2139. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2140. [2012/09/23 22:42:32.967161, 7] registry/reg_api.c:141(regkey_open_onelevel)
2141. regkey_open_onelevel: name = [CurrentControlSet]
2142. [2012/09/23 22:42:32.967213, 10] registry/reg_backend_db.c:583(regdb_open)
2143. regdb_open: incrementing refcount (4->5)
2144. [2012/09/23 22:42:32.967269, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2145. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
2146. [2012/09/23 22:42:32.967336, 10] lib/adt_tree.c:367(pathtree_find)
2147. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
2148. [2012/09/23 22:42:32.967388, 10] lib/adt_tree.c:440(pathtree_find)
2149. pathtree_find: Exit
2150. [2012/09/23 22:42:32.967437, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2151. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
2152. [2012/09/23 22:42:32.967506, 10] registry/reg_backend_db.c:619(regdb_close)
2153. regdb_close: decrementing refcount (5->4)
2154. [2012/09/23 22:42:32.967562, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2155. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2156. [2012/09/23 22:42:32.967613, 7] registry/reg_api.c:141(regkey_open_onelevel)
2157. regkey_open_onelevel: name = [Services]
2158. [2012/09/23 22:42:32.967665, 10] registry/reg_backend_db.c:583(regdb_open)
2159. regdb_open: incrementing refcount (4->5)
2160. [2012/09/23 22:42:32.967720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2161. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
2162. [2012/09/23 22:42:32.967770, 10] lib/adt_tree.c:367(pathtree_find)
2163. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
2164. [2012/09/23 22:42:32.967831, 10] lib/adt_tree.c:440(pathtree_find)
2165. pathtree_find: Exit
2166. [2012/09/23 22:42:32.967882, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2167. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
2168. [2012/09/23 22:42:32.967964, 10] registry/reg_backend_db.c:619(regdb_close)
2169. regdb_close: decrementing refcount (5->4)
2170. [2012/09/23 22:42:32.968021, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2171. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2172. [2012/09/23 22:42:32.968072, 7] registry/reg_api.c:141(regkey_open_onelevel)
2173. regkey_open_onelevel: name = [Spooler]
2174. [2012/09/23 22:42:32.968123, 10] registry/reg_backend_db.c:583(regdb_open)
2175. regdb_open: incrementing refcount (4->5)
2176. [2012/09/23 22:42:32.968179, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2177. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
2178. [2012/09/23 22:42:32.968229, 10] lib/adt_tree.c:367(pathtree_find)
2179. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
2180. [2012/09/23 22:42:32.968281, 10] lib/adt_tree.c:440(pathtree_find)
2181. pathtree_find: Exit
2182. [2012/09/23 22:42:32.968329, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2183. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler]
2184. [2012/09/23 22:42:32.968403, 10] registry/reg_backend_db.c:619(regdb_close)
2185. regdb_close: decrementing refcount (5->4)
2186. [2012/09/23 22:42:32.968458, 7] registry/reg_api.c:141(regkey_open_onelevel)
2187. regkey_open_onelevel: name = [Security]
2188. [2012/09/23 22:42:32.968510, 10] registry/reg_backend_db.c:583(regdb_open)
2189. regdb_open: incrementing refcount (4->5)
2190. [2012/09/23 22:42:32.968565, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2191. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
2192. [2012/09/23 22:42:32.968616, 10] lib/adt_tree.c:367(pathtree_find)
2193. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
2194. [2012/09/23 22:42:32.968668, 10] lib/adt_tree.c:440(pathtree_find)
2195. pathtree_find: Exit
2196. [2012/09/23 22:42:32.968717, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2197. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
2198. [2012/09/23 22:42:32.968782, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
2199. regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
2200. [2012/09/23 22:42:32.968837, 10] registry/reg_backend_db.c:619(regdb_close)
2201. regdb_close: decrementing refcount (5->4)
2202. [2012/09/23 22:42:32.968890, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
2203. Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2204. [0010] D2 24 00 00 .$..
2205. [2012/09/23 22:42:32.968993, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2206. winreg_CreateKey: struct winreg_CreateKey
2207. out: struct winreg_CreateKey
2208. new_handle : *
2209. new_handle: struct policy_handle
2210. handle_type : 0x00000000 (0)
2211. uuid : 00000004-0000-0000-5f50-3874d2240000
2212. action_taken : *
2213. action_taken : REG_OPENED_EXISTING_KEY (2)
2214. result : WERR_OK
2215. [2012/09/23 22:42:32.969260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2216. winreg_SetValue: struct winreg_SetValue
2217. in: struct winreg_SetValue
2218. handle : *
2219. handle: struct policy_handle
2220. handle_type : 0x00000000 (0)
2221. uuid : 00000004-0000-0000-5f50-3874d2240000
2222. name: struct winreg_String
2223. name_len : 0x0012 (18)
2224. name_size : 0x0012 (18)
2225. name : *
2226. name : 'Security'
2227. type : REG_BINARY (3)
2228. data : *
2229. data: ARRAY(120)
2230. [0] : 0x01 (1)
2231. [1] : 0x00 (0)
2232. [2] : 0x04 (4)
2233. [3] : 0x80 (128)
2234. [4] : 0x00 (0)
2235. [5] : 0x00 (0)
2236. [6] : 0x00 (0)
2237. [7] : 0x00 (0)
2238. [8] : 0x00 (0)
2239. [9] : 0x00 (0)
2240. [10] : 0x00 (0)
2241. [11] : 0x00 (0)
2242. [12] : 0x00 (0)
2243. [13] : 0x00 (0)
2244. [14] : 0x00 (0)
2245. [15] : 0x00 (0)
2246. [16] : 0x14 (20)
2247. [17] : 0x00 (0)
2248. [18] : 0x00 (0)
2249. [19] : 0x00 (0)
2250. [20] : 0x02 (2)
2251. [21] : 0x00 (0)
2252. [22] : 0x64 (100)
2253. [23] : 0x00 (0)
2254. [24] : 0x04 (4)
2255. [25] : 0x00 (0)
2256. [26] : 0x00 (0)
2257. [27] : 0x00 (0)
2258. [28] : 0x00 (0)
2259. [29] : 0x00 (0)
2260. [30] : 0x14 (20)
2261. [31] : 0x00 (0)
2262. [32] : 0x8d (141)
2263. [33] : 0x01 (1)
2264. [34] : 0x02 (2)
2265. [35] : 0x00 (0)
2266. [36] : 0x01 (1)
2267. [37] : 0x01 (1)
2268. [38] : 0x00 (0)
2269. [39] : 0x00 (0)
2270. [40] : 0x00 (0)
2271. [41] : 0x00 (0)
2272. [42] : 0x00 (0)
2273. [43] : 0x01 (1)
2274. [44] : 0x00 (0)
2275. [45] : 0x00 (0)
2276. [46] : 0x00 (0)
2277. [47] : 0x00 (0)
2278. [48] : 0x00 (0)
2279. [49] : 0x00 (0)
2280. [50] : 0x18 (24)
2281. [51] : 0x00 (0)
2282. [52] : 0xfd (253)
2283. [53] : 0x01 (1)
2284. [54] : 0x02 (2)
2285. [55] : 0x00 (0)
2286. [56] : 0x01 (1)
2287. [57] : 0x02 (2)
2288. [58] : 0x00 (0)
2289. [59] : 0x00 (0)
2290. [60] : 0x00 (0)
2291. [61] : 0x00 (0)
2292. [62] : 0x00 (0)
2293. [63] : 0x05 (5)
2294. [64] : 0x20 (32)
2295. [65] : 0x00 (0)
2296. [66] : 0x00 (0)
2297. [67] : 0x00 (0)
2298. [68] : 0x23 (35)
2299. [69] : 0x02 (2)
2300. [70] : 0x00 (0)
2301. [71] : 0x00 (0)
2302. [72] : 0x00 (0)
2303. [73] : 0x00 (0)
2304. [74] : 0x18 (24)
2305. [75] : 0x00 (0)
2306. [76] : 0xff (255)
2307. [77] : 0x01 (1)
2308. [78] : 0x0f (15)
2309. [79] : 0x00 (0)
2310. [80] : 0x01 (1)
2311. [81] : 0x02 (2)
2312. [82] : 0x00 (0)
2313. [83] : 0x00 (0)
2314. [84] : 0x00 (0)
2315. [85] : 0x00 (0)
2316. [86] : 0x00 (0)
2317. [87] : 0x05 (5)
2318. [88] : 0x20 (32)
2319. [89] : 0x00 (0)
2320. [90] : 0x00 (0)
2321. [91] : 0x00 (0)
2322. [92] : 0x25 (37)
2323. [93] : 0x02 (2)
2324. [94] : 0x00 (0)
2325. [95] : 0x00 (0)
2326. [96] : 0x00 (0)
2327. [97] : 0x00 (0)
2328. [98] : 0x18 (24)
2329. [99] : 0x00 (0)
2330. [100] : 0xff (255)
2331. [101] : 0x01 (1)
2332. [102] : 0x0f (15)
2333. [103] : 0x00 (0)
2334. [104] : 0x01 (1)
2335. [105] : 0x02 (2)
2336. [106] : 0x00 (0)
2337. [107] : 0x00 (0)
2338. [108] : 0x00 (0)
2339. [109] : 0x00 (0)
2340. [110] : 0x00 (0)
2341. [111] : 0x05 (5)
2342. [112] : 0x20 (32)
2343. [113] : 0x00 (0)
2344. [114] : 0x00 (0)
2345. [115] : 0x00 (0)
2346. [116] : 0x20 (32)
2347. [117] : 0x02 (2)
2348. [118] : 0x00 (0)
2349. [119] : 0x00 (0)
2350. size : 0x00000078 (120)
2351. [2012/09/23 22:42:32.972431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2352. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2353. [0010] D2 24 00 00 .$..
2354. [2012/09/23 22:42:32.972536, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2355. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security]
2356. [2012/09/23 22:42:32.972592, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2357. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2358. [2012/09/23 22:42:32.972644, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
2359. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0x7f0ef0501340)
2360. [2012/09/23 22:42:32.972697, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
2361. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security]
2362. [2012/09/23 22:42:32.972774, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2363. regdb_unpack_values: value[0]: name[Security] len[120]
2364. [2012/09/23 22:42:32.972829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2365. winreg_SetValue: struct winreg_SetValue
2366. out: struct winreg_SetValue
2367. result : WERR_OK
2368. [2012/09/23 22:42:32.972941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2369. winreg_CloseKey: struct winreg_CloseKey
2370. in: struct winreg_CloseKey
2371. handle : *
2372. handle: struct policy_handle
2373. handle_type : 0x00000000 (0)
2374. uuid : 00000004-0000-0000-5f50-3874d2240000
2375. [2012/09/23 22:42:32.973111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2376. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2377. [0010] D2 24 00 00 .$..
2378. [2012/09/23 22:42:32.973215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2379. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2380. [0010] D2 24 00 00 .$..
2381. [2012/09/23 22:42:32.973318, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
2382. Closed policy
2383. [2012/09/23 22:42:32.973368, 10] registry/reg_backend_db.c:619(regdb_close)
2384. regdb_close: decrementing refcount (4->3)
2385. [2012/09/23 22:42:32.973420, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2386. winreg_CloseKey: struct winreg_CloseKey
2387. out: struct winreg_CloseKey
2388. handle : *
2389. handle: struct policy_handle
2390. handle_type : 0x00000000 (0)
2391. uuid : 00000000-0000-0000-0000-000000000000
2392. result : WERR_OK
2393. [2012/09/23 22:42:32.973632, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2394. winreg_CreateKey: struct winreg_CreateKey
2395. in: struct winreg_CreateKey
2396. handle : *
2397. handle: struct policy_handle
2398. handle_type : 0x00000000 (0)
2399. uuid : 00000001-0000-0000-5f50-3874d2240000
2400. name: struct winreg_String
2401. name_len : 0x0056 (86)
2402. name_size : 0x0056 (86)
2403. name : *
2404. name : 'SYSTEM\CurrentControlSet\Services\NETLOGON'
2405. keyclass: struct winreg_String
2406. name_len : 0x0002 (2)
2407. name_size : 0x0002 (2)
2408. name : *
2409. name : ''
2410. options : 0x00000000 (0)
2411. 0: REG_OPTION_VOLATILE
2412. 0: REG_OPTION_CREATE_LINK
2413. 0: REG_OPTION_BACKUP_RESTORE
2414. 0: REG_OPTION_OPEN_LINK
2415. access_mask : 0x02000000 (33554432)
2416. 0: KEY_QUERY_VALUE
2417. 0: KEY_SET_VALUE
2418. 0: KEY_CREATE_SUB_KEY
2419. 0: KEY_ENUMERATE_SUB_KEYS
2420. 0: KEY_NOTIFY
2421. 0: KEY_CREATE_LINK
2422. 0: KEY_WOW64_64KEY
2423. 0: KEY_WOW64_32KEY
2424. secdesc : NULL
2425. action_taken : *
2426. action_taken : REG_ACTION_NONE (0)
2427. [2012/09/23 22:42:32.974408, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2428. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2429. [0010] D2 24 00 00 .$..
2430. [2012/09/23 22:42:32.974512, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
2431. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON'
2432. [2012/09/23 22:42:32.974576, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2433. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2434. [2012/09/23 22:42:32.974630, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2435. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2436. [2012/09/23 22:42:32.974681, 7] registry/reg_api.c:141(regkey_open_onelevel)
2437. regkey_open_onelevel: name = [SYSTEM]
2438. [2012/09/23 22:42:32.974733, 10] registry/reg_backend_db.c:583(regdb_open)
2439. regdb_open: incrementing refcount (3->4)
2440. [2012/09/23 22:42:32.974788, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2441. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
2442. [2012/09/23 22:42:32.974837, 10] lib/adt_tree.c:367(pathtree_find)
2443. pathtree_find: Enter [\HKLM\SYSTEM]
2444. [2012/09/23 22:42:32.974888, 10] lib/adt_tree.c:440(pathtree_find)
2445. pathtree_find: Exit
2446. [2012/09/23 22:42:32.974937, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2447. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
2448. [2012/09/23 22:42:32.975004, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2449. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2450. [2012/09/23 22:42:32.975057, 7] registry/reg_api.c:141(regkey_open_onelevel)
2451. regkey_open_onelevel: name = [CurrentControlSet]
2452. [2012/09/23 22:42:32.975109, 10] registry/reg_backend_db.c:583(regdb_open)
2453. regdb_open: incrementing refcount (4->5)
2454. [2012/09/23 22:42:32.975164, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2455. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
2456. [2012/09/23 22:42:32.975214, 10] lib/adt_tree.c:367(pathtree_find)
2457. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
2458. [2012/09/23 22:42:32.975265, 10] lib/adt_tree.c:440(pathtree_find)
2459. pathtree_find: Exit
2460. [2012/09/23 22:42:32.975314, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2461. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
2462. [2012/09/23 22:42:32.975381, 10] registry/reg_backend_db.c:619(regdb_close)
2463. regdb_close: decrementing refcount (5->4)
2464. [2012/09/23 22:42:32.975436, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2465. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
2466. [2012/09/23 22:42:32.975487, 7] registry/reg_api.c:141(regkey_open_onelevel)
2467. regkey_open_onelevel: name = [Services]
2468. [2012/09/23 22:42:32.975539, 10] registry/reg_backend_db.c:583(regdb_open)
2469. regdb_open: incrementing refcount (4->5)
2470. [2012/09/23 22:42:32.975594, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2471. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
2472. [2012/09/23 22:42:32.975643, 10] lib/adt_tree.c:367(pathtree_find)
2473. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
2474. [2012/09/23 22:42:32.975694, 10] lib/adt_tree.c:440(pathtree_find)
2475. pathtree_find: Exit
2476. [2012/09/23 22:42:32.975743, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2477. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
2478. [2012/09/23 22:42:32.975822, 10] registry/reg_backend_db.c:619(regdb_close)
2479. regdb_close: decrementing refcount (5->4)
2480. [2012/09/23 22:42:32.975876, 7] registry/reg_api.c:141(regkey_open_onelevel)
2481. regkey_open_onelevel: name = [NETLOGON]
2482. [2012/09/23 22:42:32.975927, 10] registry/reg_backend_db.c:583(regdb_open)
2483. regdb_open: incrementing refcount (4->5)
2484. [2012/09/23 22:42:32.975982, 10] registry/reg_cachehook.c:122(reghook_cache_find)
2485. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
2486. [2012/09/23 22:42:32.976032, 10] lib/adt_tree.c:367(pathtree_find)
2487. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
2488. [2012/09/23 22:42:32.976083, 10] lib/adt_tree.c:440(pathtree_find)
2489. pathtree_find: Exit
2490. [2012/09/23 22:42:32.976132, 10] registry/reg_cachehook.c:127(reghook_cache_find)
2491. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
2492. [2012/09/23 22:42:32.976216, 10] registry/reg_backend_db.c:619(regdb_close)
2493. regdb_close: decrementing refcount (5->4)
2494. [2012/09/23 22:42:32.976271, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
2495. Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2496. [0010] D2 24 00 00 .$..
2497. [2012/09/23 22:42:32.976375, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2498. winreg_CreateKey: struct winreg_CreateKey
2499. out: struct winreg_CreateKey
2500. new_handle : *
2501. new_handle: struct policy_handle
2502. handle_type : 0x00000000 (0)
2503. uuid : 00000005-0000-0000-5f50-3874d2240000
2504. action_taken : *
2505. action_taken : REG_OPENED_EXISTING_KEY (2)
2506. result : WERR_OK
2507. [2012/09/23 22:42:32.976630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2508. winreg_SetValue: struct winreg_SetValue
2509. in: struct winreg_SetValue
2510. handle : *
2511. handle: struct policy_handle
2512. handle_type : 0x00000000 (0)
2513. uuid : 00000005-0000-0000-5f50-3874d2240000
2514. name: struct winreg_String
2515. name_len : 0x000c (12)
2516. name_size : 0x000c (12)
2517. name : *
2518. name : 'Start'
2519. type : REG_DWORD (4)
2520. data : *
2521. data: ARRAY(4)
2522. [0] : 0x02 (2)
2523. [1] : 0x00 (0)
2524. [2] : 0x00 (0)
2525. [3] : 0x00 (0)
2526. size : 0x00000004 (4)
2527. [2012/09/23 22:42:32.977092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2528. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2529. [0010] D2 24 00 00 .$..
2530. [2012/09/23 22:42:32.977196, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2531. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start]
2532. [2012/09/23 22:42:32.977250, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2533. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2534. [2012/09/23 22:42:32.977313, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
2535. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0x7f0ef0501340)
2536. [2012/09/23 22:42:32.977369, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
2537. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
2538. [2012/09/23 22:42:32.977436, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2539. regdb_unpack_values: value[0]: name[Start] len[4]
2540. [2012/09/23 22:42:32.977491, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2541. regdb_unpack_values: value[1]: name[Type] len[4]
2542. [2012/09/23 22:42:32.977545, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2543. regdb_unpack_values: value[2]: name[ErrorControl] len[4]
2544. [2012/09/23 22:42:32.977599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2545. regdb_unpack_values: value[3]: name[ObjectName] len[24]
2546. [2012/09/23 22:42:32.977652, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2547. regdb_unpack_values: value[4]: name[DisplayName] len[20]
2548. [2012/09/23 22:42:32.977706, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2549. regdb_unpack_values: value[5]: name[ImagePath] len[54]
2550. [2012/09/23 22:42:32.977760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
2551. regdb_unpack_values: value[6]: name[Description] len[164]
2552. [2012/09/23 22:42:32.977813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2553. winreg_SetValue: struct winreg_SetValue
2554. out: struct winreg_SetValue
2555. result : WERR_OK
2556. [2012/09/23 22:42:32.977938, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2557. winreg_SetValue: struct winreg_SetValue
2558. in: struct winreg_SetValue
2559. handle : *
2560. handle: struct policy_handle
2561. handle_type : 0x00000000 (0)
2562. uuid : 00000005-0000-0000-5f50-3874d2240000
2563. name: struct winreg_String
2564. name_len : 0x000a (10)
2565. name_size : 0x000a (10)
2566. name : *
2567. name : 'Type'
2568. type : REG_DWORD (4)
2569. data : *
2570. data: ARRAY(4)
2571. [0] : 0x10 (16)
2572. [1] : 0x00 (0)
2573. [2] : 0x00 (0)
2574. [3] : 0x00 (0)
2575. size : 0x00000004 (4)
2576. [2012/09/23 22:42:32.978397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2577. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2578. [0010] D2 24 00 00 .$..
2579. [2012/09/23 22:42:32.978501, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2580. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type]
2581. [2012/09/23 22:42:32.978555, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2582. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2583. [2012/09/23 22:42:32.978607, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2584. winreg_SetValue: struct winreg_SetValue
2585. out: struct winreg_SetValue
2586. result : WERR_OK
2587. [2012/09/23 22:42:32.978721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2588. winreg_SetValue: struct winreg_SetValue
2589. in: struct winreg_SetValue
2590. handle : *
2591. handle: struct policy_handle
2592. handle_type : 0x00000000 (0)
2593. uuid : 00000005-0000-0000-5f50-3874d2240000
2594. name: struct winreg_String
2595. name_len : 0x001a (26)
2596. name_size : 0x001a (26)
2597. name : *
2598. name : 'ErrorControl'
2599. type : REG_DWORD (4)
2600. data : *
2601. data: ARRAY(4)
2602. [0] : 0x01 (1)
2603. [1] : 0x00 (0)
2604. [2] : 0x00 (0)
2605. [3] : 0x00 (0)
2606. size : 0x00000004 (4)
2607. [2012/09/23 22:42:32.979179, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2608. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2609. [0010] D2 24 00 00 .$..
2610. [2012/09/23 22:42:32.979282, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2611. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl]
2612. [2012/09/23 22:42:32.979337, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2613. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2614. [2012/09/23 22:42:32.979389, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2615. winreg_SetValue: struct winreg_SetValue
2616. out: struct winreg_SetValue
2617. result : WERR_OK
2618. [2012/09/23 22:42:32.979504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2619. winreg_SetValue: struct winreg_SetValue
2620. in: struct winreg_SetValue
2621. handle : *
2622. handle: struct policy_handle
2623. handle_type : 0x00000000 (0)
2624. uuid : 00000005-0000-0000-5f50-3874d2240000
2625. name: struct winreg_String
2626. name_len : 0x0016 (22)
2627. name_size : 0x0016 (22)
2628. name : *
2629. name : 'ObjectName'
2630. type : REG_SZ (1)
2631. data : *
2632. data: ARRAY(24)
2633. [0] : 0x4c (76)
2634. [1] : 0x00 (0)
2635. [2] : 0x6f (111)
2636. [3] : 0x00 (0)
2637. [4] : 0x63 (99)
2638. [5] : 0x00 (0)
2639. [6] : 0x61 (97)
2640. [7] : 0x00 (0)
2641. [8] : 0x6c (108)
2642. [9] : 0x00 (0)
2643. [10] : 0x53 (83)
2644. [11] : 0x00 (0)
2645. [12] : 0x79 (121)
2646. [13] : 0x00 (0)
2647. [14] : 0x73 (115)
2648. [15] : 0x00 (0)
2649. [16] : 0x74 (116)
2650. [17] : 0x00 (0)
2651. [18] : 0x65 (101)
2652. [19] : 0x00 (0)
2653. [20] : 0x6d (109)
2654. [21] : 0x00 (0)
2655. [22] : 0x00 (0)
2656. [23] : 0x00 (0)
2657. size : 0x00000018 (24)
2658. [2012/09/23 22:42:32.980431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2659. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2660. [0010] D2 24 00 00 .$..
2661. [2012/09/23 22:42:32.980534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2662. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName]
2663. [2012/09/23 22:42:32.980589, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2664. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2665. [2012/09/23 22:42:32.980672, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2666. winreg_SetValue: struct winreg_SetValue
2667. out: struct winreg_SetValue
2668. result : WERR_OK
2669. [2012/09/23 22:42:32.980795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2670. winreg_SetValue: struct winreg_SetValue
2671. in: struct winreg_SetValue
2672. handle : *
2673. handle: struct policy_handle
2674. handle_type : 0x00000000 (0)
2675. uuid : 00000005-0000-0000-5f50-3874d2240000
2676. name: struct winreg_String
2677. name_len : 0x0018 (24)
2678. name_size : 0x0018 (24)
2679. name : *
2680. name : 'DisplayName'
2681. type : REG_SZ (1)
2682. data : *
2683. data: ARRAY(20)
2684. [0] : 0x4e (78)
2685. [1] : 0x00 (0)
2686. [2] : 0x65 (101)
2687. [3] : 0x00 (0)
2688. [4] : 0x74 (116)
2689. [5] : 0x00 (0)
2690. [6] : 0x20 (32)
2691. [7] : 0x00 (0)
2692. [8] : 0x4c (76)
2693. [9] : 0x00 (0)
2694. [10] : 0x6f (111)
2695. [11] : 0x00 (0)
2696. [12] : 0x67 (103)
2697. [13] : 0x00 (0)
2698. [14] : 0x6f (111)
2699. [15] : 0x00 (0)
2700. [16] : 0x6e (110)
2701. [17] : 0x00 (0)
2702. [18] : 0x00 (0)
2703. [19] : 0x00 (0)
2704. size : 0x00000014 (20)
2705. [2012/09/23 22:42:32.981629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2706. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2707. [0010] D2 24 00 00 .$..
2708. [2012/09/23 22:42:32.981733, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2709. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName]
2710. [2012/09/23 22:42:32.981788, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2711. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2712. [2012/09/23 22:42:32.981840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2713. winreg_SetValue: struct winreg_SetValue
2714. out: struct winreg_SetValue
2715. result : WERR_OK
2716. [2012/09/23 22:42:32.981959, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2717. winreg_SetValue: struct winreg_SetValue
2718. in: struct winreg_SetValue
2719. handle : *
2720. handle: struct policy_handle
2721. handle_type : 0x00000000 (0)
2722. uuid : 00000005-0000-0000-5f50-3874d2240000
2723. name: struct winreg_String
2724. name_len : 0x0014 (20)
2725. name_size : 0x0014 (20)
2726. name : *
2727. name : 'ImagePath'
2728. type : REG_SZ (1)
2729. data : *
2730. data: ARRAY(54)
2731. [0] : 0x2f (47)
2732. [1] : 0x00 (0)
2733. [2] : 0x75 (117)
2734. [3] : 0x00 (0)
2735. [4] : 0x73 (115)
2736. [5] : 0x00 (0)
2737. [6] : 0x72 (114)
2738. [7] : 0x00 (0)
2739. [8] : 0x2f (47)
2740. [9] : 0x00 (0)
2741. [10] : 0x6c (108)
2742. [11] : 0x00 (0)
2743. [12] : 0x69 (105)
2744. [13] : 0x00 (0)
2745. [14] : 0x62 (98)
2746. [15] : 0x00 (0)
2747. [16] : 0x2f (47)
2748. [17] : 0x00 (0)
2749. [18] : 0x73 (115)
2750. [19] : 0x00 (0)
2751. [20] : 0x61 (97)
2752. [21] : 0x00 (0)
2753. [22] : 0x6d (109)
2754. [23] : 0x00 (0)
2755. [24] : 0x62 (98)
2756. [25] : 0x00 (0)
2757. [26] : 0x61 (97)
2758. [27] : 0x00 (0)
2759. [28] : 0x2f (47)
2760. [29] : 0x00 (0)
2761. [30] : 0x73 (115)
2762. [31] : 0x00 (0)
2763. [32] : 0x76 (118)
2764. [33] : 0x00 (0)
2765. [34] : 0x63 (99)
2766. [35] : 0x00 (0)
2767. [36] : 0x63 (99)
2768. [37] : 0x00 (0)
2769. [38] : 0x74 (116)
2770. [39] : 0x00 (0)
2771. [40] : 0x6c (108)
2772. [41] : 0x00 (0)
2773. [42] : 0x2f (47)
2774. [43] : 0x00 (0)
2775. [44] : 0x73 (115)
2776. [45] : 0x00 (0)
2777. [46] : 0x6d (109)
2778. [47] : 0x00 (0)
2779. [48] : 0x62 (98)
2780. [49] : 0x00 (0)
2781. [50] : 0x64 (100)
2782. [51] : 0x00 (0)
2783. [52] : 0x00 (0)
2784. [53] : 0x00 (0)
2785. size : 0x00000036 (54)
2786. [2012/09/23 22:42:32.983571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2787. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2788. [0010] D2 24 00 00 .$..
2789. [2012/09/23 22:42:32.983674, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2790. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath]
2791. [2012/09/23 22:42:32.983729, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2792. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2793. [2012/09/23 22:42:32.983781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2794. winreg_SetValue: struct winreg_SetValue
2795. out: struct winreg_SetValue
2796. result : WERR_OK
2797. [2012/09/23 22:42:32.983897, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2798. winreg_SetValue: struct winreg_SetValue
2799. in: struct winreg_SetValue
2800. handle : *
2801. handle: struct policy_handle
2802. handle_type : 0x00000000 (0)
2803. uuid : 00000005-0000-0000-5f50-3874d2240000
2804. name: struct winreg_String
2805. name_len : 0x0018 (24)
2806. name_size : 0x0018 (24)
2807. name : *
2808. name : 'Description'
2809. type : REG_SZ (1)
2810. data : *
2811. data: ARRAY(164)
2812. [0] : 0x46 (70)
2813. [1] : 0x00 (0)
2814. [2] : 0x69 (105)
2815. [3] : 0x00 (0)
2816. [4] : 0x6c (108)
2817. [5] : 0x00 (0)
2818. [6] : 0x65 (101)
2819. [7] : 0x00 (0)
2820. [8] : 0x20 (32)
2821. [9] : 0x00 (0)
2822. [10] : 0x73 (115)
2823. [11] : 0x00 (0)
2824. [12] : 0x65 (101)
2825. [13] : 0x00 (0)
2826. [14] : 0x72 (114)
2827. [15] : 0x00 (0)
2828. [16] : 0x76 (118)
2829. [17] : 0x00 (0)
2830. [18] : 0x69 (105)
2831. [19] : 0x00 (0)
2832. [20] : 0x63 (99)
2833. [21] : 0x00 (0)
2834. [22] : 0x65 (101)
2835. [23] : 0x00 (0)
2836. [24] : 0x20 (32)
2837. [25] : 0x00 (0)
2838. [26] : 0x70 (112)
2839. [27] : 0x00 (0)
2840. [28] : 0x72 (114)
2841. [29] : 0x00 (0)
2842. [30] : 0x6f (111)
2843. [31] : 0x00 (0)
2844. [32] : 0x76 (118)
2845. [33] : 0x00 (0)
2846. [34] : 0x69 (105)
2847. [35] : 0x00 (0)
2848. [36] : 0x64 (100)
2849. [37] : 0x00 (0)
2850. [38] : 0x69 (105)
2851. [39] : 0x00 (0)
2852. [40] : 0x6e (110)
2853. [41] : 0x00 (0)
2854. [42] : 0x67 (103)
2855. [43] : 0x00 (0)
2856. [44] : 0x20 (32)
2857. [45] : 0x00 (0)
2858. [46] : 0x61 (97)
2859. [47] : 0x00 (0)
2860. [48] : 0x63 (99)
2861. [49] : 0x00 (0)
2862. [50] : 0x63 (99)
2863. [51] : 0x00 (0)
2864. [52] : 0x65 (101)
2865. [53] : 0x00 (0)
2866. [54] : 0x73 (115)
2867. [55] : 0x00 (0)
2868. [56] : 0x73 (115)
2869. [57] : 0x00 (0)
2870. [58] : 0x20 (32)
2871. [59] : 0x00 (0)
2872. [60] : 0x74 (116)
2873. [61] : 0x00 (0)
2874. [62] : 0x6f (111)
2875. [63] : 0x00 (0)
2876. [64] : 0x20 (32)
2877. [65] : 0x00 (0)
2878. [66] : 0x70 (112)
2879. [67] : 0x00 (0)
2880. [68] : 0x6f (111)
2881. [69] : 0x00 (0)
2882. [70] : 0x6c (108)
2883. [71] : 0x00 (0)
2884. [72] : 0x69 (105)
2885. [73] : 0x00 (0)
2886. [74] : 0x63 (99)
2887. [75] : 0x00 (0)
2888. [76] : 0x79 (121)
2889. [77] : 0x00 (0)
2890. [78] : 0x20 (32)
2891. [79] : 0x00 (0)
2892. [80] : 0x61 (97)
2893. [81] : 0x00 (0)
2894. [82] : 0x6e (110)
2895. [83] : 0x00 (0)
2896. [84] : 0x64 (100)
2897. [85] : 0x00 (0)
2898. [86] : 0x20 (32)
2899. [87] : 0x00 (0)
2900. [88] : 0x70 (112)
2901. [89] : 0x00 (0)
2902. [90] : 0x72 (114)
2903. [91] : 0x00 (0)
2904. [92] : 0x6f (111)
2905. [93] : 0x00 (0)
2906. [94] : 0x66 (102)
2907. [95] : 0x00 (0)
2908. [96] : 0x69 (105)
2909. [97] : 0x00 (0)
2910. [98] : 0x6c (108)
2911. [99] : 0x00 (0)
2912. [100] : 0x65 (101)
2913. [101] : 0x00 (0)
2914. [102] : 0x20 (32)
2915. [103] : 0x00 (0)
2916. [104] : 0x64 (100)
2917. [105] : 0x00 (0)
2918. [106] : 0x61 (97)
2919. [107] : 0x00 (0)
2920. [108] : 0x74 (116)
2921. [109] : 0x00 (0)
2922. [110] : 0x61 (97)
2923. [111] : 0x00 (0)
2924. [112] : 0x20 (32)
2925. [113] : 0x00 (0)
2926. [114] : 0x28 (40)
2927. [115] : 0x00 (0)
2928. [116] : 0x6e (110)
2929. [117] : 0x00 (0)
2930. [118] : 0x6f (111)
2931. [119] : 0x00 (0)
2932. [120] : 0x74 (116)
2933. [121] : 0x00 (0)
2934. [122] : 0x72 (114)
2935. [123] : 0x00 (0)
2936. [124] : 0x65 (101)
2937. [125] : 0x00 (0)
2938. [126] : 0x6d (109)
2939. [127] : 0x00 (0)
2940. [128] : 0x6f (111)
2941. [129] : 0x00 (0)
2942. [130] : 0x74 (116)
2943. [131] : 0x00 (0)
2944. [132] : 0x65 (101)
2945. [133] : 0x00 (0)
2946. [134] : 0x6c (108)
2947. [135] : 0x00 (0)
2948. [136] : 0x79 (121)
2949. [137] : 0x00 (0)
2950. [138] : 0x20 (32)
2951. [139] : 0x00 (0)
2952. [140] : 0x6d (109)
2953. [141] : 0x00 (0)
2954. [142] : 0x61 (97)
2955. [143] : 0x00 (0)
2956. [144] : 0x6e (110)
2957. [145] : 0x00 (0)
2958. [146] : 0x61 (97)
2959. [147] : 0x00 (0)
2960. [148] : 0x67 (103)
2961. [149] : 0x00 (0)
2962. [150] : 0x65 (101)
2963. [151] : 0x00 (0)
2964. [152] : 0x61 (97)
2965. [153] : 0x00 (0)
2966. [154] : 0x62 (98)
2967. [155] : 0x00 (0)
2968. [156] : 0x6c (108)
2969. [157] : 0x00 (0)
2970. [158] : 0x65 (101)
2971. [159] : 0x00 (0)
2972. [160] : 0x29 (41)
2973. [161] : 0x00 (0)
2974. [162] : 0x00 (0)
2975. [163] : 0x00 (0)
2976. size : 0x000000a4 (164)
2977. [2012/09/23 22:42:32.988080, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2978. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2979. [0010] D2 24 00 00 .$..
2980. [2012/09/23 22:42:32.988184, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
2981. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description]
2982. [2012/09/23 22:42:32.988239, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
2983. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
2984. [2012/09/23 22:42:32.988291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2985. winreg_SetValue: struct winreg_SetValue
2986. out: struct winreg_SetValue
2987. result : WERR_OK
2988. [2012/09/23 22:42:32.988402, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
2989. winreg_CloseKey: struct winreg_CloseKey
2990. in: struct winreg_CloseKey
2991. handle : *
2992. handle: struct policy_handle
2993. handle_type : 0x00000000 (0)
2994. uuid : 00000005-0000-0000-5f50-3874d2240000
2995. [2012/09/23 22:42:32.988573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2996. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
2997. [0010] D2 24 00 00 .$..
2998. [2012/09/23 22:42:32.988676, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
2999. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3000. [0010] D2 24 00 00 .$..
3001. [2012/09/23 22:42:32.988778, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
3002. Closed policy
3003. [2012/09/23 22:42:32.988830, 10] registry/reg_backend_db.c:619(regdb_close)
3004. regdb_close: decrementing refcount (4->3)
3005. [2012/09/23 22:42:32.988882, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3006. winreg_CloseKey: struct winreg_CloseKey
3007. out: struct winreg_CloseKey
3008. handle : *
3009. handle: struct policy_handle
3010. handle_type : 0x00000000 (0)
3011. uuid : 00000000-0000-0000-0000-000000000000
3012. result : WERR_OK
3013. [2012/09/23 22:42:32.989093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3014. winreg_CreateKey: struct winreg_CreateKey
3015. in: struct winreg_CreateKey
3016. handle : *
3017. handle: struct policy_handle
3018. handle_type : 0x00000000 (0)
3019. uuid : 00000001-0000-0000-5f50-3874d2240000
3020. name: struct winreg_String
3021. name_len : 0x0068 (104)
3022. name_size : 0x0068 (104)
3023. name : *
3024. name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security'
3025. keyclass: struct winreg_String
3026. name_len : 0x0002 (2)
3027. name_size : 0x0002 (2)
3028. name : *
3029. name : ''
3030. options : 0x00000000 (0)
3031. 0: REG_OPTION_VOLATILE
3032. 0: REG_OPTION_CREATE_LINK
3033. 0: REG_OPTION_BACKUP_RESTORE
3034. 0: REG_OPTION_OPEN_LINK
3035. access_mask : 0x02000000 (33554432)
3036. 0: KEY_QUERY_VALUE
3037. 0: KEY_SET_VALUE
3038. 0: KEY_CREATE_SUB_KEY
3039. 0: KEY_ENUMERATE_SUB_KEYS
3040. 0: KEY_NOTIFY
3041. 0: KEY_CREATE_LINK
3042. 0: KEY_WOW64_64KEY
3043. 0: KEY_WOW64_32KEY
3044. secdesc : NULL
3045. action_taken : *
3046. action_taken : REG_OPENED_EXISTING_KEY (2)
3047. [2012/09/23 22:42:32.989864, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3048. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3049. [0010] D2 24 00 00 .$..
3050. [2012/09/23 22:42:32.989968, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
3051. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security'
3052. [2012/09/23 22:42:32.990024, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3053. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3054. [2012/09/23 22:42:32.990077, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3055. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3056. [2012/09/23 22:42:32.990128, 7] registry/reg_api.c:141(regkey_open_onelevel)
3057. regkey_open_onelevel: name = [SYSTEM]
3058. [2012/09/23 22:42:32.990180, 10] registry/reg_backend_db.c:583(regdb_open)
3059. regdb_open: incrementing refcount (3->4)
3060. [2012/09/23 22:42:32.990235, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3061. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
3062. [2012/09/23 22:42:32.990284, 10] lib/adt_tree.c:367(pathtree_find)
3063. pathtree_find: Enter [\HKLM\SYSTEM]
3064. [2012/09/23 22:42:32.990334, 10] lib/adt_tree.c:440(pathtree_find)
3065. pathtree_find: Exit
3066. [2012/09/23 22:42:32.990382, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3067. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
3068. [2012/09/23 22:42:32.990450, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3069. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3070. [2012/09/23 22:42:32.990503, 7] registry/reg_api.c:141(regkey_open_onelevel)
3071. regkey_open_onelevel: name = [CurrentControlSet]
3072. [2012/09/23 22:42:32.990555, 10] registry/reg_backend_db.c:583(regdb_open)
3073. regdb_open: incrementing refcount (4->5)
3074. [2012/09/23 22:42:32.990611, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3075. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
3076. [2012/09/23 22:42:32.990687, 10] lib/adt_tree.c:367(pathtree_find)
3077. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
3078. [2012/09/23 22:42:32.990739, 10] lib/adt_tree.c:440(pathtree_find)
3079. pathtree_find: Exit
3080. [2012/09/23 22:42:32.990788, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3081. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
3082. [2012/09/23 22:42:32.990856, 10] registry/reg_backend_db.c:619(regdb_close)
3083. regdb_close: decrementing refcount (5->4)
3084. [2012/09/23 22:42:32.990911, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3085. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3086. [2012/09/23 22:42:32.990962, 7] registry/reg_api.c:141(regkey_open_onelevel)
3087. regkey_open_onelevel: name = [Services]
3088. [2012/09/23 22:42:32.991014, 10] registry/reg_backend_db.c:583(regdb_open)
3089. regdb_open: incrementing refcount (4->5)
3090. [2012/09/23 22:42:32.991068, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3091. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
3092. [2012/09/23 22:42:32.991118, 10] lib/adt_tree.c:367(pathtree_find)
3093. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
3094. [2012/09/23 22:42:32.991169, 10] lib/adt_tree.c:440(pathtree_find)
3095. pathtree_find: Exit
3096. [2012/09/23 22:42:32.991218, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3097. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
3098. [2012/09/23 22:42:32.991308, 10] registry/reg_backend_db.c:619(regdb_close)
3099. regdb_close: decrementing refcount (5->4)
3100. [2012/09/23 22:42:32.991364, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3101. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3102. [2012/09/23 22:42:32.991416, 7] registry/reg_api.c:141(regkey_open_onelevel)
3103. regkey_open_onelevel: name = [NETLOGON]
3104. [2012/09/23 22:42:32.991467, 10] registry/reg_backend_db.c:583(regdb_open)
3105. regdb_open: incrementing refcount (4->5)
3106. [2012/09/23 22:42:32.991523, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3107. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
3108. [2012/09/23 22:42:32.991572, 10] lib/adt_tree.c:367(pathtree_find)
3109. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
3110. [2012/09/23 22:42:32.991624, 10] lib/adt_tree.c:440(pathtree_find)
3111. pathtree_find: Exit
3112. [2012/09/23 22:42:32.991673, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3113. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON]
3114. [2012/09/23 22:42:32.991748, 10] registry/reg_backend_db.c:619(regdb_close)
3115. regdb_close: decrementing refcount (5->4)
3116. [2012/09/23 22:42:32.991803, 7] registry/reg_api.c:141(regkey_open_onelevel)
3117. regkey_open_onelevel: name = [Security]
3118. [2012/09/23 22:42:32.991854, 10] registry/reg_backend_db.c:583(regdb_open)
3119. regdb_open: incrementing refcount (4->5)
3120. [2012/09/23 22:42:32.991911, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3121. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
3122. [2012/09/23 22:42:32.991962, 10] lib/adt_tree.c:367(pathtree_find)
3123. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
3124. [2012/09/23 22:42:32.992014, 10] lib/adt_tree.c:440(pathtree_find)
3125. pathtree_find: Exit
3126. [2012/09/23 22:42:32.992063, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3127. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
3128. [2012/09/23 22:42:32.992128, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
3129. regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
3130. [2012/09/23 22:42:32.992184, 10] registry/reg_backend_db.c:619(regdb_close)
3131. regdb_close: decrementing refcount (5->4)
3132. [2012/09/23 22:42:32.992237, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
3133. Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3134. [0010] D2 24 00 00 .$..
3135. [2012/09/23 22:42:32.992341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3136. winreg_CreateKey: struct winreg_CreateKey
3137. out: struct winreg_CreateKey
3138. new_handle : *
3139. new_handle: struct policy_handle
3140. handle_type : 0x00000000 (0)
3141. uuid : 00000006-0000-0000-5f50-3874d2240000
3142. action_taken : *
3143. action_taken : REG_OPENED_EXISTING_KEY (2)
3144. result : WERR_OK
3145. [2012/09/23 22:42:32.992600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3146. winreg_SetValue: struct winreg_SetValue
3147. in: struct winreg_SetValue
3148. handle : *
3149. handle: struct policy_handle
3150. handle_type : 0x00000000 (0)
3151. uuid : 00000006-0000-0000-5f50-3874d2240000
3152. name: struct winreg_String
3153. name_len : 0x0012 (18)
3154. name_size : 0x0012 (18)
3155. name : *
3156. name : 'Security'
3157. type : REG_BINARY (3)
3158. data : *
3159. data: ARRAY(120)
3160. [0] : 0x01 (1)
3161. [1] : 0x00 (0)
3162. [2] : 0x04 (4)
3163. [3] : 0x80 (128)
3164. [4] : 0x00 (0)
3165. [5] : 0x00 (0)
3166. [6] : 0x00 (0)
3167. [7] : 0x00 (0)
3168. [8] : 0x00 (0)
3169. [9] : 0x00 (0)
3170. [10] : 0x00 (0)
3171. [11] : 0x00 (0)
3172. [12] : 0x00 (0)
3173. [13] : 0x00 (0)
3174. [14] : 0x00 (0)
3175. [15] : 0x00 (0)
3176. [16] : 0x14 (20)
3177. [17] : 0x00 (0)
3178. [18] : 0x00 (0)
3179. [19] : 0x00 (0)
3180. [20] : 0x02 (2)
3181. [21] : 0x00 (0)
3182. [22] : 0x64 (100)
3183. [23] : 0x00 (0)
3184. [24] : 0x04 (4)
3185. [25] : 0x00 (0)
3186. [26] : 0x00 (0)
3187. [27] : 0x00 (0)
3188. [28] : 0x00 (0)
3189. [29] : 0x00 (0)
3190. [30] : 0x14 (20)
3191. [31] : 0x00 (0)
3192. [32] : 0x8d (141)
3193. [33] : 0x01 (1)
3194. [34] : 0x02 (2)
3195. [35] : 0x00 (0)
3196. [36] : 0x01 (1)
3197. [37] : 0x01 (1)
3198. [38] : 0x00 (0)
3199. [39] : 0x00 (0)
3200. [40] : 0x00 (0)
3201. [41] : 0x00 (0)
3202. [42] : 0x00 (0)
3203. [43] : 0x01 (1)
3204. [44] : 0x00 (0)
3205. [45] : 0x00 (0)
3206. [46] : 0x00 (0)
3207. [47] : 0x00 (0)
3208. [48] : 0x00 (0)
3209. [49] : 0x00 (0)
3210. [50] : 0x18 (24)
3211. [51] : 0x00 (0)
3212. [52] : 0xfd (253)
3213. [53] : 0x01 (1)
3214. [54] : 0x02 (2)
3215. [55] : 0x00 (0)
3216. [56] : 0x01 (1)
3217. [57] : 0x02 (2)
3218. [58] : 0x00 (0)
3219. [59] : 0x00 (0)
3220. [60] : 0x00 (0)
3221. [61] : 0x00 (0)
3222. [62] : 0x00 (0)
3223. [63] : 0x05 (5)
3224. [64] : 0x20 (32)
3225. [65] : 0x00 (0)
3226. [66] : 0x00 (0)
3227. [67] : 0x00 (0)
3228. [68] : 0x23 (35)
3229. [69] : 0x02 (2)
3230. [70] : 0x00 (0)
3231. [71] : 0x00 (0)
3232. [72] : 0x00 (0)
3233. [73] : 0x00 (0)
3234. [74] : 0x18 (24)
3235. [75] : 0x00 (0)
3236. [76] : 0xff (255)
3237. [77] : 0x01 (1)
3238. [78] : 0x0f (15)
3239. [79] : 0x00 (0)
3240. [80] : 0x01 (1)
3241. [81] : 0x02 (2)
3242. [82] : 0x00 (0)
3243. [83] : 0x00 (0)
3244. [84] : 0x00 (0)
3245. [85] : 0x00 (0)
3246. [86] : 0x00 (0)
3247. [87] : 0x05 (5)
3248. [88] : 0x20 (32)
3249. [89] : 0x00 (0)
3250. [90] : 0x00 (0)
3251. [91] : 0x00 (0)
3252. [92] : 0x25 (37)
3253. [93] : 0x02 (2)
3254. [94] : 0x00 (0)
3255. [95] : 0x00 (0)
3256. [96] : 0x00 (0)
3257. [97] : 0x00 (0)
3258. [98] : 0x18 (24)
3259. [99] : 0x00 (0)
3260. [100] : 0xff (255)
3261. [101] : 0x01 (1)
3262. [102] : 0x0f (15)
3263. [103] : 0x00 (0)
3264. [104] : 0x01 (1)
3265. [105] : 0x02 (2)
3266. [106] : 0x00 (0)
3267. [107] : 0x00 (0)
3268. [108] : 0x00 (0)
3269. [109] : 0x00 (0)
3270. [110] : 0x00 (0)
3271. [111] : 0x05 (5)
3272. [112] : 0x20 (32)
3273. [113] : 0x00 (0)
3274. [114] : 0x00 (0)
3275. [115] : 0x00 (0)
3276. [116] : 0x20 (32)
3277. [117] : 0x02 (2)
3278. [118] : 0x00 (0)
3279. [119] : 0x00 (0)
3280. size : 0x00000078 (120)
3281. [2012/09/23 22:42:32.995766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3282. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3283. [0010] D2 24 00 00 .$..
3284. [2012/09/23 22:42:32.995870, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3285. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security]
3286. [2012/09/23 22:42:32.995926, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3287. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3288. [2012/09/23 22:42:32.995977, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
3289. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0x7f0ef0501340)
3290. [2012/09/23 22:42:32.996031, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
3291. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security]
3292. [2012/09/23 22:42:32.996099, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3293. regdb_unpack_values: value[0]: name[Security] len[120]
3294. [2012/09/23 22:42:32.996161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3295. winreg_SetValue: struct winreg_SetValue
3296. out: struct winreg_SetValue
3297. result : WERR_OK
3298. [2012/09/23 22:42:32.996274, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3299. winreg_CloseKey: struct winreg_CloseKey
3300. in: struct winreg_CloseKey
3301. handle : *
3302. handle: struct policy_handle
3303. handle_type : 0x00000000 (0)
3304. uuid : 00000006-0000-0000-5f50-3874d2240000
3305. [2012/09/23 22:42:32.996447, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3306. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3307. [0010] D2 24 00 00 .$..
3308. [2012/09/23 22:42:32.996550, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3309. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3310. [0010] D2 24 00 00 .$..
3311. [2012/09/23 22:42:32.996651, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
3312. Closed policy
3313. [2012/09/23 22:42:32.996702, 10] registry/reg_backend_db.c:619(regdb_close)
3314. regdb_close: decrementing refcount (4->3)
3315. [2012/09/23 22:42:32.996753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3316. winreg_CloseKey: struct winreg_CloseKey
3317. out: struct winreg_CloseKey
3318. handle : *
3319. handle: struct policy_handle
3320. handle_type : 0x00000000 (0)
3321. uuid : 00000000-0000-0000-0000-000000000000
3322. result : WERR_OK
3323. [2012/09/23 22:42:32.996967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3324. winreg_CreateKey: struct winreg_CreateKey
3325. in: struct winreg_CreateKey
3326. handle : *
3327. handle: struct policy_handle
3328. handle_type : 0x00000000 (0)
3329. uuid : 00000001-0000-0000-5f50-3874d2240000
3330. name: struct winreg_String
3331. name_len : 0x0062 (98)
3332. name_size : 0x0062 (98)
3333. name : *
3334. name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry'
3335. keyclass: struct winreg_String
3336. name_len : 0x0002 (2)
3337. name_size : 0x0002 (2)
3338. name : *
3339. name : ''
3340. options : 0x00000000 (0)
3341. 0: REG_OPTION_VOLATILE
3342. 0: REG_OPTION_CREATE_LINK
3343. 0: REG_OPTION_BACKUP_RESTORE
3344. 0: REG_OPTION_OPEN_LINK
3345. access_mask : 0x02000000 (33554432)
3346. 0: KEY_QUERY_VALUE
3347. 0: KEY_SET_VALUE
3348. 0: KEY_CREATE_SUB_KEY
3349. 0: KEY_ENUMERATE_SUB_KEYS
3350. 0: KEY_NOTIFY
3351. 0: KEY_CREATE_LINK
3352. 0: KEY_WOW64_64KEY
3353. 0: KEY_WOW64_32KEY
3354. secdesc : NULL
3355. action_taken : *
3356. action_taken : REG_ACTION_NONE (0)
3357. [2012/09/23 22:42:32.997747, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3358. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3359. [0010] D2 24 00 00 .$..
3360. [2012/09/23 22:42:32.997852, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
3361. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry'
3362. [2012/09/23 22:42:32.997915, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3363. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3364. [2012/09/23 22:42:32.997970, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3365. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3366. [2012/09/23 22:42:32.998021, 7] registry/reg_api.c:141(regkey_open_onelevel)
3367. regkey_open_onelevel: name = [SYSTEM]
3368. [2012/09/23 22:42:32.998073, 10] registry/reg_backend_db.c:583(regdb_open)
3369. regdb_open: incrementing refcount (3->4)
3370. [2012/09/23 22:42:32.998128, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3371. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
3372. [2012/09/23 22:42:32.998177, 10] lib/adt_tree.c:367(pathtree_find)
3373. pathtree_find: Enter [\HKLM\SYSTEM]
3374. [2012/09/23 22:42:32.998228, 10] lib/adt_tree.c:440(pathtree_find)
3375. pathtree_find: Exit
3376. [2012/09/23 22:42:32.998277, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3377. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
3378. [2012/09/23 22:42:32.998345, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3379. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3380. [2012/09/23 22:42:32.998398, 7] registry/reg_api.c:141(regkey_open_onelevel)
3381. regkey_open_onelevel: name = [CurrentControlSet]
3382. [2012/09/23 22:42:32.998450, 10] registry/reg_backend_db.c:583(regdb_open)
3383. regdb_open: incrementing refcount (4->5)
3384. [2012/09/23 22:42:32.998506, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3385. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
3386. [2012/09/23 22:42:32.998555, 10] lib/adt_tree.c:367(pathtree_find)
3387. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
3388. [2012/09/23 22:42:32.998606, 10] lib/adt_tree.c:440(pathtree_find)
3389. pathtree_find: Exit
3390. [2012/09/23 22:42:32.998655, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3391. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
3392. [2012/09/23 22:42:32.998722, 10] registry/reg_backend_db.c:619(regdb_close)
3393. regdb_close: decrementing refcount (5->4)
3394. [2012/09/23 22:42:32.998777, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3395. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3396. [2012/09/23 22:42:32.998829, 7] registry/reg_api.c:141(regkey_open_onelevel)
3397. regkey_open_onelevel: name = [Services]
3398. [2012/09/23 22:42:32.998880, 10] registry/reg_backend_db.c:583(regdb_open)
3399. regdb_open: incrementing refcount (4->5)
3400. [2012/09/23 22:42:32.998935, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3401. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
3402. [2012/09/23 22:42:32.998985, 10] lib/adt_tree.c:367(pathtree_find)
3403. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
3404. [2012/09/23 22:42:32.999036, 10] lib/adt_tree.c:440(pathtree_find)
3405. pathtree_find: Exit
3406. [2012/09/23 22:42:32.999086, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3407. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
3408. [2012/09/23 22:42:32.999164, 10] registry/reg_backend_db.c:619(regdb_close)
3409. regdb_close: decrementing refcount (5->4)
3410. [2012/09/23 22:42:32.999218, 7] registry/reg_api.c:141(regkey_open_onelevel)
3411. regkey_open_onelevel: name = [RemoteRegistry]
3412. [2012/09/23 22:42:32.999270, 10] registry/reg_backend_db.c:583(regdb_open)
3413. regdb_open: incrementing refcount (4->5)
3414. [2012/09/23 22:42:32.999326, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3415. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
3416. [2012/09/23 22:42:32.999376, 10] lib/adt_tree.c:367(pathtree_find)
3417. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
3418. [2012/09/23 22:42:32.999427, 10] lib/adt_tree.c:440(pathtree_find)
3419. pathtree_find: Exit
3420. [2012/09/23 22:42:32.999477, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3421. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
3422. [2012/09/23 22:42:32.999549, 10] registry/reg_backend_db.c:619(regdb_close)
3423. regdb_close: decrementing refcount (5->4)
3424. [2012/09/23 22:42:32.999612, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
3425. Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3426. [0010] D2 24 00 00 .$..
3427. [2012/09/23 22:42:32.999716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3428. winreg_CreateKey: struct winreg_CreateKey
3429. out: struct winreg_CreateKey
3430. new_handle : *
3431. new_handle: struct policy_handle
3432. handle_type : 0x00000000 (0)
3433. uuid : 00000007-0000-0000-5f50-3874d2240000
3434. action_taken : *
3435. action_taken : REG_OPENED_EXISTING_KEY (2)
3436. result : WERR_OK
3437. [2012/09/23 22:42:32.999970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3438. winreg_SetValue: struct winreg_SetValue
3439. in: struct winreg_SetValue
3440. handle : *
3441. handle: struct policy_handle
3442. handle_type : 0x00000000 (0)
3443. uuid : 00000007-0000-0000-5f50-3874d2240000
3444. name: struct winreg_String
3445. name_len : 0x000c (12)
3446. name_size : 0x000c (12)
3447. name : *
3448. name : 'Start'
3449. type : REG_DWORD (4)
3450. data : *
3451. data: ARRAY(4)
3452. [0] : 0x02 (2)
3453. [1] : 0x00 (0)
3454. [2] : 0x00 (0)
3455. [3] : 0x00 (0)
3456. size : 0x00000004 (4)
3457. [2012/09/23 22:42:33.000431, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3458. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3459. [0010] D2 24 00 00 .$..
3460. [2012/09/23 22:42:33.000534, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3461. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start]
3462. [2012/09/23 22:42:33.000590, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3463. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3464. [2012/09/23 22:42:33.000668, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
3465. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0x7f0ef0501340)
3466. [2012/09/23 22:42:33.000723, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
3467. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
3468. [2012/09/23 22:42:33.000792, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3469. regdb_unpack_values: value[0]: name[Start] len[4]
3470. [2012/09/23 22:42:33.000847, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3471. regdb_unpack_values: value[1]: name[Type] len[4]
3472. [2012/09/23 22:42:33.000901, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3473. regdb_unpack_values: value[2]: name[ErrorControl] len[4]
3474. [2012/09/23 22:42:33.000955, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3475. regdb_unpack_values: value[3]: name[ObjectName] len[24]
3476. [2012/09/23 22:42:33.001009, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3477. regdb_unpack_values: value[4]: name[DisplayName] len[48]
3478. [2012/09/23 22:42:33.001064, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3479. regdb_unpack_values: value[5]: name[ImagePath] len[54]
3480. [2012/09/23 22:42:33.001119, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
3481. regdb_unpack_values: value[6]: name[Description] len[126]
3482. [2012/09/23 22:42:33.001173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3483. winreg_SetValue: struct winreg_SetValue
3484. out: struct winreg_SetValue
3485. result : WERR_OK
3486. [2012/09/23 22:42:33.001298, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3487. winreg_SetValue: struct winreg_SetValue
3488. in: struct winreg_SetValue
3489. handle : *
3490. handle: struct policy_handle
3491. handle_type : 0x00000000 (0)
3492. uuid : 00000007-0000-0000-5f50-3874d2240000
3493. name: struct winreg_String
3494. name_len : 0x000a (10)
3495. name_size : 0x000a (10)
3496. name : *
3497. name : 'Type'
3498. type : REG_DWORD (4)
3499. data : *
3500. data: ARRAY(4)
3501. [0] : 0x10 (16)
3502. [1] : 0x00 (0)
3503. [2] : 0x00 (0)
3504. [3] : 0x00 (0)
3505. size : 0x00000004 (4)
3506. [2012/09/23 22:42:33.001757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3507. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3508. [0010] D2 24 00 00 .$..
3509. [2012/09/23 22:42:33.001860, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3510. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type]
3511. [2012/09/23 22:42:33.001915, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3512. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3513. [2012/09/23 22:42:33.001967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3514. winreg_SetValue: struct winreg_SetValue
3515. out: struct winreg_SetValue
3516. result : WERR_OK
3517. [2012/09/23 22:42:33.002080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3518. winreg_SetValue: struct winreg_SetValue
3519. in: struct winreg_SetValue
3520. handle : *
3521. handle: struct policy_handle
3522. handle_type : 0x00000000 (0)
3523. uuid : 00000007-0000-0000-5f50-3874d2240000
3524. name: struct winreg_String
3525. name_len : 0x001a (26)
3526. name_size : 0x001a (26)
3527. name : *
3528. name : 'ErrorControl'
3529. type : REG_DWORD (4)
3530. data : *
3531. data: ARRAY(4)
3532. [0] : 0x01 (1)
3533. [1] : 0x00 (0)
3534. [2] : 0x00 (0)
3535. [3] : 0x00 (0)
3536. size : 0x00000004 (4)
3537. [2012/09/23 22:42:33.002540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3538. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3539. [0010] D2 24 00 00 .$..
3540. [2012/09/23 22:42:33.002643, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3541. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl]
3542. [2012/09/23 22:42:33.002699, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3543. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3544. [2012/09/23 22:42:33.002751, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3545. winreg_SetValue: struct winreg_SetValue
3546. out: struct winreg_SetValue
3547. result : WERR_OK
3548. [2012/09/23 22:42:33.002867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3549. winreg_SetValue: struct winreg_SetValue
3550. in: struct winreg_SetValue
3551. handle : *
3552. handle: struct policy_handle
3553. handle_type : 0x00000000 (0)
3554. uuid : 00000007-0000-0000-5f50-3874d2240000
3555. name: struct winreg_String
3556. name_len : 0x0016 (22)
3557. name_size : 0x0016 (22)
3558. name : *
3559. name : 'ObjectName'
3560. type : REG_SZ (1)
3561. data : *
3562. data: ARRAY(24)
3563. [0] : 0x4c (76)
3564. [1] : 0x00 (0)
3565. [2] : 0x6f (111)
3566. [3] : 0x00 (0)
3567. [4] : 0x63 (99)
3568. [5] : 0x00 (0)
3569. [6] : 0x61 (97)
3570. [7] : 0x00 (0)
3571. [8] : 0x6c (108)
3572. [9] : 0x00 (0)
3573. [10] : 0x53 (83)
3574. [11] : 0x00 (0)
3575. [12] : 0x79 (121)
3576. [13] : 0x00 (0)
3577. [14] : 0x73 (115)
3578. [15] : 0x00 (0)
3579. [16] : 0x74 (116)
3580. [17] : 0x00 (0)
3581. [18] : 0x65 (101)
3582. [19] : 0x00 (0)
3583. [20] : 0x6d (109)
3584. [21] : 0x00 (0)
3585. [22] : 0x00 (0)
3586. [23] : 0x00 (0)
3587. size : 0x00000018 (24)
3588. [2012/09/23 22:42:33.003794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3589. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3590. [0010] D2 24 00 00 .$..
3591. [2012/09/23 22:42:33.003898, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3592. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName]
3593. [2012/09/23 22:42:33.003953, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3594. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3595. [2012/09/23 22:42:33.004021, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3596. winreg_SetValue: struct winreg_SetValue
3597. out: struct winreg_SetValue
3598. result : WERR_OK
3599. [2012/09/23 22:42:33.004141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3600. winreg_SetValue: struct winreg_SetValue
3601. in: struct winreg_SetValue
3602. handle : *
3603. handle: struct policy_handle
3604. handle_type : 0x00000000 (0)
3605. uuid : 00000007-0000-0000-5f50-3874d2240000
3606. name: struct winreg_String
3607. name_len : 0x0018 (24)
3608. name_size : 0x0018 (24)
3609. name : *
3610. name : 'DisplayName'
3611. type : REG_SZ (1)
3612. data : *
3613. data: ARRAY(48)
3614. [0] : 0x52 (82)
3615. [1] : 0x00 (0)
3616. [2] : 0x65 (101)
3617. [3] : 0x00 (0)
3618. [4] : 0x6d (109)
3619. [5] : 0x00 (0)
3620. [6] : 0x6f (111)
3621. [7] : 0x00 (0)
3622. [8] : 0x74 (116)
3623. [9] : 0x00 (0)
3624. [10] : 0x65 (101)
3625. [11] : 0x00 (0)
3626. [12] : 0x20 (32)
3627. [13] : 0x00 (0)
3628. [14] : 0x52 (82)
3629. [15] : 0x00 (0)
3630. [16] : 0x65 (101)
3631. [17] : 0x00 (0)
3632. [18] : 0x67 (103)
3633. [19] : 0x00 (0)
3634. [20] : 0x69 (105)
3635. [21] : 0x00 (0)
3636. [22] : 0x73 (115)
3637. [23] : 0x00 (0)
3638. [24] : 0x74 (116)
3639. [25] : 0x00 (0)
3640. [26] : 0x72 (114)
3641. [27] : 0x00 (0)
3642. [28] : 0x79 (121)
3643. [29] : 0x00 (0)
3644. [30] : 0x20 (32)
3645. [31] : 0x00 (0)
3646. [32] : 0x53 (83)
3647. [33] : 0x00 (0)
3648. [34] : 0x65 (101)
3649. [35] : 0x00 (0)
3650. [36] : 0x72 (114)
3651. [37] : 0x00 (0)
3652. [38] : 0x76 (118)
3653. [39] : 0x00 (0)
3654. [40] : 0x69 (105)
3655. [41] : 0x00 (0)
3656. [42] : 0x63 (99)
3657. [43] : 0x00 (0)
3658. [44] : 0x65 (101)
3659. [45] : 0x00 (0)
3660. [46] : 0x00 (0)
3661. [47] : 0x00 (0)
3662. size : 0x00000030 (48)
3663. [2012/09/23 22:42:33.005616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3664. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3665. [0010] D2 24 00 00 .$..
3666. [2012/09/23 22:42:33.005720, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3667. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName]
3668. [2012/09/23 22:42:33.005775, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3669. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3670. [2012/09/23 22:42:33.005828, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3671. winreg_SetValue: struct winreg_SetValue
3672. out: struct winreg_SetValue
3673. result : WERR_OK
3674. [2012/09/23 22:42:33.005945, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3675. winreg_SetValue: struct winreg_SetValue
3676. in: struct winreg_SetValue
3677. handle : *
3678. handle: struct policy_handle
3679. handle_type : 0x00000000 (0)
3680. uuid : 00000007-0000-0000-5f50-3874d2240000
3681. name: struct winreg_String
3682. name_len : 0x0014 (20)
3683. name_size : 0x0014 (20)
3684. name : *
3685. name : 'ImagePath'
3686. type : REG_SZ (1)
3687. data : *
3688. data: ARRAY(54)
3689. [0] : 0x2f (47)
3690. [1] : 0x00 (0)
3691. [2] : 0x75 (117)
3692. [3] : 0x00 (0)
3693. [4] : 0x73 (115)
3694. [5] : 0x00 (0)
3695. [6] : 0x72 (114)
3696. [7] : 0x00 (0)
3697. [8] : 0x2f (47)
3698. [9] : 0x00 (0)
3699. [10] : 0x6c (108)
3700. [11] : 0x00 (0)
3701. [12] : 0x69 (105)
3702. [13] : 0x00 (0)
3703. [14] : 0x62 (98)
3704. [15] : 0x00 (0)
3705. [16] : 0x2f (47)
3706. [17] : 0x00 (0)
3707. [18] : 0x73 (115)
3708. [19] : 0x00 (0)
3709. [20] : 0x61 (97)
3710. [21] : 0x00 (0)
3711. [22] : 0x6d (109)
3712. [23] : 0x00 (0)
3713. [24] : 0x62 (98)
3714. [25] : 0x00 (0)
3715. [26] : 0x61 (97)
3716. [27] : 0x00 (0)
3717. [28] : 0x2f (47)
3718. [29] : 0x00 (0)
3719. [30] : 0x73 (115)
3720. [31] : 0x00 (0)
3721. [32] : 0x76 (118)
3722. [33] : 0x00 (0)
3723. [34] : 0x63 (99)
3724. [35] : 0x00 (0)
3725. [36] : 0x63 (99)
3726. [37] : 0x00 (0)
3727. [38] : 0x74 (116)
3728. [39] : 0x00 (0)
3729. [40] : 0x6c (108)
3730. [41] : 0x00 (0)
3731. [42] : 0x2f (47)
3732. [43] : 0x00 (0)
3733. [44] : 0x73 (115)
3734. [45] : 0x00 (0)
3735. [46] : 0x6d (109)
3736. [47] : 0x00 (0)
3737. [48] : 0x62 (98)
3738. [49] : 0x00 (0)
3739. [50] : 0x64 (100)
3740. [51] : 0x00 (0)
3741. [52] : 0x00 (0)
3742. [53] : 0x00 (0)
3743. size : 0x00000036 (54)
3744. [2012/09/23 22:42:33.007572, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3745. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3746. [0010] D2 24 00 00 .$..
3747. [2012/09/23 22:42:33.007676, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3748. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath]
3749. [2012/09/23 22:42:33.007732, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3750. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3751. [2012/09/23 22:42:33.007784, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3752. winreg_SetValue: struct winreg_SetValue
3753. out: struct winreg_SetValue
3754. result : WERR_OK
3755. [2012/09/23 22:42:33.007905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3756. winreg_SetValue: struct winreg_SetValue
3757. in: struct winreg_SetValue
3758. handle : *
3759. handle: struct policy_handle
3760. handle_type : 0x00000000 (0)
3761. uuid : 00000007-0000-0000-5f50-3874d2240000
3762. name: struct winreg_String
3763. name_len : 0x0018 (24)
3764. name_size : 0x0018 (24)
3765. name : *
3766. name : 'Description'
3767. type : REG_SZ (1)
3768. data : *
3769. data: ARRAY(126)
3770. [0] : 0x49 (73)
3771. [1] : 0x00 (0)
3772. [2] : 0x6e (110)
3773. [3] : 0x00 (0)
3774. [4] : 0x74 (116)
3775. [5] : 0x00 (0)
3776. [6] : 0x65 (101)
3777. [7] : 0x00 (0)
3778. [8] : 0x72 (114)
3779. [9] : 0x00 (0)
3780. [10] : 0x6e (110)
3781. [11] : 0x00 (0)
3782. [12] : 0x61 (97)
3783. [13] : 0x00 (0)
3784. [14] : 0x6c (108)
3785. [15] : 0x00 (0)
3786. [16] : 0x20 (32)
3787. [17] : 0x00 (0)
3788. [18] : 0x73 (115)
3789. [19] : 0x00 (0)
3790. [20] : 0x65 (101)
3791. [21] : 0x00 (0)
3792. [22] : 0x72 (114)
3793. [23] : 0x00 (0)
3794. [24] : 0x76 (118)
3795. [25] : 0x00 (0)
3796. [26] : 0x69 (105)
3797. [27] : 0x00 (0)
3798. [28] : 0x63 (99)
3799. [29] : 0x00 (0)
3800. [30] : 0x65 (101)
3801. [31] : 0x00 (0)
3802. [32] : 0x20 (32)
3803. [33] : 0x00 (0)
3804. [34] : 0x70 (112)
3805. [35] : 0x00 (0)
3806. [36] : 0x72 (114)
3807. [37] : 0x00 (0)
3808. [38] : 0x6f (111)
3809. [39] : 0x00 (0)
3810. [40] : 0x76 (118)
3811. [41] : 0x00 (0)
3812. [42] : 0x69 (105)
3813. [43] : 0x00 (0)
3814. [44] : 0x64 (100)
3815. [45] : 0x00 (0)
3816. [46] : 0x69 (105)
3817. [47] : 0x00 (0)
3818. [48] : 0x6e (110)
3819. [49] : 0x00 (0)
3820. [50] : 0x67 (103)
3821. [51] : 0x00 (0)
3822. [52] : 0x20 (32)
3823. [53] : 0x00 (0)
3824. [54] : 0x72 (114)
3825. [55] : 0x00 (0)
3826. [56] : 0x65 (101)
3827. [57] : 0x00 (0)
3828. [58] : 0x6d (109)
3829. [59] : 0x00 (0)
3830. [60] : 0x6f (111)
3831. [61] : 0x00 (0)
3832. [62] : 0x74 (116)
3833. [63] : 0x00 (0)
3834. [64] : 0x65 (101)
3835. [65] : 0x00 (0)
3836. [66] : 0x20 (32)
3837. [67] : 0x00 (0)
3838. [68] : 0x61 (97)
3839. [69] : 0x00 (0)
3840. [70] : 0x63 (99)
3841. [71] : 0x00 (0)
3842. [72] : 0x63 (99)
3843. [73] : 0x00 (0)
3844. [74] : 0x65 (101)
3845. [75] : 0x00 (0)
3846. [76] : 0x73 (115)
3847. [77] : 0x00 (0)
3848. [78] : 0x73 (115)
3849. [79] : 0x00 (0)
3850. [80] : 0x20 (32)
3851. [81] : 0x00 (0)
3852. [82] : 0x74 (116)
3853. [83] : 0x00 (0)
3854. [84] : 0x6f (111)
3855. [85] : 0x00 (0)
3856. [86] : 0x20 (32)
3857. [87] : 0x00 (0)
3858. [88] : 0x74 (116)
3859. [89] : 0x00 (0)
3860. [90] : 0x68 (104)
3861. [91] : 0x00 (0)
3862. [92] : 0x65 (101)
3863. [93] : 0x00 (0)
3864. [94] : 0x20 (32)
3865. [95] : 0x00 (0)
3866. [96] : 0x53 (83)
3867. [97] : 0x00 (0)
3868. [98] : 0x61 (97)
3869. [99] : 0x00 (0)
3870. [100] : 0x6d (109)
3871. [101] : 0x00 (0)
3872. [102] : 0x62 (98)
3873. [103] : 0x00 (0)
3874. [104] : 0x61 (97)
3875. [105] : 0x00 (0)
3876. [106] : 0x20 (32)
3877. [107] : 0x00 (0)
3878. [108] : 0x72 (114)
3879. [109] : 0x00 (0)
3880. [110] : 0x65 (101)
3881. [111] : 0x00 (0)
3882. [112] : 0x67 (103)
3883. [113] : 0x00 (0)
3884. [114] : 0x69 (105)
3885. [115] : 0x00 (0)
3886. [116] : 0x73 (115)
3887. [117] : 0x00 (0)
3888. [118] : 0x74 (116)
3889. [119] : 0x00 (0)
3890. [120] : 0x72 (114)
3891. [121] : 0x00 (0)
3892. [122] : 0x79 (121)
3893. [123] : 0x00 (0)
3894. [124] : 0x00 (0)
3895. [125] : 0x00 (0)
3896. size : 0x0000007e (126)
3897. [2012/09/23 22:42:33.011215, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3898. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3899. [0010] D2 24 00 00 .$..
3900. [2012/09/23 22:42:33.011328, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
3901. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description]
3902. [2012/09/23 22:42:33.011385, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3903. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3904. [2012/09/23 22:42:33.011437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3905. winreg_SetValue: struct winreg_SetValue
3906. out: struct winreg_SetValue
3907. result : WERR_OK
3908. [2012/09/23 22:42:33.011550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3909. winreg_CloseKey: struct winreg_CloseKey
3910. in: struct winreg_CloseKey
3911. handle : *
3912. handle: struct policy_handle
3913. handle_type : 0x00000000 (0)
3914. uuid : 00000007-0000-0000-5f50-3874d2240000
3915. [2012/09/23 22:42:33.011722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3916. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3917. [0010] D2 24 00 00 .$..
3918. [2012/09/23 22:42:33.011826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3919. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3920. [0010] D2 24 00 00 .$..
3921. [2012/09/23 22:42:33.011928, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
3922. Closed policy
3923. [2012/09/23 22:42:33.011980, 10] registry/reg_backend_db.c:619(regdb_close)
3924. regdb_close: decrementing refcount (4->3)
3925. [2012/09/23 22:42:33.012033, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3926. winreg_CloseKey: struct winreg_CloseKey
3927. out: struct winreg_CloseKey
3928. handle : *
3929. handle: struct policy_handle
3930. handle_type : 0x00000000 (0)
3931. uuid : 00000000-0000-0000-0000-000000000000
3932. result : WERR_OK
3933. [2012/09/23 22:42:33.012247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
3934. winreg_CreateKey: struct winreg_CreateKey
3935. in: struct winreg_CreateKey
3936. handle : *
3937. handle: struct policy_handle
3938. handle_type : 0x00000000 (0)
3939. uuid : 00000001-0000-0000-5f50-3874d2240000
3940. name: struct winreg_String
3941. name_len : 0x0074 (116)
3942. name_size : 0x0074 (116)
3943. name : *
3944. name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security'
3945. keyclass: struct winreg_String
3946. name_len : 0x0002 (2)
3947. name_size : 0x0002 (2)
3948. name : *
3949. name : ''
3950. options : 0x00000000 (0)
3951. 0: REG_OPTION_VOLATILE
3952. 0: REG_OPTION_CREATE_LINK
3953. 0: REG_OPTION_BACKUP_RESTORE
3954. 0: REG_OPTION_OPEN_LINK
3955. access_mask : 0x02000000 (33554432)
3956. 0: KEY_QUERY_VALUE
3957. 0: KEY_SET_VALUE
3958. 0: KEY_CREATE_SUB_KEY
3959. 0: KEY_ENUMERATE_SUB_KEYS
3960. 0: KEY_NOTIFY
3961. 0: KEY_CREATE_LINK
3962. 0: KEY_WOW64_64KEY
3963. 0: KEY_WOW64_32KEY
3964. secdesc : NULL
3965. action_taken : *
3966. action_taken : REG_OPENED_EXISTING_KEY (2)
3967. [2012/09/23 22:42:33.013018, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
3968. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
3969. [0010] D2 24 00 00 .$..
3970. [2012/09/23 22:42:33.013122, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
3971. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security'
3972. [2012/09/23 22:42:33.013179, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3973. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
3974. [2012/09/23 22:42:33.013232, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3975. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3976. [2012/09/23 22:42:33.013284, 7] registry/reg_api.c:141(regkey_open_onelevel)
3977. regkey_open_onelevel: name = [SYSTEM]
3978. [2012/09/23 22:42:33.013336, 10] registry/reg_backend_db.c:583(regdb_open)
3979. regdb_open: incrementing refcount (3->4)
3980. [2012/09/23 22:42:33.013391, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3981. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
3982. [2012/09/23 22:42:33.013440, 10] lib/adt_tree.c:367(pathtree_find)
3983. pathtree_find: Enter [\HKLM\SYSTEM]
3984. [2012/09/23 22:42:33.013490, 10] lib/adt_tree.c:440(pathtree_find)
3985. pathtree_find: Exit
3986. [2012/09/23 22:42:33.013540, 10] registry/reg_cachehook.c:127(reghook_cache_find)
3987. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
3988. [2012/09/23 22:42:33.013607, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
3989. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
3990. [2012/09/23 22:42:33.013661, 7] registry/reg_api.c:141(regkey_open_onelevel)
3991. regkey_open_onelevel: name = [CurrentControlSet]
3992. [2012/09/23 22:42:33.013713, 10] registry/reg_backend_db.c:583(regdb_open)
3993. regdb_open: incrementing refcount (4->5)
3994. [2012/09/23 22:42:33.013769, 10] registry/reg_cachehook.c:122(reghook_cache_find)
3995. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
3996. [2012/09/23 22:42:33.013818, 10] lib/adt_tree.c:367(pathtree_find)
3997. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
3998. [2012/09/23 22:42:33.013869, 10] lib/adt_tree.c:440(pathtree_find)
3999. pathtree_find: Exit
4000. [2012/09/23 22:42:33.013918, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4001. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
4002. [2012/09/23 22:42:33.014001, 10] registry/reg_backend_db.c:619(regdb_close)
4003. regdb_close: decrementing refcount (5->4)
4004. [2012/09/23 22:42:33.014057, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4005. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4006. [2012/09/23 22:42:33.014108, 7] registry/reg_api.c:141(regkey_open_onelevel)
4007. regkey_open_onelevel: name = [Services]
4008. [2012/09/23 22:42:33.014159, 10] registry/reg_backend_db.c:583(regdb_open)
4009. regdb_open: incrementing refcount (4->5)
4010. [2012/09/23 22:42:33.014214, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4011. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
4012. [2012/09/23 22:42:33.014263, 10] lib/adt_tree.c:367(pathtree_find)
4013. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
4014. [2012/09/23 22:42:33.014315, 10] lib/adt_tree.c:440(pathtree_find)
4015. pathtree_find: Exit
4016. [2012/09/23 22:42:33.014364, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4017. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
4018. [2012/09/23 22:42:33.014445, 10] registry/reg_backend_db.c:619(regdb_close)
4019. regdb_close: decrementing refcount (5->4)
4020. [2012/09/23 22:42:33.014501, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4021. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4022. [2012/09/23 22:42:33.014553, 7] registry/reg_api.c:141(regkey_open_onelevel)
4023. regkey_open_onelevel: name = [RemoteRegistry]
4024. [2012/09/23 22:42:33.014604, 10] registry/reg_backend_db.c:583(regdb_open)
4025. regdb_open: incrementing refcount (4->5)
4026. [2012/09/23 22:42:33.014668, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4027. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
4028. [2012/09/23 22:42:33.014719, 10] lib/adt_tree.c:367(pathtree_find)
4029. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
4030. [2012/09/23 22:42:33.014770, 10] lib/adt_tree.c:440(pathtree_find)
4031. pathtree_find: Exit
4032. [2012/09/23 22:42:33.014820, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4033. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
4034. [2012/09/23 22:42:33.014894, 10] registry/reg_backend_db.c:619(regdb_close)
4035. regdb_close: decrementing refcount (5->4)
4036. [2012/09/23 22:42:33.014948, 7] registry/reg_api.c:141(regkey_open_onelevel)
4037. regkey_open_onelevel: name = [Security]
4038. [2012/09/23 22:42:33.015000, 10] registry/reg_backend_db.c:583(regdb_open)
4039. regdb_open: incrementing refcount (4->5)
4040. [2012/09/23 22:42:33.015056, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4041. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
4042. [2012/09/23 22:42:33.015107, 10] lib/adt_tree.c:367(pathtree_find)
4043. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
4044. [2012/09/23 22:42:33.015159, 10] lib/adt_tree.c:440(pathtree_find)
4045. pathtree_find: Exit
4046. [2012/09/23 22:42:33.015208, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4047. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
4048. [2012/09/23 22:42:33.015273, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
4049. regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
4050. [2012/09/23 22:42:33.015329, 10] registry/reg_backend_db.c:619(regdb_close)
4051. regdb_close: decrementing refcount (5->4)
4052. [2012/09/23 22:42:33.015383, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
4053. Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4054. [0010] D2 24 00 00 .$..
4055. [2012/09/23 22:42:33.015488, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4056. winreg_CreateKey: struct winreg_CreateKey
4057. out: struct winreg_CreateKey
4058. new_handle : *
4059. new_handle: struct policy_handle
4060. handle_type : 0x00000000 (0)
4061. uuid : 00000008-0000-0000-5f50-3974d2240000
4062. action_taken : *
4063. action_taken : REG_OPENED_EXISTING_KEY (2)
4064. result : WERR_OK
4065. [2012/09/23 22:42:33.015748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4066. winreg_SetValue: struct winreg_SetValue
4067. in: struct winreg_SetValue
4068. handle : *
4069. handle: struct policy_handle
4070. handle_type : 0x00000000 (0)
4071. uuid : 00000008-0000-0000-5f50-3974d2240000
4072. name: struct winreg_String
4073. name_len : 0x0012 (18)
4074. name_size : 0x0012 (18)
4075. name : *
4076. name : 'Security'
4077. type : REG_BINARY (3)
4078. data : *
4079. data: ARRAY(120)
4080. [0] : 0x01 (1)
4081. [1] : 0x00 (0)
4082. [2] : 0x04 (4)
4083. [3] : 0x80 (128)
4084. [4] : 0x00 (0)
4085. [5] : 0x00 (0)
4086. [6] : 0x00 (0)
4087. [7] : 0x00 (0)
4088. [8] : 0x00 (0)
4089. [9] : 0x00 (0)
4090. [10] : 0x00 (0)
4091. [11] : 0x00 (0)
4092. [12] : 0x00 (0)
4093. [13] : 0x00 (0)
4094. [14] : 0x00 (0)
4095. [15] : 0x00 (0)
4096. [16] : 0x14 (20)
4097. [17] : 0x00 (0)
4098. [18] : 0x00 (0)
4099. [19] : 0x00 (0)
4100. [20] : 0x02 (2)
4101. [21] : 0x00 (0)
4102. [22] : 0x64 (100)
4103. [23] : 0x00 (0)
4104. [24] : 0x04 (4)
4105. [25] : 0x00 (0)
4106. [26] : 0x00 (0)
4107. [27] : 0x00 (0)
4108. [28] : 0x00 (0)
4109. [29] : 0x00 (0)
4110. [30] : 0x14 (20)
4111. [31] : 0x00 (0)
4112. [32] : 0x8d (141)
4113. [33] : 0x01 (1)
4114. [34] : 0x02 (2)
4115. [35] : 0x00 (0)
4116. [36] : 0x01 (1)
4117. [37] : 0x01 (1)
4118. [38] : 0x00 (0)
4119. [39] : 0x00 (0)
4120. [40] : 0x00 (0)
4121. [41] : 0x00 (0)
4122. [42] : 0x00 (0)
4123. [43] : 0x01 (1)
4124. [44] : 0x00 (0)
4125. [45] : 0x00 (0)
4126. [46] : 0x00 (0)
4127. [47] : 0x00 (0)
4128. [48] : 0x00 (0)
4129. [49] : 0x00 (0)
4130. [50] : 0x18 (24)
4131. [51] : 0x00 (0)
4132. [52] : 0xfd (253)
4133. [53] : 0x01 (1)
4134. [54] : 0x02 (2)
4135. [55] : 0x00 (0)
4136. [56] : 0x01 (1)
4137. [57] : 0x02 (2)
4138. [58] : 0x00 (0)
4139. [59] : 0x00 (0)
4140. [60] : 0x00 (0)
4141. [61] : 0x00 (0)
4142. [62] : 0x00 (0)
4143. [63] : 0x05 (5)
4144. [64] : 0x20 (32)
4145. [65] : 0x00 (0)
4146. [66] : 0x00 (0)
4147. [67] : 0x00 (0)
4148. [68] : 0x23 (35)
4149. [69] : 0x02 (2)
4150. [70] : 0x00 (0)
4151. [71] : 0x00 (0)
4152. [72] : 0x00 (0)
4153. [73] : 0x00 (0)
4154. [74] : 0x18 (24)
4155. [75] : 0x00 (0)
4156. [76] : 0xff (255)
4157. [77] : 0x01 (1)
4158. [78] : 0x0f (15)
4159. [79] : 0x00 (0)
4160. [80] : 0x01 (1)
4161. [81] : 0x02 (2)
4162. [82] : 0x00 (0)
4163. [83] : 0x00 (0)
4164. [84] : 0x00 (0)
4165. [85] : 0x00 (0)
4166. [86] : 0x00 (0)
4167. [87] : 0x05 (5)
4168. [88] : 0x20 (32)
4169. [89] : 0x00 (0)
4170. [90] : 0x00 (0)
4171. [91] : 0x00 (0)
4172. [92] : 0x25 (37)
4173. [93] : 0x02 (2)
4174. [94] : 0x00 (0)
4175. [95] : 0x00 (0)
4176. [96] : 0x00 (0)
4177. [97] : 0x00 (0)
4178. [98] : 0x18 (24)
4179. [99] : 0x00 (0)
4180. [100] : 0xff (255)
4181. [101] : 0x01 (1)
4182. [102] : 0x0f (15)
4183. [103] : 0x00 (0)
4184. [104] : 0x01 (1)
4185. [105] : 0x02 (2)
4186. [106] : 0x00 (0)
4187. [107] : 0x00 (0)
4188. [108] : 0x00 (0)
4189. [109] : 0x00 (0)
4190. [110] : 0x00 (0)
4191. [111] : 0x05 (5)
4192. [112] : 0x20 (32)
4193. [113] : 0x00 (0)
4194. [114] : 0x00 (0)
4195. [115] : 0x00 (0)
4196. [116] : 0x20 (32)
4197. [117] : 0x02 (2)
4198. [118] : 0x00 (0)
4199. [119] : 0x00 (0)
4200. size : 0x00000078 (120)
4201. [2012/09/23 22:42:33.018907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4202. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4203. [0010] D2 24 00 00 .$..
4204. [2012/09/23 22:42:33.019010, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4205. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security]
4206. [2012/09/23 22:42:33.019067, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4207. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4208. [2012/09/23 22:42:33.019118, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
4209. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0x7f0ef0501340)
4210. [2012/09/23 22:42:33.019172, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
4211. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
4212. [2012/09/23 22:42:33.019241, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4213. regdb_unpack_values: value[0]: name[Security] len[120]
4214. [2012/09/23 22:42:33.019296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4215. winreg_SetValue: struct winreg_SetValue
4216. out: struct winreg_SetValue
4217. result : WERR_OK
4218. [2012/09/23 22:42:33.019407, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4219. winreg_CloseKey: struct winreg_CloseKey
4220. in: struct winreg_CloseKey
4221. handle : *
4222. handle: struct policy_handle
4223. handle_type : 0x00000000 (0)
4224. uuid : 00000008-0000-0000-5f50-3974d2240000
4225. [2012/09/23 22:42:33.019587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4226. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4227. [0010] D2 24 00 00 .$..
4228. [2012/09/23 22:42:33.019691, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4229. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4230. [0010] D2 24 00 00 .$..
4231. [2012/09/23 22:42:33.019792, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
4232. Closed policy
4233. [2012/09/23 22:42:33.019844, 10] registry/reg_backend_db.c:619(regdb_close)
4234. regdb_close: decrementing refcount (4->3)
4235. [2012/09/23 22:42:33.019896, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4236. winreg_CloseKey: struct winreg_CloseKey
4237. out: struct winreg_CloseKey
4238. handle : *
4239. handle: struct policy_handle
4240. handle_type : 0x00000000 (0)
4241. uuid : 00000000-0000-0000-0000-000000000000
4242. result : WERR_OK
4243. [2012/09/23 22:42:33.020111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4244. winreg_CreateKey: struct winreg_CreateKey
4245. in: struct winreg_CreateKey
4246. handle : *
4247. handle: struct policy_handle
4248. handle_type : 0x00000000 (0)
4249. uuid : 00000001-0000-0000-5f50-3874d2240000
4250. name: struct winreg_String
4251. name_len : 0x004e (78)
4252. name_size : 0x004e (78)
4253. name : *
4254. name : 'SYSTEM\CurrentControlSet\Services\WINS'
4255. keyclass: struct winreg_String
4256. name_len : 0x0002 (2)
4257. name_size : 0x0002 (2)
4258. name : *
4259. name : ''
4260. options : 0x00000000 (0)
4261. 0: REG_OPTION_VOLATILE
4262. 0: REG_OPTION_CREATE_LINK
4263. 0: REG_OPTION_BACKUP_RESTORE
4264. 0: REG_OPTION_OPEN_LINK
4265. access_mask : 0x02000000 (33554432)
4266. 0: KEY_QUERY_VALUE
4267. 0: KEY_SET_VALUE
4268. 0: KEY_CREATE_SUB_KEY
4269. 0: KEY_ENUMERATE_SUB_KEYS
4270. 0: KEY_NOTIFY
4271. 0: KEY_CREATE_LINK
4272. 0: KEY_WOW64_64KEY
4273. 0: KEY_WOW64_32KEY
4274. secdesc : NULL
4275. action_taken : *
4276. action_taken : REG_ACTION_NONE (0)
4277. [2012/09/23 22:42:33.020899, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4278. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
4279. [0010] D2 24 00 00 .$..
4280. [2012/09/23 22:42:33.021005, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
4281. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS'
4282. [2012/09/23 22:42:33.021061, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4283. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4284. [2012/09/23 22:42:33.021114, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4285. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4286. [2012/09/23 22:42:33.021166, 7] registry/reg_api.c:141(regkey_open_onelevel)
4287. regkey_open_onelevel: name = [SYSTEM]
4288. [2012/09/23 22:42:33.021217, 10] registry/reg_backend_db.c:583(regdb_open)
4289. regdb_open: incrementing refcount (3->4)
4290. [2012/09/23 22:42:33.021272, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4291. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
4292. [2012/09/23 22:42:33.021330, 10] lib/adt_tree.c:367(pathtree_find)
4293. pathtree_find: Enter [\HKLM\SYSTEM]
4294. [2012/09/23 22:42:33.021381, 10] lib/adt_tree.c:440(pathtree_find)
4295. pathtree_find: Exit
4296. [2012/09/23 22:42:33.021430, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4297. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
4298. [2012/09/23 22:42:33.021497, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4299. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4300. [2012/09/23 22:42:33.021550, 7] registry/reg_api.c:141(regkey_open_onelevel)
4301. regkey_open_onelevel: name = [CurrentControlSet]
4302. [2012/09/23 22:42:33.021602, 10] registry/reg_backend_db.c:583(regdb_open)
4303. regdb_open: incrementing refcount (4->5)
4304. [2012/09/23 22:42:33.021657, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4305. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
4306. [2012/09/23 22:42:33.021706, 10] lib/adt_tree.c:367(pathtree_find)
4307. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
4308. [2012/09/23 22:42:33.021757, 10] lib/adt_tree.c:440(pathtree_find)
4309. pathtree_find: Exit
4310. [2012/09/23 22:42:33.021806, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4311. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
4312. [2012/09/23 22:42:33.021874, 10] registry/reg_backend_db.c:619(regdb_close)
4313. regdb_close: decrementing refcount (5->4)
4314. [2012/09/23 22:42:33.021929, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4315. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4316. [2012/09/23 22:42:33.021980, 7] registry/reg_api.c:141(regkey_open_onelevel)
4317. regkey_open_onelevel: name = [Services]
4318. [2012/09/23 22:42:33.022031, 10] registry/reg_backend_db.c:583(regdb_open)
4319. regdb_open: incrementing refcount (4->5)
4320. [2012/09/23 22:42:33.022086, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4321. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
4322. [2012/09/23 22:42:33.022135, 10] lib/adt_tree.c:367(pathtree_find)
4323. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
4324. [2012/09/23 22:42:33.022187, 10] lib/adt_tree.c:440(pathtree_find)
4325. pathtree_find: Exit
4326. [2012/09/23 22:42:33.022236, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4327. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
4328. [2012/09/23 22:42:33.022313, 10] registry/reg_backend_db.c:619(regdb_close)
4329. regdb_close: decrementing refcount (5->4)
4330. [2012/09/23 22:42:33.022368, 7] registry/reg_api.c:141(regkey_open_onelevel)
4331. regkey_open_onelevel: name = [WINS]
4332. [2012/09/23 22:42:33.022419, 10] registry/reg_backend_db.c:583(regdb_open)
4333. regdb_open: incrementing refcount (4->5)
4334. [2012/09/23 22:42:33.022474, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4335. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
4336. [2012/09/23 22:42:33.022523, 10] lib/adt_tree.c:367(pathtree_find)
4337. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
4338. [2012/09/23 22:42:33.022575, 10] lib/adt_tree.c:440(pathtree_find)
4339. pathtree_find: Exit
4340. [2012/09/23 22:42:33.022623, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4341. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
4342. [2012/09/23 22:42:33.022692, 10] registry/reg_backend_db.c:619(regdb_close)
4343. regdb_close: decrementing refcount (5->4)
4344. [2012/09/23 22:42:33.022747, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
4345. Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4346. [0010] D2 24 00 00 .$..
4347. [2012/09/23 22:42:33.022850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4348. winreg_CreateKey: struct winreg_CreateKey
4349. out: struct winreg_CreateKey
4350. new_handle : *
4351. new_handle: struct policy_handle
4352. handle_type : 0x00000000 (0)
4353. uuid : 00000009-0000-0000-5f50-3974d2240000
4354. action_taken : *
4355. action_taken : REG_OPENED_EXISTING_KEY (2)
4356. result : WERR_OK
4357. [2012/09/23 22:42:33.023114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4358. winreg_SetValue: struct winreg_SetValue
4359. in: struct winreg_SetValue
4360. handle : *
4361. handle: struct policy_handle
4362. handle_type : 0x00000000 (0)
4363. uuid : 00000009-0000-0000-5f50-3974d2240000
4364. name: struct winreg_String
4365. name_len : 0x000c (12)
4366. name_size : 0x000c (12)
4367. name : *
4368. name : 'Start'
4369. type : REG_DWORD (4)
4370. data : *
4371. data: ARRAY(4)
4372. [0] : 0x02 (2)
4373. [1] : 0x00 (0)
4374. [2] : 0x00 (0)
4375. [3] : 0x00 (0)
4376. size : 0x00000004 (4)
4377. [2012/09/23 22:42:33.023574, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4378. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4379. [0010] D2 24 00 00 .$..
4380. [2012/09/23 22:42:33.023678, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4381. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start]
4382. [2012/09/23 22:42:33.023733, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4383. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4384. [2012/09/23 22:42:33.023784, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
4385. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0x7f0ef0501340)
4386. [2012/09/23 22:42:33.023836, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
4387. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS]
4388. [2012/09/23 22:42:33.023903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4389. regdb_unpack_values: value[0]: name[Start] len[4]
4390. [2012/09/23 22:42:33.023970, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4391. regdb_unpack_values: value[1]: name[Type] len[4]
4392. [2012/09/23 22:42:33.024027, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4393. regdb_unpack_values: value[2]: name[ErrorControl] len[4]
4394. [2012/09/23 22:42:33.024081, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4395. regdb_unpack_values: value[3]: name[ObjectName] len[24]
4396. [2012/09/23 22:42:33.024134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4397. regdb_unpack_values: value[4]: name[DisplayName] len[74]
4398. [2012/09/23 22:42:33.024189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4399. regdb_unpack_values: value[5]: name[ImagePath] len[54]
4400. [2012/09/23 22:42:33.024243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
4401. regdb_unpack_values: value[6]: name[Description] len[178]
4402. [2012/09/23 22:42:33.024297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4403. winreg_SetValue: struct winreg_SetValue
4404. out: struct winreg_SetValue
4405. result : WERR_OK
4406. [2012/09/23 22:42:33.024413, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4407. winreg_SetValue: struct winreg_SetValue
4408. in: struct winreg_SetValue
4409. handle : *
4410. handle: struct policy_handle
4411. handle_type : 0x00000000 (0)
4412. uuid : 00000009-0000-0000-5f50-3974d2240000
4413. name: struct winreg_String
4414. name_len : 0x000a (10)
4415. name_size : 0x000a (10)
4416. name : *
4417. name : 'Type'
4418. type : REG_DWORD (4)
4419. data : *
4420. data: ARRAY(4)
4421. [0] : 0x10 (16)
4422. [1] : 0x00 (0)
4423. [2] : 0x00 (0)
4424. [3] : 0x00 (0)
4425. size : 0x00000004 (4)
4426. [2012/09/23 22:42:33.024884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4427. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4428. [0010] D2 24 00 00 .$..
4429. [2012/09/23 22:42:33.024989, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4430. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type]
4431. [2012/09/23 22:42:33.025043, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4432. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4433. [2012/09/23 22:42:33.025096, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4434. winreg_SetValue: struct winreg_SetValue
4435. out: struct winreg_SetValue
4436. result : WERR_OK
4437. [2012/09/23 22:42:33.025211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4438. winreg_SetValue: struct winreg_SetValue
4439. in: struct winreg_SetValue
4440. handle : *
4441. handle: struct policy_handle
4442. handle_type : 0x00000000 (0)
4443. uuid : 00000009-0000-0000-5f50-3974d2240000
4444. name: struct winreg_String
4445. name_len : 0x001a (26)
4446. name_size : 0x001a (26)
4447. name : *
4448. name : 'ErrorControl'
4449. type : REG_DWORD (4)
4450. data : *
4451. data: ARRAY(4)
4452. [0] : 0x01 (1)
4453. [1] : 0x00 (0)
4454. [2] : 0x00 (0)
4455. [3] : 0x00 (0)
4456. size : 0x00000004 (4)
4457. [2012/09/23 22:42:33.025673, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4458. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4459. [0010] D2 24 00 00 .$..
4460. [2012/09/23 22:42:33.025776, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4461. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl]
4462. [2012/09/23 22:42:33.025831, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4463. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4464. [2012/09/23 22:42:33.025883, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4465. winreg_SetValue: struct winreg_SetValue
4466. out: struct winreg_SetValue
4467. result : WERR_OK
4468. [2012/09/23 22:42:33.025999, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4469. winreg_SetValue: struct winreg_SetValue
4470. in: struct winreg_SetValue
4471. handle : *
4472. handle: struct policy_handle
4473. handle_type : 0x00000000 (0)
4474. uuid : 00000009-0000-0000-5f50-3974d2240000
4475. name: struct winreg_String
4476. name_len : 0x0016 (22)
4477. name_size : 0x0016 (22)
4478. name : *
4479. name : 'ObjectName'
4480. type : REG_SZ (1)
4481. data : *
4482. data: ARRAY(24)
4483. [0] : 0x4c (76)
4484. [1] : 0x00 (0)
4485. [2] : 0x6f (111)
4486. [3] : 0x00 (0)
4487. [4] : 0x63 (99)
4488. [5] : 0x00 (0)
4489. [6] : 0x61 (97)
4490. [7] : 0x00 (0)
4491. [8] : 0x6c (108)
4492. [9] : 0x00 (0)
4493. [10] : 0x53 (83)
4494. [11] : 0x00 (0)
4495. [12] : 0x79 (121)
4496. [13] : 0x00 (0)
4497. [14] : 0x73 (115)
4498. [15] : 0x00 (0)
4499. [16] : 0x74 (116)
4500. [17] : 0x00 (0)
4501. [18] : 0x65 (101)
4502. [19] : 0x00 (0)
4503. [20] : 0x6d (109)
4504. [21] : 0x00 (0)
4505. [22] : 0x00 (0)
4506. [23] : 0x00 (0)
4507. size : 0x00000018 (24)
4508. [2012/09/23 22:42:33.026930, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4509. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4510. [0010] D2 24 00 00 .$..
4511. [2012/09/23 22:42:33.027034, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4512. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName]
4513. [2012/09/23 22:42:33.027089, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4514. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4515. [2012/09/23 22:42:33.027141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4516. winreg_SetValue: struct winreg_SetValue
4517. out: struct winreg_SetValue
4518. result : WERR_OK
4519. [2012/09/23 22:42:33.027261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4520. winreg_SetValue: struct winreg_SetValue
4521. in: struct winreg_SetValue
4522. handle : *
4523. handle: struct policy_handle
4524. handle_type : 0x00000000 (0)
4525. uuid : 00000009-0000-0000-5f50-3974d2240000
4526. name: struct winreg_String
4527. name_len : 0x0018 (24)
4528. name_size : 0x0018 (24)
4529. name : *
4530. name : 'DisplayName'
4531. type : REG_SZ (1)
4532. data : *
4533. data: ARRAY(74)
4534. [0] : 0x57 (87)
4535. [1] : 0x00 (0)
4536. [2] : 0x69 (105)
4537. [3] : 0x00 (0)
4538. [4] : 0x6e (110)
4539. [5] : 0x00 (0)
4540. [6] : 0x64 (100)
4541. [7] : 0x00 (0)
4542. [8] : 0x6f (111)
4543. [9] : 0x00 (0)
4544. [10] : 0x77 (119)
4545. [11] : 0x00 (0)
4546. [12] : 0x73 (115)
4547. [13] : 0x00 (0)
4548. [14] : 0x20 (32)
4549. [15] : 0x00 (0)
4550. [16] : 0x49 (73)
4551. [17] : 0x00 (0)
4552. [18] : 0x6e (110)
4553. [19] : 0x00 (0)
4554. [20] : 0x74 (116)
4555. [21] : 0x00 (0)
4556. [22] : 0x65 (101)
4557. [23] : 0x00 (0)
4558. [24] : 0x72 (114)
4559. [25] : 0x00 (0)
4560. [26] : 0x6e (110)
4561. [27] : 0x00 (0)
4562. [28] : 0x65 (101)
4563. [29] : 0x00 (0)
4564. [30] : 0x74 (116)
4565. [31] : 0x00 (0)
4566. [32] : 0x20 (32)
4567. [33] : 0x00 (0)
4568. [34] : 0x4e (78)
4569. [35] : 0x00 (0)
4570. [36] : 0x61 (97)
4571. [37] : 0x00 (0)
4572. [38] : 0x6d (109)
4573. [39] : 0x00 (0)
4574. [40] : 0x65 (101)
4575. [41] : 0x00 (0)
4576. [42] : 0x20 (32)
4577. [43] : 0x00 (0)
4578. [44] : 0x53 (83)
4579. [45] : 0x00 (0)
4580. [46] : 0x65 (101)
4581. [47] : 0x00 (0)
4582. [48] : 0x72 (114)
4583. [49] : 0x00 (0)
4584. [50] : 0x76 (118)
4585. [51] : 0x00 (0)
4586. [52] : 0x69 (105)
4587. [53] : 0x00 (0)
4588. [54] : 0x63 (99)
4589. [55] : 0x00 (0)
4590. [56] : 0x65 (101)
4591. [57] : 0x00 (0)
4592. [58] : 0x20 (32)
4593. [59] : 0x00 (0)
4594. [60] : 0x28 (40)
4595. [61] : 0x00 (0)
4596. [62] : 0x57 (87)
4597. [63] : 0x00 (0)
4598. [64] : 0x49 (73)
4599. [65] : 0x00 (0)
4600. [66] : 0x4e (78)
4601. [67] : 0x00 (0)
4602. [68] : 0x53 (83)
4603. [69] : 0x00 (0)
4604. [70] : 0x29 (41)
4605. [71] : 0x00 (0)
4606. [72] : 0x00 (0)
4607. [73] : 0x00 (0)
4608. size : 0x0000004a (74)
4609. [2012/09/23 22:42:33.029356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4610. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4611. [0010] D2 24 00 00 .$..
4612. [2012/09/23 22:42:33.029460, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4613. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName]
4614. [2012/09/23 22:42:33.029514, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4615. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4616. [2012/09/23 22:42:33.029567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4617. winreg_SetValue: struct winreg_SetValue
4618. out: struct winreg_SetValue
4619. result : WERR_OK
4620. [2012/09/23 22:42:33.029687, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4621. winreg_SetValue: struct winreg_SetValue
4622. in: struct winreg_SetValue
4623. handle : *
4624. handle: struct policy_handle
4625. handle_type : 0x00000000 (0)
4626. uuid : 00000009-0000-0000-5f50-3974d2240000
4627. name: struct winreg_String
4628. name_len : 0x0014 (20)
4629. name_size : 0x0014 (20)
4630. name : *
4631. name : 'ImagePath'
4632. type : REG_SZ (1)
4633. data : *
4634. data: ARRAY(54)
4635. [0] : 0x2f (47)
4636. [1] : 0x00 (0)
4637. [2] : 0x75 (117)
4638. [3] : 0x00 (0)
4639. [4] : 0x73 (115)
4640. [5] : 0x00 (0)
4641. [6] : 0x72 (114)
4642. [7] : 0x00 (0)
4643. [8] : 0x2f (47)
4644. [9] : 0x00 (0)
4645. [10] : 0x6c (108)
4646. [11] : 0x00 (0)
4647. [12] : 0x69 (105)
4648. [13] : 0x00 (0)
4649. [14] : 0x62 (98)
4650. [15] : 0x00 (0)
4651. [16] : 0x2f (47)
4652. [17] : 0x00 (0)
4653. [18] : 0x73 (115)
4654. [19] : 0x00 (0)
4655. [20] : 0x61 (97)
4656. [21] : 0x00 (0)
4657. [22] : 0x6d (109)
4658. [23] : 0x00 (0)
4659. [24] : 0x62 (98)
4660. [25] : 0x00 (0)
4661. [26] : 0x61 (97)
4662. [27] : 0x00 (0)
4663. [28] : 0x2f (47)
4664. [29] : 0x00 (0)
4665. [30] : 0x73 (115)
4666. [31] : 0x00 (0)
4667. [32] : 0x76 (118)
4668. [33] : 0x00 (0)
4669. [34] : 0x63 (99)
4670. [35] : 0x00 (0)
4671. [36] : 0x63 (99)
4672. [37] : 0x00 (0)
4673. [38] : 0x74 (116)
4674. [39] : 0x00 (0)
4675. [40] : 0x6c (108)
4676. [41] : 0x00 (0)
4677. [42] : 0x2f (47)
4678. [43] : 0x00 (0)
4679. [44] : 0x6e (110)
4680. [45] : 0x00 (0)
4681. [46] : 0x6d (109)
4682. [47] : 0x00 (0)
4683. [48] : 0x62 (98)
4684. [49] : 0x00 (0)
4685. [50] : 0x64 (100)
4686. [51] : 0x00 (0)
4687. [52] : 0x00 (0)
4688. [53] : 0x00 (0)
4689. size : 0x00000036 (54)
4690. [2012/09/23 22:42:33.031335, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4691. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4692. [0010] D2 24 00 00 .$..
4693. [2012/09/23 22:42:33.031448, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4694. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath]
4695. [2012/09/23 22:42:33.031503, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4696. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4697. [2012/09/23 22:42:33.031555, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4698. winreg_SetValue: struct winreg_SetValue
4699. out: struct winreg_SetValue
4700. result : WERR_OK
4701. [2012/09/23 22:42:33.031674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4702. winreg_SetValue: struct winreg_SetValue
4703. in: struct winreg_SetValue
4704. handle : *
4705. handle: struct policy_handle
4706. handle_type : 0x00000000 (0)
4707. uuid : 00000009-0000-0000-5f50-3974d2240000
4708. name: struct winreg_String
4709. name_len : 0x0018 (24)
4710. name_size : 0x0018 (24)
4711. name : *
4712. name : 'Description'
4713. type : REG_SZ (1)
4714. data : *
4715. data: ARRAY(178)
4716. [0] : 0x49 (73)
4717. [1] : 0x00 (0)
4718. [2] : 0x6e (110)
4719. [3] : 0x00 (0)
4720. [4] : 0x74 (116)
4721. [5] : 0x00 (0)
4722. [6] : 0x65 (101)
4723. [7] : 0x00 (0)
4724. [8] : 0x72 (114)
4725. [9] : 0x00 (0)
4726. [10] : 0x6e (110)
4727. [11] : 0x00 (0)
4728. [12] : 0x61 (97)
4729. [13] : 0x00 (0)
4730. [14] : 0x6c (108)
4731. [15] : 0x00 (0)
4732. [16] : 0x20 (32)
4733. [17] : 0x00 (0)
4734. [18] : 0x73 (115)
4735. [19] : 0x00 (0)
4736. [20] : 0x65 (101)
4737. [21] : 0x00 (0)
4738. [22] : 0x72 (114)
4739. [23] : 0x00 (0)
4740. [24] : 0x76 (118)
4741. [25] : 0x00 (0)
4742. [26] : 0x69 (105)
4743. [27] : 0x00 (0)
4744. [28] : 0x63 (99)
4745. [29] : 0x00 (0)
4746. [30] : 0x65 (101)
4747. [31] : 0x00 (0)
4748. [32] : 0x20 (32)
4749. [33] : 0x00 (0)
4750. [34] : 0x70 (112)
4751. [35] : 0x00 (0)
4752. [36] : 0x72 (114)
4753. [37] : 0x00 (0)
4754. [38] : 0x6f (111)
4755. [39] : 0x00 (0)
4756. [40] : 0x76 (118)
4757. [41] : 0x00 (0)
4758. [42] : 0x69 (105)
4759. [43] : 0x00 (0)
4760. [44] : 0x64 (100)
4761. [45] : 0x00 (0)
4762. [46] : 0x69 (105)
4763. [47] : 0x00 (0)
4764. [48] : 0x6e (110)
4765. [49] : 0x00 (0)
4766. [50] : 0x67 (103)
4767. [51] : 0x00 (0)
4768. [52] : 0x20 (32)
4769. [53] : 0x00 (0)
4770. [54] : 0x61 (97)
4771. [55] : 0x00 (0)
4772. [56] : 0x20 (32)
4773. [57] : 0x00 (0)
4774. [58] : 0x4e (78)
4775. [59] : 0x00 (0)
4776. [60] : 0x65 (101)
4777. [61] : 0x00 (0)
4778. [62] : 0x74 (116)
4779. [63] : 0x00 (0)
4780. [64] : 0x42 (66)
4781. [65] : 0x00 (0)
4782. [66] : 0x49 (73)
4783. [67] : 0x00 (0)
4784. [68] : 0x4f (79)
4785. [69] : 0x00 (0)
4786. [70] : 0x53 (83)
4787. [71] : 0x00 (0)
4788. [72] : 0x20 (32)
4789. [73] : 0x00 (0)
4790. [74] : 0x70 (112)
4791. [75] : 0x00 (0)
4792. [76] : 0x6f (111)
4793. [77] : 0x00 (0)
4794. [78] : 0x69 (105)
4795. [79] : 0x00 (0)
4796. [80] : 0x6e (110)
4797. [81] : 0x00 (0)
4798. [82] : 0x74 (116)
4799. [83] : 0x00 (0)
4800. [84] : 0x2d (45)
4801. [85] : 0x00 (0)
4802. [86] : 0x74 (116)
4803. [87] : 0x00 (0)
4804. [88] : 0x6f (111)
4805. [89] : 0x00 (0)
4806. [90] : 0x2d (45)
4807. [91] : 0x00 (0)
4808. [92] : 0x70 (112)
4809. [93] : 0x00 (0)
4810. [94] : 0x6f (111)
4811. [95] : 0x00 (0)
4812. [96] : 0x69 (105)
4813. [97] : 0x00 (0)
4814. [98] : 0x6e (110)
4815. [99] : 0x00 (0)
4816. [100] : 0x74 (116)
4817. [101] : 0x00 (0)
4818. [102] : 0x20 (32)
4819. [103] : 0x00 (0)
4820. [104] : 0x6e (110)
4821. [105] : 0x00 (0)
4822. [106] : 0x61 (97)
4823. [107] : 0x00 (0)
4824. [108] : 0x6d (109)
4825. [109] : 0x00 (0)
4826. [110] : 0x65 (101)
4827. [111] : 0x00 (0)
4828. [112] : 0x20 (32)
4829. [113] : 0x00 (0)
4830. [114] : 0x73 (115)
4831. [115] : 0x00 (0)
4832. [116] : 0x65 (101)
4833. [117] : 0x00 (0)
4834. [118] : 0x72 (114)
4835. [119] : 0x00 (0)
4836. [120] : 0x76 (118)
4837. [121] : 0x00 (0)
4838. [122] : 0x65 (101)
4839. [123] : 0x00 (0)
4840. [124] : 0x72 (114)
4841. [125] : 0x00 (0)
4842. [126] : 0x28 (40)
4843. [127] : 0x00 (0)
4844. [128] : 0x6e (110)
4845. [129] : 0x00 (0)
4846. [130] : 0x6f (111)
4847. [131] : 0x00 (0)
4848. [132] : 0x74 (116)
4849. [133] : 0x00 (0)
4850. [134] : 0x20 (32)
4851. [135] : 0x00 (0)
4852. [136] : 0x72 (114)
4853. [137] : 0x00 (0)
4854. [138] : 0x65 (101)
4855. [139] : 0x00 (0)
4856. [140] : 0x6d (109)
4857. [141] : 0x00 (0)
4858. [142] : 0x6f (111)
4859. [143] : 0x00 (0)
4860. [144] : 0x74 (116)
4861. [145] : 0x00 (0)
4862. [146] : 0x65 (101)
4863. [147] : 0x00 (0)
4864. [148] : 0x6c (108)
4865. [149] : 0x00 (0)
4866. [150] : 0x79 (121)
4867. [151] : 0x00 (0)
4868. [152] : 0x20 (32)
4869. [153] : 0x00 (0)
4870. [154] : 0x6d (109)
4871. [155] : 0x00 (0)
4872. [156] : 0x61 (97)
4873. [157] : 0x00 (0)
4874. [158] : 0x6e (110)
4875. [159] : 0x00 (0)
4876. [160] : 0x61 (97)
4877. [161] : 0x00 (0)
4878. [162] : 0x67 (103)
4879. [163] : 0x00 (0)
4880. [164] : 0x65 (101)
4881. [165] : 0x00 (0)
4882. [166] : 0x61 (97)
4883. [167] : 0x00 (0)
4884. [168] : 0x62 (98)
4885. [169] : 0x00 (0)
4886. [170] : 0x6c (108)
4887. [171] : 0x00 (0)
4888. [172] : 0x65 (101)
4889. [173] : 0x00 (0)
4890. [174] : 0x29 (41)
4891. [175] : 0x00 (0)
4892. [176] : 0x00 (0)
4893. [177] : 0x00 (0)
4894. size : 0x000000b2 (178)
4895. [2012/09/23 22:42:33.036151, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4896. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4897. [0010] D2 24 00 00 .$..
4898. [2012/09/23 22:42:33.036255, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
4899. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description]
4900. [2012/09/23 22:42:33.036318, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4901. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4902. [2012/09/23 22:42:33.036371, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4903. winreg_SetValue: struct winreg_SetValue
4904. out: struct winreg_SetValue
4905. result : WERR_OK
4906. [2012/09/23 22:42:33.036484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4907. winreg_CloseKey: struct winreg_CloseKey
4908. in: struct winreg_CloseKey
4909. handle : *
4910. handle: struct policy_handle
4911. handle_type : 0x00000000 (0)
4912. uuid : 00000009-0000-0000-5f50-3974d2240000
4913. [2012/09/23 22:42:33.036654, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4914. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4915. [0010] D2 24 00 00 .$..
4916. [2012/09/23 22:42:33.036758, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4917. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
4918. [0010] D2 24 00 00 .$..
4919. [2012/09/23 22:42:33.036860, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
4920. Closed policy
4921. [2012/09/23 22:42:33.036912, 10] registry/reg_backend_db.c:619(regdb_close)
4922. regdb_close: decrementing refcount (4->3)
4923. [2012/09/23 22:42:33.036964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4924. winreg_CloseKey: struct winreg_CloseKey
4925. out: struct winreg_CloseKey
4926. handle : *
4927. handle: struct policy_handle
4928. handle_type : 0x00000000 (0)
4929. uuid : 00000000-0000-0000-0000-000000000000
4930. result : WERR_OK
4931. [2012/09/23 22:42:33.037177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
4932. winreg_CreateKey: struct winreg_CreateKey
4933. in: struct winreg_CreateKey
4934. handle : *
4935. handle: struct policy_handle
4936. handle_type : 0x00000000 (0)
4937. uuid : 00000001-0000-0000-5f50-3874d2240000
4938. name: struct winreg_String
4939. name_len : 0x0060 (96)
4940. name_size : 0x0060 (96)
4941. name : *
4942. name : 'SYSTEM\CurrentControlSet\Services\WINS\Security'
4943. keyclass: struct winreg_String
4944. name_len : 0x0002 (2)
4945. name_size : 0x0002 (2)
4946. name : *
4947. name : ''
4948. options : 0x00000000 (0)
4949. 0: REG_OPTION_VOLATILE
4950. 0: REG_OPTION_CREATE_LINK
4951. 0: REG_OPTION_BACKUP_RESTORE
4952. 0: REG_OPTION_OPEN_LINK
4953. access_mask : 0x02000000 (33554432)
4954. 0: KEY_QUERY_VALUE
4955. 0: KEY_SET_VALUE
4956. 0: KEY_CREATE_SUB_KEY
4957. 0: KEY_ENUMERATE_SUB_KEYS
4958. 0: KEY_NOTIFY
4959. 0: KEY_CREATE_LINK
4960. 0: KEY_WOW64_64KEY
4961. 0: KEY_WOW64_32KEY
4962. secdesc : NULL
4963. action_taken : *
4964. action_taken : REG_OPENED_EXISTING_KEY (2)
4965. [2012/09/23 22:42:33.037959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
4966. Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
4967. [0010] D2 24 00 00 .$..
4968. [2012/09/23 22:42:33.038073, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey)
4969. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security'
4970. [2012/09/23 22:42:33.038129, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4971. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
4972. [2012/09/23 22:42:33.038183, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4973. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4974. [2012/09/23 22:42:33.038235, 7] registry/reg_api.c:141(regkey_open_onelevel)
4975. regkey_open_onelevel: name = [SYSTEM]
4976. [2012/09/23 22:42:33.038287, 10] registry/reg_backend_db.c:583(regdb_open)
4977. regdb_open: incrementing refcount (3->4)
4978. [2012/09/23 22:42:33.038342, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4979. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
4980. [2012/09/23 22:42:33.038391, 10] lib/adt_tree.c:367(pathtree_find)
4981. pathtree_find: Enter [\HKLM\SYSTEM]
4982. [2012/09/23 22:42:33.038442, 10] lib/adt_tree.c:440(pathtree_find)
4983. pathtree_find: Exit
4984. [2012/09/23 22:42:33.038491, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4985. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
4986. [2012/09/23 22:42:33.038558, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
4987. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
4988. [2012/09/23 22:42:33.038611, 7] registry/reg_api.c:141(regkey_open_onelevel)
4989. regkey_open_onelevel: name = [CurrentControlSet]
4990. [2012/09/23 22:42:33.038664, 10] registry/reg_backend_db.c:583(regdb_open)
4991. regdb_open: incrementing refcount (4->5)
4992. [2012/09/23 22:42:33.038720, 10] registry/reg_cachehook.c:122(reghook_cache_find)
4993. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
4994. [2012/09/23 22:42:33.038769, 10] lib/adt_tree.c:367(pathtree_find)
4995. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
4996. [2012/09/23 22:42:33.038820, 10] lib/adt_tree.c:440(pathtree_find)
4997. pathtree_find: Exit
4998. [2012/09/23 22:42:33.038869, 10] registry/reg_cachehook.c:127(reghook_cache_find)
4999. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
5000. [2012/09/23 22:42:33.038937, 10] registry/reg_backend_db.c:619(regdb_close)
5001. regdb_close: decrementing refcount (5->4)
5002. [2012/09/23 22:42:33.038992, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
5003. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
5004. [2012/09/23 22:42:33.039043, 7] registry/reg_api.c:141(regkey_open_onelevel)
5005. regkey_open_onelevel: name = [Services]
5006. [2012/09/23 22:42:33.039095, 10] registry/reg_backend_db.c:583(regdb_open)
5007. regdb_open: incrementing refcount (4->5)
5008. [2012/09/23 22:42:33.039150, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5009. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
5010. [2012/09/23 22:42:33.039199, 10] lib/adt_tree.c:367(pathtree_find)
5011. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
5012. [2012/09/23 22:42:33.039251, 10] lib/adt_tree.c:440(pathtree_find)
5013. pathtree_find: Exit
5014. [2012/09/23 22:42:33.039300, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5015. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
5016. [2012/09/23 22:42:33.039381, 10] registry/reg_backend_db.c:619(regdb_close)
5017. regdb_close: decrementing refcount (5->4)
5018. [2012/09/23 22:42:33.039437, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
5019. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2
5020. [2012/09/23 22:42:33.039489, 7] registry/reg_api.c:141(regkey_open_onelevel)
5021. regkey_open_onelevel: name = [WINS]
5022. [2012/09/23 22:42:33.039540, 10] registry/reg_backend_db.c:583(regdb_open)
5023. regdb_open: incrementing refcount (4->5)
5024. [2012/09/23 22:42:33.039596, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5025. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
5026. [2012/09/23 22:42:33.039645, 10] lib/adt_tree.c:367(pathtree_find)
5027. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
5028. [2012/09/23 22:42:33.039705, 10] lib/adt_tree.c:440(pathtree_find)
5029. pathtree_find: Exit
5030. [2012/09/23 22:42:33.039755, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5031. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS]
5032. [2012/09/23 22:42:33.039825, 10] registry/reg_backend_db.c:619(regdb_close)
5033. regdb_close: decrementing refcount (5->4)
5034. [2012/09/23 22:42:33.039880, 7] registry/reg_api.c:141(regkey_open_onelevel)
5035. regkey_open_onelevel: name = [Security]
5036. [2012/09/23 22:42:33.039932, 10] registry/reg_backend_db.c:583(regdb_open)
5037. regdb_open: incrementing refcount (4->5)
5038. [2012/09/23 22:42:33.039988, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5039. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
5040. [2012/09/23 22:42:33.040037, 10] lib/adt_tree.c:367(pathtree_find)
5041. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
5042. [2012/09/23 22:42:33.040089, 10] lib/adt_tree.c:440(pathtree_find)
5043. pathtree_find: Exit
5044. [2012/09/23 22:42:33.040138, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5045. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
5046. [2012/09/23 22:42:33.040202, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal)
5047. regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
5048. [2012/09/23 22:42:33.040256, 10] registry/reg_backend_db.c:619(regdb_close)
5049. regdb_close: decrementing refcount (5->4)
5050. [2012/09/23 22:42:33.040310, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
5051. Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5052. [0010] D2 24 00 00 .$..
5053. [2012/09/23 22:42:33.040414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5054. winreg_CreateKey: struct winreg_CreateKey
5055. out: struct winreg_CreateKey
5056. new_handle : *
5057. new_handle: struct policy_handle
5058. handle_type : 0x00000000 (0)
5059. uuid : 0000000a-0000-0000-5f50-3974d2240000
5060. action_taken : *
5061. action_taken : REG_OPENED_EXISTING_KEY (2)
5062. result : WERR_OK
5063. [2012/09/23 22:42:33.040702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5064. winreg_SetValue: struct winreg_SetValue
5065. in: struct winreg_SetValue
5066. handle : *
5067. handle: struct policy_handle
5068. handle_type : 0x00000000 (0)
5069. uuid : 0000000a-0000-0000-5f50-3974d2240000
5070. name: struct winreg_String
5071. name_len : 0x0012 (18)
5072. name_size : 0x0012 (18)
5073. name : *
5074. name : 'Security'
5075. type : REG_BINARY (3)
5076. data : *
5077. data: ARRAY(120)
5078. [0] : 0x01 (1)
5079. [1] : 0x00 (0)
5080. [2] : 0x04 (4)
5081. [3] : 0x80 (128)
5082. [4] : 0x00 (0)
5083. [5] : 0x00 (0)
5084. [6] : 0x00 (0)
5085. [7] : 0x00 (0)
5086. [8] : 0x00 (0)
5087. [9] : 0x00 (0)
5088. [10] : 0x00 (0)
5089. [11] : 0x00 (0)
5090. [12] : 0x00 (0)
5091. [13] : 0x00 (0)
5092. [14] : 0x00 (0)
5093. [15] : 0x00 (0)
5094. [16] : 0x14 (20)
5095. [17] : 0x00 (0)
5096. [18] : 0x00 (0)
5097. [19] : 0x00 (0)
5098. [20] : 0x02 (2)
5099. [21] : 0x00 (0)
5100. [22] : 0x64 (100)
5101. [23] : 0x00 (0)
5102. [24] : 0x04 (4)
5103. [25] : 0x00 (0)
5104. [26] : 0x00 (0)
5105. [27] : 0x00 (0)
5106. [28] : 0x00 (0)
5107. [29] : 0x00 (0)
5108. [30] : 0x14 (20)
5109. [31] : 0x00 (0)
5110. [32] : 0x8d (141)
5111. [33] : 0x01 (1)
5112. [34] : 0x02 (2)
5113. [35] : 0x00 (0)
5114. [36] : 0x01 (1)
5115. [37] : 0x01 (1)
5116. [38] : 0x00 (0)
5117. [39] : 0x00 (0)
5118. [40] : 0x00 (0)
5119. [41] : 0x00 (0)
5120. [42] : 0x00 (0)
5121. [43] : 0x01 (1)
5122. [44] : 0x00 (0)
5123. [45] : 0x00 (0)
5124. [46] : 0x00 (0)
5125. [47] : 0x00 (0)
5126. [48] : 0x00 (0)
5127. [49] : 0x00 (0)
5128. [50] : 0x18 (24)
5129. [51] : 0x00 (0)
5130. [52] : 0xfd (253)
5131. [53] : 0x01 (1)
5132. [54] : 0x02 (2)
5133. [55] : 0x00 (0)
5134. [56] : 0x01 (1)
5135. [57] : 0x02 (2)
5136. [58] : 0x00 (0)
5137. [59] : 0x00 (0)
5138. [60] : 0x00 (0)
5139. [61] : 0x00 (0)
5140. [62] : 0x00 (0)
5141. [63] : 0x05 (5)
5142. [64] : 0x20 (32)
5143. [65] : 0x00 (0)
5144. [66] : 0x00 (0)
5145. [67] : 0x00 (0)
5146. [68] : 0x23 (35)
5147. [69] : 0x02 (2)
5148. [70] : 0x00 (0)
5149. [71] : 0x00 (0)
5150. [72] : 0x00 (0)
5151. [73] : 0x00 (0)
5152. [74] : 0x18 (24)
5153. [75] : 0x00 (0)
5154. [76] : 0xff (255)
5155. [77] : 0x01 (1)
5156. [78] : 0x0f (15)
5157. [79] : 0x00 (0)
5158. [80] : 0x01 (1)
5159. [81] : 0x02 (2)
5160. [82] : 0x00 (0)
5161. [83] : 0x00 (0)
5162. [84] : 0x00 (0)
5163. [85] : 0x00 (0)
5164. [86] : 0x00 (0)
5165. [87] : 0x05 (5)
5166. [88] : 0x20 (32)
5167. [89] : 0x00 (0)
5168. [90] : 0x00 (0)
5169. [91] : 0x00 (0)
5170. [92] : 0x25 (37)
5171. [93] : 0x02 (2)
5172. [94] : 0x00 (0)
5173. [95] : 0x00 (0)
5174. [96] : 0x00 (0)
5175. [97] : 0x00 (0)
5176. [98] : 0x18 (24)
5177. [99] : 0x00 (0)
5178. [100] : 0xff (255)
5179. [101] : 0x01 (1)
5180. [102] : 0x0f (15)
5181. [103] : 0x00 (0)
5182. [104] : 0x01 (1)
5183. [105] : 0x02 (2)
5184. [106] : 0x00 (0)
5185. [107] : 0x00 (0)
5186. [108] : 0x00 (0)
5187. [109] : 0x00 (0)
5188. [110] : 0x00 (0)
5189. [111] : 0x05 (5)
5190. [112] : 0x20 (32)
5191. [113] : 0x00 (0)
5192. [114] : 0x00 (0)
5193. [115] : 0x00 (0)
5194. [116] : 0x20 (32)
5195. [117] : 0x02 (2)
5196. [118] : 0x00 (0)
5197. [119] : 0x00 (0)
5198. size : 0x00000078 (120)
5199. [2012/09/23 22:42:33.043850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5200. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5201. [0010] D2 24 00 00 .$..
5202. [2012/09/23 22:42:33.043954, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue)
5203. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security]
5204. [2012/09/23 22:42:33.044024, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
5205. tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1
5206. [2012/09/23 22:42:33.044076, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
5207. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0x7f0ef0501340)
5208. [2012/09/23 22:42:33.044129, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5209. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security]
5210. [2012/09/23 22:42:33.044197, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5211. regdb_unpack_values: value[0]: name[Security] len[120]
5212. [2012/09/23 22:42:33.044252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5213. winreg_SetValue: struct winreg_SetValue
5214. out: struct winreg_SetValue
5215. result : WERR_OK
5216. [2012/09/23 22:42:33.044364, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5217. winreg_CloseKey: struct winreg_CloseKey
5218. in: struct winreg_CloseKey
5219. handle : *
5220. handle: struct policy_handle
5221. handle_type : 0x00000000 (0)
5222. uuid : 0000000a-0000-0000-5f50-3974d2240000
5223. [2012/09/23 22:42:33.044535, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5224. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5225. [0010] D2 24 00 00 .$..
5226. [2012/09/23 22:42:33.044638, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5227. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5228. [0010] D2 24 00 00 .$..
5229. [2012/09/23 22:42:33.044749, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
5230. Closed policy
5231. [2012/09/23 22:42:33.044800, 10] registry/reg_backend_db.c:619(regdb_close)
5232. regdb_close: decrementing refcount (4->3)
5233. [2012/09/23 22:42:33.044852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5234. winreg_CloseKey: struct winreg_CloseKey
5235. out: struct winreg_CloseKey
5236. handle : *
5237. handle: struct policy_handle
5238. handle_type : 0x00000000 (0)
5239. uuid : 00000000-0000-0000-0000-000000000000
5240. result : WERR_OK
5241. [2012/09/23 22:42:33.045056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5242. winreg_CloseKey: struct winreg_CloseKey
5243. in: struct winreg_CloseKey
5244. handle : *
5245. handle: struct policy_handle
5246. handle_type : 0x00000000 (0)
5247. uuid : 00000002-0000-0000-5f50-3874d2240000
5248. [2012/09/23 22:42:33.045226, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5249. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
5250. [0010] D2 24 00 00 .$..
5251. [2012/09/23 22:42:33.045331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5252. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 5F 50 38 74 ........ ...._P8t
5253. [0010] D2 24 00 00 .$..
5254. [2012/09/23 22:42:33.045433, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
5255. Closed policy
5256. [2012/09/23 22:42:33.045485, 10] registry/reg_backend_db.c:619(regdb_close)
5257. regdb_close: decrementing refcount (3->2)
5258. [2012/09/23 22:42:33.045537, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5259. winreg_CloseKey: struct winreg_CloseKey
5260. out: struct winreg_CloseKey
5261. handle : *
5262. handle: struct policy_handle
5263. handle_type : 0x00000000 (0)
5264. uuid : 00000000-0000-0000-0000-000000000000
5265. result : WERR_OK
5266. [2012/09/23 22:42:33.045739, 10] registry/reg_backend_db.c:619(regdb_close)
5267. regdb_close: decrementing refcount (2->1)
5268. [2012/09/23 22:42:33.045814, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg)
5269. Initialise the eventlog registry keys if needed.
5270. [2012/09/23 22:42:33.045871, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p)
5271. Create pipe requested \winreg
5272. [2012/09/23 22:42:33.045928, 10] rpc_server/rpc_handles.c:133(init_pipe_handles)
5273. init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg
5274. [2012/09/23 22:42:33.045985, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p)
5275. Created internal pipe \winreg (pipes_open=0)
5276. [2012/09/23 22:42:33.046047, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5277. winreg_OpenHKLM: struct winreg_OpenHKLM
5278. in: struct winreg_OpenHKLM
5279. system_name : NULL
5280. access_mask : 0x02000000 (33554432)
5281. 0: KEY_QUERY_VALUE
5282. 0: KEY_SET_VALUE
5283. 0: KEY_CREATE_SUB_KEY
5284. 0: KEY_ENUMERATE_SUB_KEYS
5285. 0: KEY_NOTIFY
5286. 0: KEY_CREATE_LINK
5287. 0: KEY_WOW64_64KEY
5288. 0: KEY_WOW64_32KEY
5289. [2012/09/23 22:42:33.046344, 7] registry/reg_api.c:141(regkey_open_onelevel)
5290. regkey_open_onelevel: name = [HKLM]
5291. [2012/09/23 22:42:33.046396, 10] registry/reg_backend_db.c:583(regdb_open)
5292. regdb_open: incrementing refcount (1->2)
5293. [2012/09/23 22:42:33.046451, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5294. reghook_cache_find: Searching for keyname [\HKLM]
5295. [2012/09/23 22:42:33.046507, 10] lib/adt_tree.c:367(pathtree_find)
5296. pathtree_find: Enter [\HKLM]
5297. [2012/09/23 22:42:33.046559, 10] lib/adt_tree.c:440(pathtree_find)
5298. pathtree_find: Exit
5299. [2012/09/23 22:42:33.046607, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5300. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
5301. [2012/09/23 22:42:33.046678, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
5302. Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5303. [0010] D2 24 00 00 .$..
5304. [2012/09/23 22:42:33.046783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5305. winreg_OpenHKLM: struct winreg_OpenHKLM
5306. out: struct winreg_OpenHKLM
5307. handle : *
5308. handle: struct policy_handle
5309. handle_type : 0x00000000 (0)
5310. uuid : 0000000b-0000-0000-5f50-3974d2240000
5311. result : WERR_OK
5312. [2012/09/23 22:42:33.046990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5313. winreg_OpenKey: struct winreg_OpenKey
5314. in: struct winreg_OpenKey
5315. parent_handle : *
5316. parent_handle: struct policy_handle
5317. handle_type : 0x00000000 (0)
5318. uuid : 0000000b-0000-0000-5f50-3974d2240000
5319. keyname: struct winreg_String
5320. name_len : 0x0056 (86)
5321. name_size : 0x0056 (86)
5322. name : *
5323. name : 'SYSTEM\CurrentControlSet\Services\Eventlog'
5324. options : 0x00000000 (0)
5325. 0: REG_OPTION_VOLATILE
5326. 0: REG_OPTION_CREATE_LINK
5327. 0: REG_OPTION_BACKUP_RESTORE
5328. 0: REG_OPTION_OPEN_LINK
5329. access_mask : 0x02000000 (33554432)
5330. 0: KEY_QUERY_VALUE
5331. 0: KEY_SET_VALUE
5332. 0: KEY_CREATE_SUB_KEY
5333. 0: KEY_ENUMERATE_SUB_KEYS
5334. 0: KEY_NOTIFY
5335. 0: KEY_CREATE_LINK
5336. 0: KEY_WOW64_64KEY
5337. 0: KEY_WOW64_32KEY
5338. [2012/09/23 22:42:33.047593, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5339. Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5340. [0010] D2 24 00 00 .$..
5341. [2012/09/23 22:42:33.047699, 7] registry/reg_api.c:141(regkey_open_onelevel)
5342. regkey_open_onelevel: name = [SYSTEM]
5343. [2012/09/23 22:42:33.047751, 10] registry/reg_backend_db.c:583(regdb_open)
5344. regdb_open: incrementing refcount (2->3)
5345. [2012/09/23 22:42:33.047806, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5346. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM]
5347. [2012/09/23 22:42:33.047856, 10] lib/adt_tree.c:367(pathtree_find)
5348. pathtree_find: Enter [\HKLM\SYSTEM]
5349. [2012/09/23 22:42:33.047906, 10] lib/adt_tree.c:440(pathtree_find)
5350. pathtree_find: Exit
5351. [2012/09/23 22:42:33.047955, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5352. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM]
5353. [2012/09/23 22:42:33.048025, 7] registry/reg_api.c:141(regkey_open_onelevel)
5354. regkey_open_onelevel: name = [CurrentControlSet]
5355. [2012/09/23 22:42:33.048079, 10] registry/reg_backend_db.c:583(regdb_open)
5356. regdb_open: incrementing refcount (3->4)
5357. [2012/09/23 22:42:33.048134, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5358. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet]
5359. [2012/09/23 22:42:33.048184, 10] lib/adt_tree.c:367(pathtree_find)
5360. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet]
5361. [2012/09/23 22:42:33.048244, 10] lib/adt_tree.c:440(pathtree_find)
5362. pathtree_find: Exit
5363. [2012/09/23 22:42:33.048294, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5364. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet]
5365. [2012/09/23 22:42:33.048367, 7] registry/reg_api.c:141(regkey_open_onelevel)
5366. regkey_open_onelevel: name = [Services]
5367. [2012/09/23 22:42:33.048420, 10] registry/reg_backend_db.c:583(regdb_open)
5368. regdb_open: incrementing refcount (4->5)
5369. [2012/09/23 22:42:33.048480, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5370. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services]
5371. [2012/09/23 22:42:33.048530, 10] lib/adt_tree.c:367(pathtree_find)
5372. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services]
5373. [2012/09/23 22:42:33.048581, 10] lib/adt_tree.c:440(pathtree_find)
5374. pathtree_find: Exit
5375. [2012/09/23 22:42:33.048630, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5376. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services]
5377. [2012/09/23 22:42:33.048714, 7] registry/reg_api.c:141(regkey_open_onelevel)
5378. regkey_open_onelevel: name = [Eventlog]
5379. [2012/09/23 22:42:33.048768, 10] registry/reg_backend_db.c:583(regdb_open)
5380. regdb_open: incrementing refcount (5->6)
5381. [2012/09/23 22:42:33.048824, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5382. reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5383. [2012/09/23 22:42:33.048874, 10] lib/adt_tree.c:367(pathtree_find)
5384. pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5385. [2012/09/23 22:42:33.048926, 10] lib/adt_tree.c:440(pathtree_find)
5386. pathtree_find: Exit
5387. [2012/09/23 22:42:33.048975, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5388. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5389. [2012/09/23 22:42:33.049048, 10] registry/reg_backend_db.c:619(regdb_close)
5390. regdb_close: decrementing refcount (6->5)
5391. [2012/09/23 22:42:33.049102, 10] registry/reg_backend_db.c:619(regdb_close)
5392. regdb_close: decrementing refcount (5->4)
5393. [2012/09/23 22:42:33.049154, 10] registry/reg_backend_db.c:619(regdb_close)
5394. regdb_close: decrementing refcount (4->3)
5395. [2012/09/23 22:42:33.049206, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal)
5396. Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5397. [0010] D2 24 00 00 .$..
5398. [2012/09/23 22:42:33.049309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5399. winreg_OpenKey: struct winreg_OpenKey
5400. out: struct winreg_OpenKey
5401. handle : *
5402. handle: struct policy_handle
5403. handle_type : 0x00000000 (0)
5404. uuid : 0000000c-0000-0000-5f50-3974d2240000
5405. result : WERR_OK
5406. [2012/09/23 22:42:33.049518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5407. winreg_QueryInfoKey: struct winreg_QueryInfoKey
5408. in: struct winreg_QueryInfoKey
5409. handle : *
5410. handle: struct policy_handle
5411. handle_type : 0x00000000 (0)
5412. uuid : 0000000c-0000-0000-5f50-3974d2240000
5413. classname : *
5414. classname: struct winreg_String
5415. name_len : 0x0000 (0)
5416. name_size : 0x0000 (0)
5417. name : NULL
5418. [2012/09/23 22:42:33.049801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5419. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5420. [0010] D2 24 00 00 .$..
5421. [2012/09/23 22:42:33.049906, 10] registry/reg_dispatcher.c:150(fetch_reg_values)
5422. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0x7f0ef0501340)
5423. [2012/09/23 22:42:33.049968, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5424. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5425. [2012/09/23 22:42:33.050040, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5426. regdb_unpack_values: value[0]: name[DisplayName] len[20]
5427. [2012/09/23 22:42:33.050096, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5428. regdb_unpack_values: value[1]: name[ErrorControl] len[4]
5429. [2012/09/23 22:42:33.050151, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc)
5430. regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5431. [2012/09/23 22:42:33.050223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5432. winreg_QueryInfoKey: struct winreg_QueryInfoKey
5433. out: struct winreg_QueryInfoKey
5434. classname : *
5435. classname: struct winreg_String
5436. name_len : 0x0000 (0)
5437. name_size : 0x0000 (0)
5438. name : NULL
5439. num_subkeys : *
5440. num_subkeys : 0x00000000 (0)
5441. max_subkeylen : *
5442. max_subkeylen : 0x00000000 (0)
5443. max_classlen : *
5444. max_classlen : 0x00000000 (0)
5445. num_values : *
5446. num_values : 0x00000002 (2)
5447. max_valnamelen : *
5448. max_valnamelen : 0x0000001a (26)
5449. max_valbufsize : *
5450. max_valbufsize : 0x00000014 (20)
5451. secdescsize : *
5452. secdescsize : 0x00000078 (120)
5453. last_changed_time : *
5454. last_changed_time : NTTIME(0)
5455. result : WERR_OK
5456. [2012/09/23 22:42:33.050824, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5457. winreg_CloseKey: struct winreg_CloseKey
5458. in: struct winreg_CloseKey
5459. handle : *
5460. handle: struct policy_handle
5461. handle_type : 0x00000000 (0)
5462. uuid : 0000000c-0000-0000-5f50-3974d2240000
5463. [2012/09/23 22:42:33.050997, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5464. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5465. [0010] D2 24 00 00 .$..
5466. [2012/09/23 22:42:33.051102, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal)
5467. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 5F 50 39 74 ........ ...._P9t
5468. [0010] D2 24 00 00 .$..
5469. [2012/09/23 22:42:33.051204, 3] rpc_server/rpc_handles.c:281(close_policy_hnd)
5470. Closed policy
5471. [2012/09/23 22:42:33.051255, 10] registry/reg_backend_db.c:619(regdb_close)
5472. regdb_close: decrementing refcount (3->2)
5473. [2012/09/23 22:42:33.051308, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
5474. winreg_CloseKey: struct winreg_CloseKey
5475. out: struct winreg_CloseKey
5476. handle : *
5477. handle: struct policy_handle
5478. handle_type : 0x00000000 (0)
5479. uuid : 00000000-0000-0000-0000-000000000000
5480. result : WERR_OK
5481. [2012/09/23 22:42:33.051586, 3] printing/pcap.c:138(pcap_cache_reload)
5482. reloading printcap cache
5483. [2012/09/23 22:42:33.051666, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5484. Locking key 5052494E5445524C4953
5485. [2012/09/23 22:42:33.051726, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5486. Allocated locked data 0x0x7f0ef1a0e4c0
5487. [2012/09/23 22:42:33.051855, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5488. Unlocking key 5052494E5445524C4953
5489. [2012/09/23 22:42:33.051950, 3] printing/pcap.c:189(pcap_cache_reload)
5490. reload status: ok
5491. [2012/09/23 22:42:33.052047, 7] param/loadparm.c:9834(lp_servicenumber)
5492. lp_servicenumber: couldn't find printers
5493. [2012/09/23 22:42:33.052111, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf)
5494. registry_init_smbconf called
5495. [2012/09/23 22:42:33.052162, 10] registry/reg_backend_db.c:504(regdb_init)
5496. regdb_init: incrementing refcount (2->3)
5497. [2012/09/23 22:42:33.052390, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5498. regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]
5499. [2012/09/23 22:42:33.052464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5500. regdb_unpack_values: value[0]: name[Samba Printer Port] len[2]
5501. [2012/09/23 22:42:33.052519, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5502. regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]
5503. [2012/09/23 22:42:33.052591, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5504. regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70]
5505. [2012/09/23 22:42:33.052646, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5506. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5507. [2012/09/23 22:42:33.052715, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5508. regdb_unpack_values: value[0]: name[DisplayName] len[20]
5509. [2012/09/23 22:42:33.052769, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5510. regdb_unpack_values: value[1]: name[ErrorControl] len[4]
5511. [2012/09/23 22:42:33.052823, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal)
5512. regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog]
5513. [2012/09/23 22:42:33.052891, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5514. regdb_unpack_values: value[0]: name[DisplayName] len[20]
5515. [2012/09/23 22:42:33.052946, 10] registry/reg_backend_db.c:1734(regdb_unpack_values)
5516. regdb_unpack_values: value[1]: name[ErrorControl] len[4]
5517. [2012/09/23 22:42:33.053011, 10] registry/reg_cachehook.c:94(reghook_cache_add)
5518. reghook_cache_add: Adding ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
5519. [2012/09/23 22:42:33.053062, 8] lib/adt_tree.c:215(pathtree_add)
5520. pathtree_add: Enter
5521. [2012/09/23 22:42:33.053113, 10] lib/adt_tree.c:282(pathtree_add)
5522. pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree
5523. [2012/09/23 22:42:33.053162, 8] lib/adt_tree.c:284(pathtree_add)
5524. pathtree_add: Exit
5525. [2012/09/23 22:42:33.053212, 10] registry/reg_backend_db.c:619(regdb_close)
5526. regdb_close: decrementing refcount (3->2)
5527. [2012/09/23 22:42:33.053262, 10] registry/reg_backend_db.c:583(regdb_open)
5528. regdb_open: incrementing refcount (2->3)
5529. [2012/09/23 22:42:33.053313, 7] registry/reg_api.c:141(regkey_open_onelevel)
5530. regkey_open_onelevel: name = [HKLM]
5531. [2012/09/23 22:42:33.053363, 10] registry/reg_backend_db.c:583(regdb_open)
5532. regdb_open: incrementing refcount (3->4)
5533. [2012/09/23 22:42:33.053416, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5534. reghook_cache_find: Searching for keyname [\HKLM]
5535. [2012/09/23 22:42:33.053465, 10] lib/adt_tree.c:367(pathtree_find)
5536. pathtree_find: Enter [\HKLM]
5537. [2012/09/23 22:42:33.053515, 10] lib/adt_tree.c:440(pathtree_find)
5538. pathtree_find: Exit
5539. [2012/09/23 22:42:33.053563, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5540. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM]
5541. [2012/09/23 22:42:33.053633, 7] registry/reg_api.c:141(regkey_open_onelevel)
5542. regkey_open_onelevel: name = [SOFTWARE]
5543. [2012/09/23 22:42:33.053686, 10] registry/reg_backend_db.c:583(regdb_open)
5544. regdb_open: incrementing refcount (4->5)
5545. [2012/09/23 22:42:33.053740, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5546. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE]
5547. [2012/09/23 22:42:33.053789, 10] lib/adt_tree.c:367(pathtree_find)
5548. pathtree_find: Enter [\HKLM\SOFTWARE]
5549. [2012/09/23 22:42:33.053840, 10] lib/adt_tree.c:440(pathtree_find)
5550. pathtree_find: Exit
5551. [2012/09/23 22:42:33.053888, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5552. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE]
5553. [2012/09/23 22:42:33.053987, 7] registry/reg_api.c:141(regkey_open_onelevel)
5554. regkey_open_onelevel: name = [Samba]
5555. [2012/09/23 22:42:33.054043, 10] registry/reg_backend_db.c:583(regdb_open)
5556. regdb_open: incrementing refcount (5->6)
5557. [2012/09/23 22:42:33.054098, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5558. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba]
5559. [2012/09/23 22:42:33.054147, 10] lib/adt_tree.c:367(pathtree_find)
5560. pathtree_find: Enter [\HKLM\SOFTWARE\Samba]
5561. [2012/09/23 22:42:33.054198, 10] lib/adt_tree.c:440(pathtree_find)
5562. pathtree_find: Exit
5563. [2012/09/23 22:42:33.054246, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5564. reghook_cache_find: found ops 0x7f0ef0501340 for key [\HKLM\SOFTWARE\Samba]
5565. [2012/09/23 22:42:33.054317, 7] registry/reg_api.c:141(regkey_open_onelevel)
5566. regkey_open_onelevel: name = [smbconf]
5567. [2012/09/23 22:42:33.054370, 10] registry/reg_backend_db.c:583(regdb_open)
5568. regdb_open: incrementing refcount (6->7)
5569. [2012/09/23 22:42:33.054425, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5570. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf]
5571. [2012/09/23 22:42:33.054474, 10] lib/adt_tree.c:367(pathtree_find)
5572. pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf]
5573. [2012/09/23 22:42:33.054525, 10] lib/adt_tree.c:440(pathtree_find)
5574. pathtree_find: Exit
5575. [2012/09/23 22:42:33.054574, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5576. reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf]
5577. [2012/09/23 22:42:33.054643, 10] registry/reg_backend_db.c:619(regdb_close)
5578. regdb_close: decrementing refcount (7->6)
5579. [2012/09/23 22:42:33.054696, 10] registry/reg_backend_db.c:619(regdb_close)
5580. regdb_close: decrementing refcount (6->5)
5581. [2012/09/23 22:42:33.054748, 10] registry/reg_backend_db.c:619(regdb_close)
5582. regdb_close: decrementing refcount (5->4)
5583. [2012/09/23 22:42:33.054799, 5] param/loadparm.c:7280(process_registry_service)
5584. process_registry_service: service name printers
5585. [2012/09/23 22:42:33.054853, 7] registry/reg_api.c:141(regkey_open_onelevel)
5586. regkey_open_onelevel: name = [printers]
5587. [2012/09/23 22:42:33.054904, 10] registry/reg_backend_db.c:583(regdb_open)
5588. regdb_open: incrementing refcount (4->5)
5589. [2012/09/23 22:42:33.054959, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5590. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
5591. [2012/09/23 22:42:33.055008, 10] lib/adt_tree.c:367(pathtree_find)
5592. pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
5593. [2012/09/23 22:42:33.055059, 10] lib/adt_tree.c:440(pathtree_find)
5594. pathtree_find: Exit
5595. [2012/09/23 22:42:33.055108, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5596. reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
5597. [2012/09/23 22:42:33.055170, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
5598. key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
5599. [2012/09/23 22:42:33.055222, 10] registry/reg_backend_db.c:619(regdb_close)
5600. regdb_close: decrementing refcount (5->4)
5601. [2012/09/23 22:42:33.055276, 7] param/loadparm.c:9834(lp_servicenumber)
5602. lp_servicenumber: couldn't find printers
5603. [2012/09/23 22:42:33.055328, 7] param/loadparm.c:9834(lp_servicenumber)
5604. lp_servicenumber: couldn't find printers
5605. [2012/09/23 22:42:33.055377, 10] smbd/server_reload.c:53(reload_printers)
5606. reloading printer services from pcap cache
5607. [2012/09/23 22:42:33.055439, 7] param/loadparm.c:9834(lp_servicenumber)
5608. lp_servicenumber: couldn't find printers
5609. [2012/09/23 22:42:33.055490, 5] param/loadparm.c:7280(process_registry_service)
5610. process_registry_service: service name printers
5611. [2012/09/23 22:42:33.055541, 7] registry/reg_api.c:141(regkey_open_onelevel)
5612. regkey_open_onelevel: name = [printers]
5613. [2012/09/23 22:42:33.055591, 10] registry/reg_backend_db.c:583(regdb_open)
5614. regdb_open: incrementing refcount (4->5)
5615. [2012/09/23 22:42:33.055645, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5616. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
5617. [2012/09/23 22:42:33.055702, 10] lib/adt_tree.c:367(pathtree_find)
5618. pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
5619. [2012/09/23 22:42:33.055754, 10] lib/adt_tree.c:440(pathtree_find)
5620. pathtree_find: Exit
5621. [2012/09/23 22:42:33.055803, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5622. reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
5623. [2012/09/23 22:42:33.055865, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
5624. key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
5625. [2012/09/23 22:42:33.055917, 10] registry/reg_backend_db.c:619(regdb_close)
5626. regdb_close: decrementing refcount (5->4)
5627. [2012/09/23 22:42:33.055970, 7] param/loadparm.c:9834(lp_servicenumber)
5628. lp_servicenumber: couldn't find printers
5629. [2012/09/23 22:42:33.056024, 3] printing/printing.c:1673(start_background_queue)
5630. start_background_queue: Starting background LPQ thread
5631. [2012/09/23 22:42:33.056608, 5] printing/printing.c:1696(start_background_queue)
5632. start_background_queue: background LPQ thread started
5633. [2012/09/23 22:42:33.056811, 10] lib/util_sock.c:680(open_socket_in)
5634. bind succeeded on port 445
5635. [2012/09/23 22:42:33.056878, 5] lib/util_sock.c:165(print_socket_options)
5636. Socket options:
5637. SO_KEEPALIVE = 1
5638. SO_REUSEADDR = 1
5639. SO_BROADCAST = 0
5640. TCP_NODELAY = 0
5641. TCP_KEEPCNT = 9
5642. TCP_KEEPIDLE = 7200
5643. TCP_KEEPINTVL = 75
5644. [2012/09/23 22:42:33.057054, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5645. IPTOS_LOWDELAY = 0
5646. IPTOS_THROUGHPUT = 0
5647. Locking key D3240000FFFFFFFF
5648. SO_SNDBUF = 16384
5649. SO_RCVBUF = 87380
5650. SO_SNDLOWAT = 1
5651. [2012/09/23 22:42:33.057165, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5652. SO_RCVLOWAT = 1
5653. Allocated locked data 0x0x7f0ef1a09c50
5654. SO_SNDTIMEO = 0
5655. SO_RCVTIMEO = 0
5656. TCP_QUICKACK = 1
5657. [2012/09/23 22:42:33.057308, 5] lib/util_sock.c:165(print_socket_options)
5658. Socket options:
5659. SO_KEEPALIVE = 1
5660. [2012/09/23 22:42:33.057354, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5661. SO_REUSEADDR = 1
5662. Unlocking key D3240000FFFFFFFF
5663. SO_BROADCAST = 0
5664. TCP_NODELAY = 1
5665. [2012/09/23 22:42:33.057432, 5] printing/printing.c:1732(start_background_queue)
5666. TCP_KEEPCNT = 9
5667. start_background_queue: background LPQ thread waiting for messages
5668. TCP_KEEPIDLE = 7200
5669. TCP_KEEPINTVL = 75
5670. IPTOS_LOWDELAY = 0
5671. IPTOS_THROUGHPUT = 0
5672. SO_SNDBUF = 16384
5673. SO_RCVBUF = 87380
5674. SO_SNDLOWAT = 1
5675. SO_RCVLOWAT = 1
5676. SO_SNDTIMEO = 0
5677. SO_RCVTIMEO = 0
5678. TCP_QUICKACK = 1
5679. [2012/09/23 22:42:33.057776, 10] lib/util_sock.c:680(open_socket_in)
5680. bind succeeded on port 139
5681. [2012/09/23 22:42:33.057834, 5] lib/util_sock.c:165(print_socket_options)
5682. Socket options:
5683. SO_KEEPALIVE = 1
5684. SO_REUSEADDR = 1
5685. SO_BROADCAST = 0
5686. TCP_NODELAY = 0
5687. TCP_KEEPCNT = 9
5688. TCP_KEEPIDLE = 7200
5689. TCP_KEEPINTVL = 75
5690. IPTOS_LOWDELAY = 0
5691. IPTOS_THROUGHPUT = 0
5692. SO_SNDBUF = 16384
5693. SO_RCVBUF = 87380
5694. SO_SNDLOWAT = 1
5695. SO_RCVLOWAT = 1
5696. SO_SNDTIMEO = 0
5697. SO_RCVTIMEO = 0
5698. TCP_QUICKACK = 1
5699. [2012/09/23 22:42:33.058202, 5] lib/util_sock.c:165(print_socket_options)
5700. Socket options:
5701. SO_KEEPALIVE = 1
5702. SO_REUSEADDR = 1
5703. SO_BROADCAST = 0
5704. TCP_NODELAY = 1
5705. TCP_KEEPCNT = 9
5706. TCP_KEEPIDLE = 7200
5707. TCP_KEEPINTVL = 75
5708. IPTOS_LOWDELAY = 0
5709. IPTOS_THROUGHPUT = 0
5710. SO_SNDBUF = 16384
5711. SO_RCVBUF = 87380
5712. SO_SNDLOWAT = 1
5713. SO_RCVLOWAT = 1
5714. SO_SNDTIMEO = 0
5715. SO_RCVTIMEO = 0
5716. TCP_QUICKACK = 1
5717. [2012/09/23 22:42:33.058617, 10] lib/util_sock.c:680(open_socket_in)
5718. bind succeeded on port 445
5719. [2012/09/23 22:42:33.058674, 5] lib/util_sock.c:165(print_socket_options)
5720. Socket options:
5721. SO_KEEPALIVE = 1
5722. SO_REUSEADDR = 1
5723. SO_BROADCAST = 0
5724. TCP_NODELAY = 0
5725. TCP_KEEPCNT = 9
5726. TCP_KEEPIDLE = 7200
5727. TCP_KEEPINTVL = 75
5728. IPTOS_LOWDELAY = 0
5729. IPTOS_THROUGHPUT = 0
5730. SO_SNDBUF = 16384
5731. SO_RCVBUF = 87380
5732. SO_SNDLOWAT = 1
5733. SO_RCVLOWAT = 1
5734. SO_SNDTIMEO = 0
5735. SO_RCVTIMEO = 0
5736. TCP_QUICKACK = 1
5737. [2012/09/23 22:42:33.059042, 5] lib/util_sock.c:165(print_socket_options)
5738. Socket options:
5739. SO_KEEPALIVE = 1
5740. SO_REUSEADDR = 1
5741. SO_BROADCAST = 0
5742. TCP_NODELAY = 1
5743. TCP_KEEPCNT = 9
5744. TCP_KEEPIDLE = 7200
5745. TCP_KEEPINTVL = 75
5746. IPTOS_LOWDELAY = 0
5747. IPTOS_THROUGHPUT = 0
5748. SO_SNDBUF = 16384
5749. SO_RCVBUF = 87380
5750. SO_SNDLOWAT = 1
5751. SO_RCVLOWAT = 1
5752. SO_SNDTIMEO = 0
5753. SO_RCVTIMEO = 0
5754. TCP_QUICKACK = 1
5755. [2012/09/23 22:42:33.059462, 10] lib/util_sock.c:680(open_socket_in)
5756. bind succeeded on port 139
5757. [2012/09/23 22:42:33.059519, 5] lib/util_sock.c:165(print_socket_options)
5758. Socket options:
5759. SO_KEEPALIVE = 1
5760. SO_REUSEADDR = 1
5761. SO_BROADCAST = 0
5762. TCP_NODELAY = 0
5763. TCP_KEEPCNT = 9
5764. TCP_KEEPIDLE = 7200
5765. TCP_KEEPINTVL = 75
5766. IPTOS_LOWDELAY = 0
5767. IPTOS_THROUGHPUT = 0
5768. SO_SNDBUF = 16384
5769. SO_RCVBUF = 87380
5770. SO_SNDLOWAT = 1
5771. SO_RCVLOWAT = 1
5772. SO_SNDTIMEO = 0
5773. SO_RCVTIMEO = 0
5774. TCP_QUICKACK = 1
5775. [2012/09/23 22:42:33.059885, 5] lib/util_sock.c:165(print_socket_options)
5776. Socket options:
5777. SO_KEEPALIVE = 1
5778. SO_REUSEADDR = 1
5779. SO_BROADCAST = 0
5780. TCP_NODELAY = 1
5781. TCP_KEEPCNT = 9
5782. TCP_KEEPIDLE = 7200
5783. TCP_KEEPINTVL = 75
5784. IPTOS_LOWDELAY = 0
5785. IPTOS_THROUGHPUT = 0
5786. SO_SNDBUF = 16384
5787. SO_RCVBUF = 87380
5788. SO_SNDLOWAT = 1
5789. SO_RCVLOWAT = 1
5790. SO_SNDTIMEO = 0
5791. SO_RCVTIMEO = 0
5792. TCP_QUICKACK = 1
5793. [2012/09/23 22:42:33.060271, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5794. Locking key D2240000FFFFFFFF
5795. [2012/09/23 22:42:33.060329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5796. Allocated locked data 0x0x7f0ef1a05600
5797. [2012/09/23 22:42:33.060402, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5798. Unlocking key D2240000FFFFFFFF
5799. [2012/09/23 22:42:33.060471, 10] smbd/process.c:920(event_add_idle)
5800. event_add_idle: idle_evt(parent_housekeeping) 0x7f0ef1a05f60
5801. [2012/09/23 22:42:33.060529, 5] lib/messages.c:300(messaging_register)
5802. Overriding messaging pointer for type 1 - private_data=(nil)
5803. [2012/09/23 22:42:33.060660, 10] registry/reg_backend_db.c:619(regdb_close)
5804. regdb_close: decrementing refcount (4->3)
5805. [2012/09/23 22:42:33.060720, 10] registry/reg_backend_db.c:619(regdb_close)
5806. regdb_close: decrementing refcount (3->2)
5807. [2012/09/23 22:42:33.060771, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe)
5808. close_policy_by_pipe: deleted handle list for pipe \winreg
5809. [2012/09/23 22:42:33.060840, 2] smbd/server.c:842(smbd_parent_loop)
5810. waiting for connections
5811. [2012/09/23 22:42:39.851400, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5812. Locking key D4240000FFFFFFFF
5813. [2012/09/23 22:42:39.851650, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5814. Allocated locked data 0x0x7f0ef1a02750
5815. [2012/09/23 22:42:39.851764, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5816. Unlocking key D4240000FFFFFFFF
5817. [2012/09/23 22:42:39.851879, 5] lib/util_sock.c:165(print_socket_options)
5818. Socket options:
5819. SO_KEEPALIVE = 1
5820. SO_REUSEADDR = 1
5821. SO_BROADCAST = 0
5822. TCP_NODELAY = 1
5823. TCP_KEEPCNT = 9
5824. TCP_KEEPIDLE = 7200
5825. TCP_KEEPINTVL = 75
5826. IPTOS_LOWDELAY = 0
5827. IPTOS_THROUGHPUT = 0
5828. SO_SNDBUF = 23400
5829. SO_RCVBUF = 87380
5830. SO_SNDLOWAT = 1
5831. SO_RCVLOWAT = 1
5832. SO_SNDTIMEO = 0
5833. SO_RCVTIMEO = 0
5834. TCP_QUICKACK = 1
5835. [2012/09/23 22:42:39.852447, 5] lib/util_sock.c:165(print_socket_options)
5836. Socket options:
5837. SO_KEEPALIVE = 1
5838. SO_REUSEADDR = 1
5839. SO_BROADCAST = 0
5840. TCP_NODELAY = 1
5841. TCP_KEEPCNT = 9
5842. TCP_KEEPIDLE = 7200
5843. TCP_KEEPINTVL = 75
5844. IPTOS_LOWDELAY = 0
5845. IPTOS_THROUGHPUT = 0
5846. SO_SNDBUF = 23400
5847. SO_RCVBUF = 87380
5848. SO_SNDLOWAT = 1
5849. SO_RCVLOWAT = 1
5850. SO_SNDTIMEO = 0
5851. SO_RCVTIMEO = 0
5852. TCP_QUICKACK = 1
5853. [2012/09/23 22:43:00.859602, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5854. Locking key D4240000FFFFFFFF
5855. [2012/09/23 22:43:00.859755, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5856. Allocated locked data 0x0x7f0ef1a05a00
5857. [2012/09/23 22:43:00.859853, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5858. Unlocking key D4240000FFFFFFFF
5859. [2012/09/23 22:43:33.093287, 10] lib/events.c:221(run_events_poll)
5860. Running timed event "smbd_idle_event_handler" 0x7f0ef1a05f60
5861. [2012/09/23 22:43:33.093462, 10] smbd/process.c:863(smbd_idle_event_handler)
5862. smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called
5863. [2012/09/23 22:43:33.093568, 5] smbd/server.c:627(smbd_parent_housekeeping)
5864. parent housekeeping
5865. [2012/09/23 22:43:33.093645, 3] smbd/server.c:632(smbd_parent_housekeeping)
5866. Printcap cache time expired.
5867. [2012/09/23 22:43:33.093720, 3] printing/pcap.c:138(pcap_cache_reload)
5868. reloading printcap cache
5869. [2012/09/23 22:43:33.093817, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked)
5870. Locking key 5052494E5445524C4953
5871. [2012/09/23 22:43:33.093914, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked)
5872. Allocated locked data 0x0x7f0ef1a02750
5873. [2012/09/23 22:43:33.094038, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr)
5874. Unlocking key 5052494E5445524C4953
5875. [2012/09/23 22:43:33.094224, 3] printing/pcap.c:189(pcap_cache_reload)
5876. reload status: ok
5877. [2012/09/23 22:43:33.094387, 10] lib/messages_local.c:255(messaging_tdb_store)
5878. messaging_tdb_store:
5879. [2012/09/23 22:43:33.094469, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
5880. array: struct messaging_array
5881. num_messages : 0x00000001 (1)
5882. messages: ARRAY(1)
5883. messages: struct messaging_rec
5884. msg_version : 0x00000002 (2)
5885. msg_type : MSG_PRINTER_PCAP (519)
5886. dest: struct server_id
5887. pid : 0x000024d3 (9427)
5888. vnn : 0xffffffff (4294967295)
5889. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5890. src: struct server_id
5891. pid : 0x000024d2 (9426)
5892. vnn : 0xffffffff (4294967295)
5893. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5894. buf : DATA_BLOB length=0
5895. [2012/09/23 22:43:33.095181, 10] lib/messages_local.c:255(messaging_tdb_store)
5896. [2012/09/23 22:43:33.095192, 10] lib/messages_local.c:74(messaging_tdb_signal_handler)
5897. messaging_tdb_signal_handler: sig[10] count[1] msgs[1]
5898. [2012/09/23 22:43:33.095314, 10] lib/messages_local.c:466(message_dispatch)
5899. message_dispatch: received_messages = 1
5900. [2012/09/23 22:43:33.095489, 10] lib/messages_local.c:215(messaging_tdb_fetch)
5901. messaging_tdb_fetch:
5902. [2012/09/23 22:43:33.095571, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
5903. result: struct messaging_array
5904. num_messages : 0x00000001 (1)
5905. messages: ARRAY(1)
5906. messages: struct messaging_rec
5907. msg_version : 0x00000002 (2)
5908. msg_type : MSG_PRINTER_PCAP (519)
5909. dest: struct server_id
5910. pid : 0x000024d3 (9427)
5911. vnn : 0xffffffff (4294967295)
5912. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5913. src: struct server_id
5914. pid : 0x000024d2 (9426)
5915. vnn : 0xffffffff (4294967295)
5916. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5917. buf : DATA_BLOB length=0
5918. messaging_tdb_store:
5919. [2012/09/23 22:43:33.096235, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
5920. array: struct messaging_array
5921. num_messages : 0x00000001 (1)
5922. messages: ARRAY(1)
5923. messages: struct messaging_rec
5924. msg_version : 0x00000002 (2)
5925. msg_type : MSG_PRINTER_PCAP (519)
5926. dest: struct server_id
5927. pid : 0x000024d2 (9426)
5928. vnn : 0xffffffff (4294967295)
5929. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5930. src: struct server_id
5931. pid : 0x000024d2 (9426)
5932. vnn : 0xffffffff (4294967295)
5933. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5934. buf : DATA_BLOB length=0
5935. [2012/09/23 22:43:33.096839, 10] smbd/process.c:874(smbd_idle_event_handler)
5936. smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled
5937. [2012/09/23 22:43:33.096929, 10] lib/messages_local.c:74(messaging_tdb_signal_handler)
5938. messaging_tdb_signal_handler: sig[10] count[1] msgs[1]
5939. [2012/09/23 22:43:33.097006, 10] lib/messages_local.c:466(message_dispatch)
5940. message_dispatch: received_messages = 1
5941. [2012/09/23 22:43:33.097097, 10] lib/messages_local.c:215(messaging_tdb_fetch)
5942. messaging_tdb_fetch:
5943. [2012/09/23 22:43:33.097171, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug)
5944. result: struct messaging_array
5945. num_messages : 0x00000001 (1)
5946. messages: ARRAY(1)
5947. messages: struct messaging_rec
5948. msg_version : 0x00000002 (2)
5949. msg_type : MSG_PRINTER_PCAP (519)
5950. dest: struct server_id
5951. pid : 0x000024d2 (9426)
5952. vnn : 0xffffffff (4294967295)
5953. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5954. src: struct server_id
5955. pid : 0x000024d2 (9426)
5956. vnn : 0xffffffff (4294967295)
5957. unique_id : 0x4f0decde0b1bedd0 (5696469542106820048)
5958. buf : DATA_BLOB length=0
5959. [2012/09/23 22:43:33.097776, 10] smbd/server.c:130(smb_pcap_updated)
5960. Got message saying pcap was updated. Reloading.
5961. [2012/09/23 22:43:33.097854, 4] smbd/sec_ctx.c:314(set_sec_ctx)
5962. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
5963. [2012/09/23 22:43:33.097930, 5] ../libcli/security/security_token.c:53(security_token_debug)
5964. Security token: (NULL)
5965. [2012/09/23 22:43:33.098004, 5] auth/token_util.c:527(debug_unix_user_token)
5966. UNIX token of user 0
5967. Primary group is 0 and contains 0 supplementary groups
5968. [2012/09/23 22:43:33.098124, 5] smbd/uid.c:400(change_to_root_user)
5969. change_to_root_user: now uid=(0,0) gid=(0,0)
5970. [2012/09/23 22:43:33.098221, 7] param/loadparm.c:9834(lp_servicenumber)
5971. lp_servicenumber: couldn't find printers
5972. [2012/09/23 22:43:33.098299, 5] param/loadparm.c:7280(process_registry_service)
5973. process_registry_service: service name printers
5974. [2012/09/23 22:43:33.098377, 7] registry/reg_api.c:141(regkey_open_onelevel)
5975. regkey_open_onelevel: name = [printers]
5976. [2012/09/23 22:43:33.098455, 10] registry/reg_backend_db.c:583(regdb_open)
5977. regdb_open: incrementing refcount (2->3)
5978. [2012/09/23 22:43:33.098540, 10] registry/reg_cachehook.c:122(reghook_cache_find)
5979. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
5980. [2012/09/23 22:43:33.098615, 10] lib/adt_tree.c:367(pathtree_find)
5981. pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
5982. [2012/09/23 22:43:33.098694, 10] lib/adt_tree.c:440(pathtree_find)
5983. pathtree_find: Exit
5984. [2012/09/23 22:43:33.098768, 10] registry/reg_cachehook.c:127(reghook_cache_find)
5985. reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
5986. [2012/09/23 22:43:33.098868, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
5987. key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
5988. [2012/09/23 22:43:33.098947, 10] registry/reg_backend_db.c:619(regdb_close)
5989. regdb_close: decrementing refcount (3->2)
5990. [2012/09/23 22:43:33.099029, 7] param/loadparm.c:9834(lp_servicenumber)
5991. lp_servicenumber: couldn't find printers
5992. [2012/09/23 22:43:33.099108, 7] param/loadparm.c:9834(lp_servicenumber)
5993. lp_servicenumber: couldn't find printers
5994. [2012/09/23 22:43:33.099182, 10] smbd/server_reload.c:53(reload_printers)
5995. reloading printer services from pcap cache
5996. [2012/09/23 22:43:33.099277, 7] param/loadparm.c:9834(lp_servicenumber)
5997. lp_servicenumber: couldn't find printers
5998. [2012/09/23 22:43:33.099354, 5] param/loadparm.c:7280(process_registry_service)
5999. process_registry_service: service name printers
6000. [2012/09/23 22:43:33.099444, 7] registry/reg_api.c:141(regkey_open_onelevel)
6001. regkey_open_onelevel: name = [printers]
6002. [2012/09/23 22:43:33.099521, 10] registry/reg_backend_db.c:583(regdb_open)
6003. regdb_open: incrementing refcount (2->3)
6004. [2012/09/23 22:43:33.099603, 10] registry/reg_cachehook.c:122(reghook_cache_find)
6005. reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers]
6006. [2012/09/23 22:43:33.099677, 10] lib/adt_tree.c:367(pathtree_find)
6007. pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers]
6008. [2012/09/23 22:43:33.099755, 10] lib/adt_tree.c:440(pathtree_find)
6009. pathtree_find: Exit
6010. [2012/09/23 22:43:33.099829, 10] registry/reg_cachehook.c:127(reghook_cache_find)
6011. reghook_cache_find: found ops 0x7f0ef0501440 for key [\HKLM\SOFTWARE\Samba\smbconf\printers]
6012. [2012/09/23 22:43:33.099924, 10] registry/reg_backend_db.c:1623(regdb_fetch_keys_internal)
6013. key [HKLM\SOFTWARE\Samba\smbconf\printers] not found
6014. [2012/09/23 22:43:33.100002, 10] registry/reg_backend_db.c:619(regdb_close)
6015. regdb_close: decrementing refcount (3->2)
6016. [2012/09/23 22:43:33.100084, 7] param/loadparm.c:9834(lp_servicenumber)
6017. lp_servicenumber: couldn't find printers