SHARE
TWEET

Selveste1

a guest Feb 14th, 2010 213 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  2.   lp_file_list_changed()
  3.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  4.  
  5.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  6.  
  7. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info_map(206)
  8.   make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
  9. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  10.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  11. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  12.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  13. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  14.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  15. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  16.   NT user token: (NULL)
  17. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  18.   UNIX token of user 0
  19.   Primary group is 0 and contains 0 supplementary groups
  20. [2010/02/14 20:52:57,  5] auth/auth_util.c:is_trusted_domain(2055)
  21.   is_trusted_domain: Checking for domain trust with [SEMARKIT]
  22. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
  23.   ldapsam_get_trusteddom_pw called for domain SEMARKIT
  24. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  25.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
  26. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_close(1110)
  27.   The connection to the LDAP server was closed
  28. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
  29.   smb_ldap_setup_connection: ldap://127.0.0.1:389
  30. [2010/02/14 20:52:57,  2] lib/smbldap.c:smbldap_open_connection(796)
  31.   smbldap_open_connection: connection opened
  32. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
  33.   ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
  34. [2010/02/14 20:52:57,  3] lib/smbldap.c:smbldap_connect_system(1007)
  35.   ldap_connect_system: successful connection to the LDAP server
  36.   ldap_connect_system: LDAP server does support paged results
  37. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
  38.   Added timed event "smbldap_idle_fn": 1032a60
  39. [2010/02/14 20:52:57,  4] lib/smbldap.c:smbldap_open(1090)
  40.   The LDAP server is successfully connected
  41. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
  42.   Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
  43. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  44.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  45. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  46.   Cache entry with key = TDOM/SEMARKIT couldn't be found
  47. [2010/02/14 20:52:57,  5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
  48.   no entry for trusted domain SEMARKIT found.
  49. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(120)
  50.   attempting to make a user_info for Admin (Admin)
  51. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(130)
  52.   making strings for Admin's user_info struct
  53. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(162)
  54.   making blobs for Admin's user_info struct
  55. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
  56.   made an encrypted user_info for Admin (Admin)
  57. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(220)
  58.   check_ntlm_password:  Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
  59. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(223)
  60.   check_ntlm_password:  mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
  61. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
  62.   check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
  63. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
  64.   challenge is:
  65. [2010/02/14 20:52:57,  5] lib/util.c:dump_data(2223)
  66.   [000] 11 32 62 0D E9 D0 87 63                           .2b....c
  67. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
  68.   check_ntlm_password: guest had nothing to say
  69. [2010/02/14 20:52:57,  8] lib/util.c:is_myname(2098)
  70.   is_myname("SEMARKIT") returns 0
  71. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  72.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  73. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  74.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  75. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  76.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  77. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  78.   NT user token: (NULL)
  79. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  80.   UNIX token of user 0
  81.   Primary group is 0 and contains 0 supplementary groups
  82. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  83.   smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
  84. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  85.   smbldap_open: already connected to the LDAP server
  86. [2010/02/14 20:52:57,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  87.   init_sam_from_ldap: Entry found for user: Admin
  88. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
  89.   pdb_set_username: setting username Admin, was
  90. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  91.   element 12 -> now SET
  92. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
  93.   pdb_set_domain: setting domain SEMARKIT, was
  94. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  95.   element 14 -> now DEFAULT
  96. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
  97.   pdb_set_nt_username: setting nt username Admin, was
  98. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  99.   element 15 -> now SET
  100. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
  101.   pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  102. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
  103.   pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  104. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  105.   element 18 -> now SET
  106. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
  107.   element 18: SET
  108. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  109.   element 21 -> now SET
  110. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  111.   element 5 -> now SET
  112. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  113.   element 6 -> now SET
  114. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  115.   element 7 -> now SET
  116. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  117.   element 9 -> now SET
  118. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  119.   element 10 -> now SET
  120. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  121.   attribute displayName does not exist
  122. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
  123.   pdb_set_full_name: setting full name Admin, was
  124. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  125.   element 13 -> now SET
  126. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  127.   attribute sambaHomeDrive does not exist
  128. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
  129.   pdb_set_dir_drive: setting dir drive H:, was NULL
  130. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  131.   element 3 -> now DEFAULT
  132. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  133.   attribute sambaHomePath does not exist
  134. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
  135.   pdb_set_homedir: setting home dir \\hds-linux\admin, was
  136. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  137.   element 1 -> now DEFAULT
  138. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  139.   attribute sambaLogonScript does not exist
  140. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
  141.   pdb_set_logon_script: setting logon script scripts/logon.bat, was
  142. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  143.   element 4 -> now DEFAULT
  144. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  145.   attribute sambaProfilePath does not exist
  146. [2010/02/14 20:52:57,  4] lib/substitute.c:automount_server(500)
  147.   Home server: hds-linux
  148. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
  149.   pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
  150. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  151.   element 2 -> now DEFAULT
  152. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  153.   attribute description does not exist
  154. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  155.   attribute sambaUserWorkstations does not exist
  156. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  157.   attribute sambaMungedDial does not exist
  158. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  159.   element 32 -> now SET
  160. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  161.   element 33 -> now SET
  162. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  163.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  164. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  165.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  166. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  167.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  168. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  169.   NT user token: (NULL)
  170. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  171.   UNIX token of user 0
  172.   Primary group is 0 and contains 0 supplementary groups
  173. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  174.   Cache entry with key = ACCT_POL/password history couldn't be found
  175. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
  176.   ldapsam_get_account_policy_from_ldap
  177. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  178.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
  179. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  180.   smbldap_open: already connected to the LDAP server
  181. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
  182.   ldapsam_get_account_policy: failed to retrieve from ldap
  183. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
  184.   ldapsam_set_account_policy_in_ldap
  185. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_modify(1402)
  186.   smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
  187. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  188.   smbldap_open: already connected to the LDAP server
  189. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  190.   lp_file_list_changed()
  191.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  192.  
  193.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  194.  
  195. [2010/02/14 20:52:57,  5] smbd/reply.c:reply_special(472)
  196.   init msg_type=0x81 msg_flags=0x0
  197. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  198.   run_events: Nothing to do
  199. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  200.   run_events: Nothing to do
  201. [2010/02/14 20:52:57,  5] lib/util_sock.c:read_socket_with_timeout(928)
  202.   read_socket_with_timeout: blocking read. EOF from client.
  203. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
  204.   receive_smb_raw: NT_STATUS_END_OF_FILE
  205. [2010/02/14 20:52:57,  3] smbd/process.c:smbd_process(2056)
  206.   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
  207. [2010/02/14 20:52:57,  5] lib/gencache.c:gencache_shutdown(93)
  208.   Closing cache file
  209. [2010/02/14 20:52:57,  5] libsmb/namecache.c:namecache_shutdown(81)
  210.   namecache_shutdown: netbios namecache closed successfully.
  211. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  212.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  213. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  214.   NT user token: (NULL)
  215. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  216.   UNIX token of user 0
  217.   Primary group is 0 and contains 0 supplementary groups
  218. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  219.   change_to_root_user: now uid=(0,0) gid=(0,0)
  220. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  221.   Yielding connection to
  222. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  223.   Locking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  224. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  225.   Allocated locked data 0x0x10b9350
  226. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(42)
  227.   deleting connection record returned NT_STATUS_NOT_FOUND
  228. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  229.   Unlocking key BB550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  230. [2010/02/14 20:52:57,  3] smbd/server.c:exit_server_common(949)
  231.   Server exit (normal exit)
  232. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  233.   cache_account_policy_set: updating account pol cache
  234. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  235.   Adding cache entry with key = ACCT_POL/password history; value = 0
  236.    and timeout = Sun Feb 14 20:53:57 2010
  237.    (60 seconds ahead)
  238. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  239.   cache_account_policy_set: updating account pol cache
  240. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  241.   Adding cache entry with key = ACCT_POL/password history; value = 0
  242.    and timeout = Sun Feb 14 20:53:57 2010
  243.    (60 seconds ahead)
  244. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  245.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  246. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  247.   element 20 -> now SET
  248. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  249.   element 16 -> now SET
  250. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  251.   element 17 -> now SET
  252. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  253.   attribute sambaBadPasswordCount does not exist
  254. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  255.   attribute sambaBadPasswordTime does not exist
  256. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  257.   attribute sambaLogonHours does not exist
  258. [2010/02/14 20:52:57,  5] passdb/login_cache.c:login_cache_init(40)
  259.   Opening cache file at /var/cache/samba/login_cache.tdb
  260. [2010/02/14 20:52:57,  7] passdb/login_cache.c:login_cache_read(86)
  261.   Looking up login cache for user Admin
  262. [2010/02/14 20:52:57,  7] passdb/login_cache.c:login_cache_read(100)
  263.   No cache entry found
  264. [2010/02/14 20:52:57,  9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
  265.   No cache entry, bad count = 0, bad time = 0
  266. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
  267.   element 35 -> now CHANGED
  268. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  269.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  270. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  271.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  272. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  273.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  274. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  275.   NT user token: (NULL)
  276. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  277.   UNIX token of user 0
  278.   Primary group is 0 and contains 0 supplementary groups
  279. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  280.   Cache entry with key = ACCT_POL/maximum password age couldn't be found
  281. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
  282.   ldapsam_get_account_policy_from_ldap
  283. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  284.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
  285. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  286.   smbldap_open: already connected to the LDAP server
  287. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
  288.   ldapsam_get_account_policy: failed to retrieve from ldap
  289. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
  290.   ldapsam_set_account_policy_in_ldap
  291. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_modify(1402)
  292.   smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
  293. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  294.   smbldap_open: already connected to the LDAP server
  295. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  296.   cache_account_policy_set: updating account pol cache
  297. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  298.   Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
  299.    and timeout = Sun Feb 14 20:53:57 2010
  300.    (60 seconds ahead)
  301. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  302.   cache_account_policy_set: updating account pol cache
  303. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  304.   Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295
  305.    and timeout = Sun Feb 14 20:53:57 2010
  306.    (60 seconds ahead)
  307. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  308.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  309. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_alloc(133)
  310.   Finding user Admin
  311. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(77)
  312.   Trying _Get_Pwnam(), username as lowercase is admin
  313. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(85)
  314.   Trying _Get_Pwnam(), username as given is Admin
  315. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(95)
  316.   Trying _Get_Pwnam(), username as uppercase is ADMIN
  317. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(104)
  318.   Checking combinations of 0 uppercase letters in admin
  319. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(110)
  320.   Get_Pwnam_internals didn't find user [Admin]!
  321. [2010/02/14 20:52:57,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
  322.   pdb_get_group_sid: Failed to find Unix account for Admin
  323. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  324.   element 3: DEFAULT
  325. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  326.   element 1: DEFAULT
  327. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  328.   element 4: DEFAULT
  329. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  330.   element 2: DEFAULT
  331. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  332.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  333. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  334.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  335. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  336.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  337. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  338.   NT user token: (NULL)
  339. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  340.   UNIX token of user 0
  341.   Primary group is 0 and contains 0 supplementary groups
  342. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  343.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  344.   , timeout = Sun Feb 14 20:53:57 2010
  345. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  346.   ldapsam_get_account_policy: got valid value from cache
  347. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  348.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  349. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  350.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
  351. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  352.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
  353. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  354.   tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
  355. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  356.   element 5 -> now SET
  357. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  358.   element 6 -> now SET
  359. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  360.   element 7 -> now SET
  361. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  362.   element 8 -> now SET
  363. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  364.   element 9 -> now SET
  365. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  366.   element 10 -> now SET
  367. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  368.   element 21 -> now SET
  369. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
  370.   pdb_set_username: setting username Admin, was
  371. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  372.   element 12 -> now SET
  373. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
  374.   pdb_set_domain: setting domain SEMARKIT, was
  375. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  376.   element 14 -> now SET
  377. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
  378.   pdb_set_nt_username: setting nt username Admin, was
  379. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  380.   element 15 -> now SET
  381. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
  382.   pdb_set_full_name: setting full name Admin, was
  383. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  384.   element 13 -> now SET
  385. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
  386.   pdb_set_homedir: setting home dir \\hds-linux\admin, was
  387. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  388.   element 1 -> now DEFAULT
  389. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
  390.   pdb_set_dir_drive: setting dir drive H:, was NULL
  391. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  392.   element 3 -> now DEFAULT
  393. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
  394.   pdb_set_logon_script: setting logon script scripts/logon.bat, was
  395. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  396.   element 4 -> now DEFAULT
  397. [2010/02/14 20:52:57,  4] lib/substitute.c:automount_server(500)
  398.   Home server: hds-linux
  399. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
  400.   pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
  401. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  402.   element 2 -> now DEFAULT
  403. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  404.   element 23 -> now SET
  405. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
  406.   pdb_set_workstations: setting workstations , was
  407. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  408.   element 24 -> now SET
  409. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  410.   element 26 -> now SET
  411. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  412.   element 33 -> now SET
  413. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  414.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  415. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  416.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  417. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  418.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  419. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  420.   NT user token: (NULL)
  421. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  422.   UNIX token of user 0
  423.   Primary group is 0 and contains 0 supplementary groups
  424. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  425.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  426.   , timeout = Sun Feb 14 20:53:57 2010
  427. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  428.   ldapsam_get_account_policy: got valid value from cache
  429. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  430.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  431. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  432.   element 34 -> now SET
  433. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
  434.   pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  435. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  436.   element 18 -> now SET
  437. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
  438.   pdb_set_user_sid_from_rid:
  439.         setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
  440. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  441.   element 16 -> now SET
  442. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  443.   element 29 -> now SET
  444. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  445.   element 30 -> now SET
  446. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  447.   element 31 -> now SET
  448. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  449.   element 20 -> now SET
  450. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  451.   element 17 -> now SET
  452. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  453.   element 27 -> now SET
  454. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  455.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  456. [2010/02/14 20:52:57,  9] passdb/passdb.c:pdb_update_autolock_flag(1417)
  457.   pdb_update_autolock_flag: Account Admin not autolocked, no check needed
  458. [2010/02/14 20:52:57,  4] libsmb/ntlm_check.c:ntlm_password_check(328)
  459.   ntlm_password_check: Checking NT MD4 password
  460. [2010/02/14 20:52:57,  4] auth/auth_sam.c:sam_account_ok(137)
  461.   sam_account_ok: Checking SMB password for user Admin
  462. [2010/02/14 20:52:57,  5] auth/auth_sam.c:logon_hours_ok(119)
  463.   logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
  464.   )
  465. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  466.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  467. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  468.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  469. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  470.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  471. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  472.   NT user token: (NULL)
  473. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  474.   UNIX token of user 0
  475.   Primary group is 0 and contains 0 supplementary groups
  476. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  477.   Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
  478.   , timeout = Sun Feb 14 20:53:57 2010
  479. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  480.   ldapsam_get_account_policy: got valid value from cache
  481. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  482.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  483. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  484.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  485. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  486.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  487. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  488.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  489. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  490.   NT user token: (NULL)
  491. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  492.   UNIX token of user 0
  493.   Primary group is 0 and contains 0 supplementary groups
  494. [2010/02/14 20:52:57,  1] auth/auth_util.c:make_server_info_sam(562)
  495.   User Admin in passdb, but getpwnam() fails!
  496. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  497.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  498. [2010/02/14 20:52:57,  0] auth/auth_sam.c:check_sam_security(355)
  499.   check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
  500. [2010/02/14 20:52:57,  5] auth/auth.c:check_ntlm_password(272)
  501.   check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
  502. [2010/02/14 20:52:57,  3] auth/auth_winbind.c:check_winbind_security(54)
  503.   check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
  504. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
  505.   check_ntlm_password: winbind had nothing to say
  506. [2010/02/14 20:52:57,  2] auth/auth.c:check_ntlm_password(318)
  507.   check_ntlm_password:  Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
  508. [2010/02/14 20:52:57,  5] auth/auth_util.c:free_user_info(1985)
  509.   attempting to free (and zero) a user_info structure
  510. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
  511.   structure was created for Admin
  512. [2010/02/14 20:52:57,  3] smbd/error.c:error_packet_set(61)
  513.   error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
  514. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  515. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  516.   size=35
  517.   smb_com=0x73
  518.   smb_rcls=109
  519.   smb_reh=0
  520.   smb_err=49152
  521.   smb_flg=136
  522.   smb_flg2=51201
  523.   smb_tid=0
  524.   smb_pid=65279
  525.   smb_uid=100
  526.   smb_mid=128
  527.   smt_wct=0
  528.   smb_bcc=0
  529. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  530.   run_events: Nothing to do
  531. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  532.   run_events: Nothing to do
  533. [2010/02/14 20:52:57,  5] lib/util_sock.c:read_socket_with_timeout(928)
  534.   read_socket_with_timeout: blocking read. EOF from client.
  535. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
  536.   receive_smb_raw: NT_STATUS_END_OF_FILE
  537. [2010/02/14 20:52:57,  3] smbd/process.c:smbd_process(2056)
  538.   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
  539. [2010/02/14 20:52:57,  5] lib/gencache.c:gencache_shutdown(93)
  540.   Closing cache file
  541. [2010/02/14 20:52:57,  5] libsmb/namecache.c:namecache_shutdown(81)
  542.   namecache_shutdown: netbios namecache closed successfully.
  543. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  544.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  545. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  546.   NT user token: (NULL)
  547. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  548.   UNIX token of user 0
  549.   Primary group is 0 and contains 0 supplementary groups
  550. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  551.   change_to_root_user: now uid=(0,0) gid=(0,0)
  552. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  553.   Yielding connection to
  554. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  555.   Locking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  556. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  557.   Allocated locked data 0x0x10ba880
  558. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  559.   Unlocking key BA550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  560. [2010/02/14 20:52:57,  3] smbd/server.c:exit_server_common(949)
  561.   Server exit (normal exit)
  562. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  563.   lp_file_list_changed()
  564.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  565.  
  566.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  567.  
  568. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info_map(206)
  569.   make_user_info_map: Mapping user []\[] from workstation [HDS-VIRTBOX1]
  570. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  571.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  572. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  573.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  574. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  575.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  576. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  577.   NT user token: (NULL)
  578. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  579.   UNIX token of user 0
  580.   Primary group is 0 and contains 0 supplementary groups
  581. [2010/02/14 20:52:57,  5] auth/auth_util.c:is_trusted_domain(2055)
  582.   is_trusted_domain: Checking for domain trust with [SEMARKIT]
  583. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
  584.   ldapsam_get_trusteddom_pw called for domain SEMARKIT
  585. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  586.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
  587. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_close(1110)
  588.   The connection to the LDAP server was closed
  589. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
  590.   smb_ldap_setup_connection: ldap://127.0.0.1:389
  591. [2010/02/14 20:52:57,  2] lib/smbldap.c:smbldap_open_connection(796)
  592.   smbldap_open_connection: connection opened
  593. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
  594.   ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
  595. [2010/02/14 20:52:57,  3] lib/smbldap.c:smbldap_connect_system(1007)
  596.   ldap_connect_system: successful connection to the LDAP server
  597.   ldap_connect_system: LDAP server does support paged results
  598. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
  599.   Added timed event "smbldap_idle_fn": 110bb80
  600. [2010/02/14 20:52:57,  4] lib/smbldap.c:smbldap_open(1090)
  601.   The LDAP server is successfully connected
  602. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
  603.   Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
  604. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  605.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  606. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  607.   Cache entry with key = TDOM/SEMARKIT couldn't be found
  608. [2010/02/14 20:52:57,  5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
  609.   no entry for trusted domain SEMARKIT found.
  610. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(120)
  611.   attempting to make a user_info for  ()
  612. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(130)
  613.   making strings for 's user_info struct
  614. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(162)
  615.   making blobs for 's user_info struct
  616. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
  617.   made an encrypted user_info for  ()
  618. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(220)
  619.   check_ntlm_password:  Checking password for unmapped user []\[]@[HDS-VIRTBOX1] with the new password interface
  620. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(223)
  621.   check_ntlm_password:  mapped user is: [SEMARKIT]\[]@[HDS-VIRTBOX1]
  622. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
  623.   check_ntlm_password: auth_context challenge created by random
  624. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
  625.   challenge is:
  626. [2010/02/14 20:52:57,  5] lib/util.c:dump_data(2223)
  627.   [000] 74 D8 AD B0 A0 D9 03 BE                           t.......
  628. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  629.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope => [2]
  630. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  631.   smbldap_open: already connected to the LDAP server
  632. [2010/02/14 20:52:57,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
  633.   ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534))
  634. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  635.   element 3: DEFAULT
  636. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  637.   element 1: DEFAULT
  638. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  639.   element 4: DEFAULT
  640. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  641.   element 2: DEFAULT
  642. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  643.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  644. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  645.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  646. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  647.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  648. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  649.   NT user token: (NULL)
  650. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  651.   UNIX token of user 0
  652.   Primary group is 0 and contains 0 supplementary groups
  653. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  654.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  655.   , timeout = Sun Feb 14 20:53:57 2010
  656. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  657.   ldapsam_get_account_policy: got valid value from cache
  658. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  659.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  660. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  661.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 177
  662. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  663.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
  664. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  665.   tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 177) -> 177
  666. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  667.   element 5 -> now SET
  668. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  669.   element 6 -> now SET
  670. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  671.   element 7 -> now SET
  672. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  673.   element 8 -> now SET
  674. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  675.   element 9 -> now SET
  676. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  677.   element 10 -> now SET
  678. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  679.   element 21 -> now SET
  680. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
  681.   pdb_set_username: setting username nobody, was
  682. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  683.   element 12 -> now SET
  684. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
  685.   pdb_set_domain: setting domain SEMARKIT, was
  686. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  687.   element 14 -> now SET
  688. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
  689.   pdb_set_nt_username: setting nt username , was
  690. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  691.   element 15 -> now SET
  692. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
  693.   pdb_set_full_name: setting full name nobody, was
  694. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  695.   element 13 -> now SET
  696. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
  697.   pdb_set_homedir: setting home dir \\hds-linux\nobody, was
  698. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  699.   element 1 -> now DEFAULT
  700. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
  701.   pdb_set_dir_drive: setting dir drive H:, was NULL
  702. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  703.   element 3 -> now DEFAULT
  704. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
  705.   pdb_set_logon_script: setting logon script scripts/logon.bat, was
  706. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  707.   element 4 -> now DEFAULT
  708. [2010/02/14 20:52:57,  4] lib/substitute.c:automount_server(500)
  709.   Home server: hds-linux
  710. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
  711.   pdb_set_profile_path: setting profile path \\hds-linux\nobody\profile, was
  712. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  713.   element 2 -> now DEFAULT
  714. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  715.   element 23 -> now SET
  716. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
  717.   pdb_set_workstations: setting workstations , was
  718. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  719.   element 24 -> now SET
  720. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  721.   element 26 -> now SET
  722. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  723.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  724. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  725.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  726. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  727.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  728. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  729.   NT user token: (NULL)
  730. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  731.   UNIX token of user 0
  732.   Primary group is 0 and contains 0 supplementary groups
  733. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  734.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  735.   , timeout = Sun Feb 14 20:53:57 2010
  736. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  737.   ldapsam_get_account_policy: got valid value from cache
  738. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  739.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  740. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  741.   element 34 -> now SET
  742. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
  743.   pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-501
  744. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  745.   element 18 -> now SET
  746. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
  747.   pdb_set_user_sid_from_rid:
  748.         setting user sid S-1-5-21-2934603361-1946261283-2740193522-501 from rid 501
  749. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  750.   element 16 -> now SET
  751. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  752.   element 29 -> now SET
  753. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  754.   element 30 -> now SET
  755. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  756.   element 31 -> now SET
  757. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  758.   element 20 -> now SET
  759. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  760.   element 17 -> now SET
  761. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  762.   element 27 -> now SET
  763. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(269)
  764.   check_ntlm_password: guest authentication for user [] succeeded
  765. [2010/02/14 20:52:57,  5] auth/auth.c:check_ntlm_password(308)
  766.   check_ntlm_password:  guest authentication for user [] -> [] -> [nobody] succeeded
  767. [2010/02/14 20:52:57,  5] auth/auth_util.c:free_user_info(1985)
  768.   attempting to free (and zero) a user_info structure
  769. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
  770.   structure was created for
  771. [2010/02/14 20:52:57, 10] auth/token_util.c:create_local_nt_token(302)
  772.   Create local NT token for S-1-5-21-2934603361-1946261283-2740193522-501
  773. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  774.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  775. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  776.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  777. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  778.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  779. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  780.   NT user token: (NULL)
  781. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  782.   UNIX token of user 0
  783.   Primary group is 0 and contains 0 supplementary groups
  784. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  785.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2]
  786. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  787.   smbldap_open: already connected to the LDAP server
  788. [2010/02/14 20:52:57,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
  789.   init_group_from_ldap: Entry found for group: 544
  790. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  791.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  792. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1276)
  793.   LEGACY: sid S-1-5-32-544 -> gid 544
  794. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  795.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  796. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  797.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  798. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  799.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  800. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  801.   NT user token: (NULL)
  802. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  803.   UNIX token of user 0
  804.   Primary group is 0 and contains 0 supplementary groups
  805. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  806.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2]
  807. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  808.   smbldap_open: already connected to the LDAP server
  809. [2010/02/14 20:52:57,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
  810.   ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))
  811. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  812.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  813. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
  814.   LEGACY: mapping failed for sid S-1-5-32-545
  815. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  816.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  817. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  818.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  819. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  820.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  821. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  822.   NT user token: (NULL)
  823. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  824.   UNIX token of user 0
  825.   Primary group is 0 and contains 0 supplementary groups
  826. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  827.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
  828. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  829.   smbldap_open: already connected to the LDAP server
  830. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  831.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2934603361-1946261283-2740193522-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2]
  832. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  833.   smbldap_open: already connected to the LDAP server
  834. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  835.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  836. [2010/02/14 20:52:57,  3] lib/privileges.c:get_privileges(63)
  837.   get_privileges: No privileges assigned to SID [S-1-5-21-2934603361-1946261283-2740193522-501]
  838. [2010/02/14 20:52:57,  5] lib/privileges.c:get_privileges_for_sids(128)
  839.   get_privileges_for_sids: sid = S-1-1-0
  840.   Privilege set:
  841.   SE_PRIV  0x0 0x0 0x0 0x0
  842. [2010/02/14 20:52:57,  3] lib/privileges.c:get_privileges(63)
  843.   get_privileges: No privileges assigned to SID [S-1-5-2]
  844. [2010/02/14 20:52:57,  3] lib/privileges.c:get_privileges(63)
  845.   get_privileges: No privileges assigned to SID [S-1-5-32-546]
  846. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  847.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  848. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  849.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  850. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  851.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  852. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  853.   NT user token: (NULL)
  854. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  855.   UNIX token of user 0
  856.   Primary group is 0 and contains 0 supplementary groups
  857. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  858.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2]
  859. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  860.   smbldap_open: already connected to the LDAP server
  861. [2010/02/14 20:52:57,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
  862.   ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))
  863. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  864.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  865. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
  866.   LEGACY: mapping failed for sid S-1-1-0
  867. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
  868.   Could not convert SID S-1-1-0 to gid, ignoring it
  869. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  870.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  871. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  872.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  873. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  874.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  875. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  876.   NT user token: (NULL)
  877. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  878.   UNIX token of user 0
  879.   Primary group is 0 and contains 0 supplementary groups
  880. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  881.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2]
  882. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  883.   smbldap_open: already connected to the LDAP server
  884. [2010/02/14 20:52:57,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
  885.   ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))
  886. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  887.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  888. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
  889.   LEGACY: mapping failed for sid S-1-5-2
  890. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
  891.   Could not convert SID S-1-5-2 to gid, ignoring it
  892. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  893.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  894. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  895.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  896. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  897.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  898. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  899.   NT user token: (NULL)
  900. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  901.   UNIX token of user 0
  902.   Primary group is 0 and contains 0 supplementary groups
  903. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  904.   smbldap_search_ext: base => [ou=Groups,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2]
  905. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  906.   smbldap_open: already connected to the LDAP server
  907. [2010/02/14 20:52:57,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2459)
  908.   ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))
  909. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  910.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  911. [2010/02/14 20:52:57, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244)
  912.   LEGACY: mapping failed for sid S-1-5-32-546
  913. [2010/02/14 20:52:57, 10] auth/auth_util.c:create_local_token(755)
  914.   Could not convert SID S-1-5-32-546 to gid, ignoring it
  915. [2010/02/14 20:52:57, 10] auth/token_util.c:debug_nt_user_token(470)
  916.   NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
  917.   contains 4 SIDs
  918.   SID[  0]: S-1-5-21-2934603361-1946261283-2740193522-501
  919.   SID[  1]: S-1-1-0
  920.   SID[  2]: S-1-5-2
  921.   SID[  3]: S-1-5-32-546
  922.   SE_PRIV  0x0 0x0 0x0 0x0
  923. [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137)
  924.   Got NT session key of length 16
  925. [2010/02/14 20:52:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144)
  926.   Got LM session key of length 16
  927. [2010/02/14 20:52:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848)
  928.   ntlmssp_server_auth: Using unmodified nt session key.
  929. [2010/02/14 20:52:57,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  930.   NTLMSSP Sign/Seal - Initialising with flags:
  931. [2010/02/14 20:52:57,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  932.   Got NTLMSSP neg_flags=0xa2088205
  933.     NTLMSSP_NEGOTIATE_UNICODE
  934.     NTLMSSP_REQUEST_TARGET
  935.     NTLMSSP_NEGOTIATE_NTLM
  936.     NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  937.     NTLMSSP_NEGOTIATE_NTLM2
  938.     NTLMSSP_NEGOTIATE_128
  939.     NTLMSSP_NEGOTIATE_56
  940. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  941.   element 22: DEFAULT
  942. [2010/02/14 20:52:57, 10] smbd/password.c:register_existing_vuid(310)
  943.   register_existing_vuid: (65534,65534) nobody  SEMARKIT guest=1
  944. [2010/02/14 20:52:57,  3] smbd/password.c:register_existing_vuid(314)
  945.   register_existing_vuid: User name: nobody     Real name: nobody
  946. [2010/02/14 20:52:57,  3] smbd/password.c:register_existing_vuid(326)
  947.   register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100
  948. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  949.   lp_file_list_changed()
  950.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  951.  
  952.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  953.  
  954. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  955. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  956.   size=104
  957.   smb_com=0x73
  958.   smb_rcls=0
  959.   smb_reh=0
  960.   smb_err=0
  961.   smb_flg=136
  962.   smb_flg2=51201
  963.   smb_tid=0
  964.   smb_pid=65279
  965.   smb_uid=100
  966.   smb_mid=128
  967.   smt_wct=4
  968.   smb_vwv[ 0]=  255 (0xFF)
  969.   smb_vwv[ 1]=    0 (0x0)
  970.   smb_vwv[ 2]=    1 (0x1)
  971.   smb_vwv[ 3]=    9 (0x9)
  972.   smb_bcc=61
  973. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  974.   [000] A1 07 30 05 A0 03 0A 01  00 55 00 6E 00 69 00 78  ..0..... .U.n.i.x
  975.   [010] 00 00 00 53 00 61 00 6D  00 62 00 61 00 20 00 33  ...S.a.m .b.a. .3
  976.   [020] 00 2E 00 32 00 2E 00 35  00 00 00 53 00 45 00 4D  ...2...5 ...S.E.M
  977.   [030] 00 41 00 52 00 4B 00 49  00 54 00 00 00           .A.R.K.I .T...
  978. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  979.   run_events: Nothing to do
  980. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  981.   lp_file_list_changed()
  982.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  983.  
  984.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  985.  
  986. [2010/02/14 20:52:57,  5] smbd/reply.c:reply_special(472)
  987.   init msg_type=0x81 msg_flags=0x0
  988. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  989.   run_events: Nothing to do
  990. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  991.   run_events: Nothing to do
  992. [2010/02/14 20:52:57,  5] lib/util_sock.c:read_socket_with_timeout(928)
  993.   read_socket_with_timeout: blocking read. EOF from client.
  994. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
  995.   receive_smb_raw: NT_STATUS_END_OF_FILE
  996. [2010/02/14 20:52:57,  3] smbd/process.c:smbd_process(2056)
  997.   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
  998. [2010/02/14 20:52:57,  5] lib/gencache.c:gencache_shutdown(93)
  999.   Closing cache file
  1000. [2010/02/14 20:52:57,  5] libsmb/namecache.c:namecache_shutdown(81)
  1001.   namecache_shutdown: netbios namecache closed successfully.
  1002. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  1003.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  1004. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  1005.   NT user token: (NULL)
  1006. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  1007.   UNIX token of user 0
  1008.   Primary group is 0 and contains 0 supplementary groups
  1009. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  1010.   change_to_root_user: now uid=(0,0) gid=(0,0)
  1011. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  1012.   Yielding connection to
  1013. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  1014.   Locking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  1015. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  1016.   Allocated locked data 0x0x10b9350
  1017. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(42)
  1018.   deleting connection record returned NT_STATUS_NOT_FOUND
  1019. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  1020.   Unlocking key BD550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  1021. [2010/02/14 20:52:57,  3] smbd/server.c:exit_server_common(949)
  1022.   Server exit (normal exit)
  1023. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  1024.   run_events: Nothing to do
  1025. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  1026.   got smb length of 84
  1027. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  1028.   got message type 0x0 of len 0x54
  1029. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  1030.   Transaction 3 of length 88 (0 toread)
  1031. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1032. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  1033.   size=84
  1034.   smb_com=0x75
  1035.   smb_rcls=0
  1036.   smb_reh=0
  1037.   smb_err=0
  1038.   smb_flg=24
  1039.   smb_flg2=51207
  1040.   smb_tid=0
  1041.   smb_pid=65279
  1042.   smb_uid=100
  1043.   smb_mid=192
  1044.   smt_wct=4
  1045.   smb_vwv[ 0]=  255 (0xFF)
  1046.   smb_vwv[ 1]=   84 (0x54)
  1047.   smb_vwv[ 2]=    8 (0x8)
  1048.   smb_vwv[ 3]=    1 (0x1)
  1049.   smb_bcc=41
  1050. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  1051.   [000] 00 5C 00 5C 00 48 00 44  00 53 00 2D 00 4C 00 49  .\.\.H.D .S.-.L.I
  1052.   [010] 00 4E 00 55 00 58 00 5C  00 49 00 50 00 43 00 24  .N.U.X.\ .I.P.C.$
  1053.   [020] 00 00 00 3F 3F 3F 3F 3F  00                       ...????? .
  1054. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  1055.   switch message SMBtconX (pid 21948) conn 0x0
  1056. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  1057.   created /tmp/SMBtconX.32.req len 88
  1058. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  1059.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  1060. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  1061.   NT user token: (NULL)
  1062. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  1063.   UNIX token of user 0
  1064.   Primary group is 0 and contains 0 supplementary groups
  1065. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  1066.   change_to_root_user: now uid=(0,0) gid=(0,0)
  1067. [2010/02/14 20:52:57,  4] smbd/reply.c:reply_tcon_and_X(653)
  1068.   Client requested device type [?????] for share [IPC$]
  1069. [2010/02/14 20:52:57,  5] smbd/service.c:make_connection(1384)
  1070.   making a connection to 'normal' service ipc$
  1071. [2010/02/14 20:52:57,  3] lib/access.c:only_ipaddrs_in_list(362)
  1072.   only_ipaddrs_in_list: list has non-ip address (127.)
  1073. [2010/02/14 20:52:57,  3] lib/access.c:check_access(396)
  1074.   check_access: hostnames in host allow/deny list.
  1075. [2010/02/14 20:52:57,  2] lib/access.c:check_access(406)
  1076.   Allowed connection from UNKNOWN (::ffff:192.168.1.183)
  1077. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_alloc(133)
  1078.   Finding user nobody
  1079. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(77)
  1080.   Trying _Get_Pwnam(), username as lowercase is nobody
  1081. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(110)
  1082.   Get_Pwnam_internals did find user [nobody]!
  1083. [2010/02/14 20:52:57, 10] smbd/service.c:set_conn_connectpath(161)
  1084.   set_conn_connectpath: service IPC$, connectpath = /tmp
  1085. [2010/02/14 20:52:57,  3] smbd/service.c:make_connection_snum(944)
  1086.   Connect path is '/tmp' for service [IPC$]
  1087. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
  1088.   se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
  1089. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  1090.   se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  1091. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  1092. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  1093.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  1094.   se_access_check: also S-1-1-0
  1095.   se_access_check: also S-1-5-2
  1096.   se_access_check: also S-1-5-32-546
  1097.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2
  1098. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  1099.   se_access_check: access (2) granted.
  1100. [2010/02/14 20:52:57,  3] smbd/vfs.c:vfs_init_default(96)
  1101.   Initialising default vfs hooks
  1102. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
  1103.   vfs_find_backend_entry called for /[Default VFS]/
  1104. [2010/02/14 20:52:57,  5] smbd/vfs.c:smb_register_vfs(86)
  1105.   Successfully added vfs backend '/[Default VFS]/'
  1106. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
  1107.   vfs_find_backend_entry called for posixacl
  1108. [2010/02/14 20:52:57,  5] smbd/vfs.c:smb_register_vfs(86)
  1109.   Successfully added vfs backend 'posixacl'
  1110. [2010/02/14 20:52:57,  3] smbd/vfs.c:vfs_init_custom(130)
  1111.   Initialising custom vfs hooks from [/[Default VFS]/]
  1112. [2010/02/14 20:52:57, 10] smbd/vfs.c:vfs_find_backend_entry(48)
  1113.   vfs_find_backend_entry called for /[Default VFS]/
  1114.   Successfully loaded vfs module [/[Default VFS]/] with the new modules system
  1115. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1116.   Checking operation #0 (type 0, layer 0)
  1117.   Making operation type 0 opaque [module /[Default VFS]/]
  1118.   Accepting operation type 0 from module /[Default VFS]/
  1119. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1120.   Checking operation #1 (type 1, layer 0)
  1121.   Making operation type 1 opaque [module /[Default VFS]/]
  1122.   Accepting operation type 1 from module /[Default VFS]/
  1123. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1124.   Checking operation #2 (type 2, layer 0)
  1125.   Making operation type 2 opaque [module /[Default VFS]/]
  1126.   Accepting operation type 2 from module /[Default VFS]/
  1127. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1128.   Checking operation #3 (type 3, layer 0)
  1129.   Making operation type 3 opaque [module /[Default VFS]/]
  1130.   Accepting operation type 3 from module /[Default VFS]/
  1131. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1132.   Checking operation #4 (type 4, layer 0)
  1133.   Making operation type 4 opaque [module /[Default VFS]/]
  1134.   Accepting operation type 4 from module /[Default VFS]/
  1135. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1136.   Checking operation #5 (type 5, layer 0)
  1137.   Making operation type 5 opaque [module /[Default VFS]/]
  1138.   Accepting operation type 5 from module /[Default VFS]/
  1139. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1140.   Checking operation #6 (type 6, layer 0)
  1141.   Making operation type 6 opaque [module /[Default VFS]/]
  1142.   Accepting operation type 6 from module /[Default VFS]/
  1143. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1144.   Checking operation #7 (type 7, layer 0)
  1145.   Making operation type 7 opaque [module /[Default VFS]/]
  1146.   Accepting operation type 7 from module /[Default VFS]/
  1147. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1148.   Checking operation #8 (type 8, layer 0)
  1149.   Making operation type 8 opaque [module /[Default VFS]/]
  1150.   Accepting operation type 8 from module /[Default VFS]/
  1151. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1152.   Checking operation #9 (type 9, layer 0)
  1153.   Making operation type 9 opaque [module /[Default VFS]/]
  1154.   Accepting operation type 9 from module /[Default VFS]/
  1155. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1156.   Checking operation #10 (type 10, layer 0)
  1157.   Making operation type 10 opaque [module /[Default VFS]/]
  1158.   Accepting operation type 10 from module /[Default VFS]/
  1159. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1160.   Checking operation #11 (type 11, layer 0)
  1161.   Making operation type 11 opaque [module /[Default VFS]/]
  1162.   Accepting operation type 11 from module /[Default VFS]/
  1163. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1164.   Checking operation #12 (type 12, layer 0)
  1165.   Making operation type 12 opaque [module /[Default VFS]/]
  1166.   Accepting operation type 12 from module /[Default VFS]/
  1167. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1168.   Checking operation #13 (type 13, layer 0)
  1169.   Making operation type 13 opaque [module /[Default VFS]/]
  1170.   Accepting operation type 13 from module /[Default VFS]/
  1171. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1172.   Checking operation #14 (type 14, layer 0)
  1173.   Making operation type 14 opaque [module /[Default VFS]/]
  1174.   Accepting operation type 14 from module /[Default VFS]/
  1175. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1176.   Checking operation #15 (type 15, layer 0)
  1177.   Making operation type 15 opaque [module /[Default VFS]/]
  1178.   Accepting operation type 15 from module /[Default VFS]/
  1179. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1180.   Checking operation #16 (type 16, layer 0)
  1181.   Making operation type 16 opaque [module /[Default VFS]/]
  1182.   Accepting operation type 16 from module /[Default VFS]/
  1183. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1184.   Checking operation #17 (type 17, layer 0)
  1185.   Making operation type 17 opaque [module /[Default VFS]/]
  1186.   Accepting operation type 17 from module /[Default VFS]/
  1187. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1188.   Checking operation #18 (type 18, layer 0)
  1189.   Making operation type 18 opaque [module /[Default VFS]/]
  1190.   Accepting operation type 18 from module /[Default VFS]/
  1191. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1192.   Checking operation #19 (type 19, layer 0)
  1193.   Making operation type 19 opaque [module /[Default VFS]/]
  1194.   Accepting operation type 19 from module /[Default VFS]/
  1195. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1196.   Checking operation #20 (type 20, layer 0)
  1197.   Making operation type 20 opaque [module /[Default VFS]/]
  1198.   Accepting operation type 20 from module /[Default VFS]/
  1199. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1200.   Checking operation #21 (type 21, layer 0)
  1201.   Making operation type 21 opaque [module /[Default VFS]/]
  1202.   Accepting operation type 21 from module /[Default VFS]/
  1203. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1204.   Checking operation #22 (type 22, layer 0)
  1205.   Making operation type 22 opaque [module /[Default VFS]/]
  1206.   Accepting operation type 22 from module /[Default VFS]/
  1207. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1208.   Checking operation #23 (type 23, layer 0)
  1209.   Making operation type 23 opaque [module /[Default VFS]/]
  1210.   Accepting operation type 23 from module /[Default VFS]/
  1211. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1212.   Checking operation #24 (type 24, layer 0)
  1213.   Making operation type 24 opaque [module /[Default VFS]/]
  1214.   Accepting operation type 24 from module /[Default VFS]/
  1215. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1216.   Checking operation #25 (type 25, layer 0)
  1217.   Making operation type 25 opaque [module /[Default VFS]/]
  1218.   Accepting operation type 25 from module /[Default VFS]/
  1219. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1220.   Checking operation #26 (type 26, layer 0)
  1221.   Making operation type 26 opaque [module /[Default VFS]/]
  1222.   Accepting operation type 26 from module /[Default VFS]/
  1223. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1224.   Checking operation #27 (type 27, layer 0)
  1225.   Making operation type 27 opaque [module /[Default VFS]/]
  1226.   Accepting operation type 27 from module /[Default VFS]/
  1227. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1228.   Checking operation #28 (type 28, layer 0)
  1229.   Making operation type 28 opaque [module /[Default VFS]/]
  1230.   Accepting operation type 28 from module /[Default VFS]/
  1231. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1232.   Checking operation #29 (type 29, layer 0)
  1233.   Making operation type 29 opaque [module /[Default VFS]/]
  1234.   Accepting operation type 29 from module /[Default VFS]/
  1235. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1236.   Checking operation #30 (type 30, layer 0)
  1237.   Making operation type 30 opaque [module /[Default VFS]/]
  1238.   Accepting operation type 30 from module /[Default VFS]/
  1239. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1240.   Checking operation #31 (type 31, layer 0)
  1241.   Making operation type 31 opaque [module /[Default VFS]/]
  1242.   Accepting operation type 31 from module /[Default VFS]/
  1243. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1244.   Checking operation #32 (type 32, layer 0)
  1245.   Making operation type 32 opaque [module /[Default VFS]/]
  1246.   Accepting operation type 32 from module /[Default VFS]/
  1247. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1248.   Checking operation #33 (type 33, layer 0)
  1249.   Making operation type 33 opaque [module /[Default VFS]/]
  1250.   Accepting operation type 33 from module /[Default VFS]/
  1251. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1252.   Checking operation #34 (type 34, layer 0)
  1253.   Making operation type 34 opaque [module /[Default VFS]/]
  1254.   Accepting operation type 34 from module /[Default VFS]/
  1255. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1256.   Checking operation #35 (type 35, layer 0)
  1257.   Making operation type 35 opaque [module /[Default VFS]/]
  1258.   Accepting operation type 35 from module /[Default VFS]/
  1259. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1260.   Checking operation #36 (type 36, layer 0)
  1261.   Making operation type 36 opaque [module /[Default VFS]/]
  1262.   Accepting operation type 36 from module /[Default VFS]/
  1263. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1264.   Checking operation #37 (type 37, layer 0)
  1265.   Making operation type 37 opaque [module /[Default VFS]/]
  1266.   Accepting operation type 37 from module /[Default VFS]/
  1267. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1268.   Checking operation #38 (type 38, layer 0)
  1269.   Making operation type 38 opaque [module /[Default VFS]/]
  1270.   Accepting operation type 38 from module /[Default VFS]/
  1271. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1272.   Checking operation #39 (type 39, layer 0)
  1273.   Making operation type 39 opaque [module /[Default VFS]/]
  1274.   Accepting operation type 39 from module /[Default VFS]/
  1275. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1276.   Checking operation #40 (type 40, layer 0)
  1277.   Making operation type 40 opaque [module /[Default VFS]/]
  1278.   Accepting operation type 40 from module /[Default VFS]/
  1279. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1280.   Checking operation #41 (type 41, layer 0)
  1281.   Making operation type 41 opaque [module /[Default VFS]/]
  1282.   Accepting operation type 41 from module /[Default VFS]/
  1283. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1284.   Checking operation #42 (type 42, layer 0)
  1285.   Making operation type 42 opaque [module /[Default VFS]/]
  1286.   Accepting operation type 42 from module /[Default VFS]/
  1287. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1288.   Checking operation #43 (type 43, layer 0)
  1289.   Making operation type 43 opaque [module /[Default VFS]/]
  1290.   Accepting operation type 43 from module /[Default VFS]/
  1291. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1292.   Checking operation #44 (type 44, layer 0)
  1293.   Making operation type 44 opaque [module /[Default VFS]/]
  1294.   Accepting operation type 44 from module /[Default VFS]/
  1295. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1296.   Checking operation #45 (type 45, layer 0)
  1297.   Making operation type 45 opaque [module /[Default VFS]/]
  1298.   Accepting operation type 45 from module /[Default VFS]/
  1299. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1300.   Checking operation #46 (type 46, layer 0)
  1301.   Making operation type 46 opaque [module /[Default VFS]/]
  1302.   Accepting operation type 46 from module /[Default VFS]/
  1303. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1304.   Checking operation #47 (type 47, layer 0)
  1305.   Making operation type 47 opaque [module /[Default VFS]/]
  1306.   Accepting operation type 47 from module /[Default VFS]/
  1307. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1308.   Checking operation #48 (type 48, layer 0)
  1309.   Making operation type 48 opaque [module /[Default VFS]/]
  1310.   Accepting operation type 48 from module /[Default VFS]/
  1311. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1312.   Checking operation #49 (type 49, layer 0)
  1313.   Making operation type 49 opaque [module /[Default VFS]/]
  1314.   Accepting operation type 49 from module /[Default VFS]/
  1315. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1316.   Checking operation #50 (type 50, layer 0)
  1317.   Making operation type 50 opaque [module /[Default VFS]/]
  1318.   Accepting operation type 50 from module /[Default VFS]/
  1319. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1320.   Checking operation #51 (type 51, layer 0)
  1321.   Making operation type 51 opaque [module /[Default VFS]/]
  1322.   Accepting operation type 51 from module /[Default VFS]/
  1323. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1324.   Checking operation #52 (type 52, layer 0)
  1325.   Making operation type 52 opaque [module /[Default VFS]/]
  1326.   Accepting operation type 52 from module /[Default VFS]/
  1327. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1328.   Checking operation #53 (type 53, layer 0)
  1329.   Making operation type 53 opaque [module /[Default VFS]/]
  1330.   Accepting operation type 53 from module /[Default VFS]/
  1331. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1332.   Checking operation #54 (type 54, layer 0)
  1333.   Making operation type 54 opaque [module /[Default VFS]/]
  1334.   Accepting operation type 54 from module /[Default VFS]/
  1335. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1336.   Checking operation #55 (type 55, layer 0)
  1337.   Making operation type 55 opaque [module /[Default VFS]/]
  1338.   Accepting operation type 55 from module /[Default VFS]/
  1339. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1340.   Checking operation #56 (type 56, layer 0)
  1341.   Making operation type 56 opaque [module /[Default VFS]/]
  1342.   Accepting operation type 56 from module /[Default VFS]/
  1343. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1344.   Checking operation #57 (type 57, layer 0)
  1345.   Making operation type 57 opaque [module /[Default VFS]/]
  1346.   Accepting operation type 57 from module /[Default VFS]/
  1347. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1348.   Checking operation #58 (type 58, layer 0)
  1349.   Making operation type 58 opaque [module /[Default VFS]/]
  1350.   Accepting operation type 58 from module /[Default VFS]/
  1351. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1352.   Checking operation #59 (type 59, layer 0)
  1353.   Making operation type 59 opaque [module /[Default VFS]/]
  1354.   Accepting operation type 59 from module /[Default VFS]/
  1355. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1356.   Checking operation #60 (type 60, layer 0)
  1357.   Making operation type 60 opaque [module /[Default VFS]/]
  1358.   Accepting operation type 60 from module /[Default VFS]/
  1359. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1360.   Checking operation #61 (type 61, layer 0)
  1361.   Making operation type 61 opaque [module /[Default VFS]/]
  1362.   Accepting operation type 61 from module /[Default VFS]/
  1363. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1364.   Checking operation #62 (type 62, layer 0)
  1365.   Making operation type 62 opaque [module /[Default VFS]/]
  1366.   Accepting operation type 62 from module /[Default VFS]/
  1367. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1368.   Checking operation #63 (type 63, layer 0)
  1369.   Making operation type 63 opaque [module /[Default VFS]/]
  1370.   Accepting operation type 63 from module /[Default VFS]/
  1371. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1372.   Checking operation #64 (type 64, layer 0)
  1373.   Making operation type 64 opaque [module /[Default VFS]/]
  1374.   Accepting operation type 64 from module /[Default VFS]/
  1375. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1376.   Checking operation #65 (type 65, layer 0)
  1377.   Making operation type 65 opaque [module /[Default VFS]/]
  1378.   Accepting operation type 65 from module /[Default VFS]/
  1379. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1380.   Checking operation #66 (type 66, layer 0)
  1381.   Making operation type 66 opaque [module /[Default VFS]/]
  1382.   Accepting operation type 66 from module /[Default VFS]/
  1383. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1384.   Checking operation #67 (type 67, layer 0)
  1385.   Making operation type 67 opaque [module /[Default VFS]/]
  1386.   Accepting operation type 67 from module /[Default VFS]/
  1387. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1388.   Checking operation #68 (type 68, layer 0)
  1389.   Making operation type 68 opaque [module /[Default VFS]/]
  1390.   Accepting operation type 68 from module /[Default VFS]/
  1391. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1392.   Checking operation #69 (type 69, layer 0)
  1393.   Making operation type 69 opaque [module /[Default VFS]/]
  1394.   Accepting operation type 69 from module /[Default VFS]/
  1395. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1396.   Checking operation #70 (type 70, layer 0)
  1397.   Making operation type 70 opaque [module /[Default VFS]/]
  1398.   Accepting operation type 70 from module /[Default VFS]/
  1399. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1400.   Checking operation #71 (type 71, layer 0)
  1401.   Making operation type 71 opaque [module /[Default VFS]/]
  1402.   Accepting operation type 71 from module /[Default VFS]/
  1403. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1404.   Checking operation #72 (type 72, layer 0)
  1405.   Making operation type 72 opaque [module /[Default VFS]/]
  1406.   Accepting operation type 72 from module /[Default VFS]/
  1407. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1408.   Checking operation #73 (type 73, layer 0)
  1409.   Making operation type 73 opaque [module /[Default VFS]/]
  1410.   Accepting operation type 73 from module /[Default VFS]/
  1411. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1412.   Checking operation #74 (type 74, layer 0)
  1413.   Making operation type 74 opaque [module /[Default VFS]/]
  1414.   Accepting operation type 74 from module /[Default VFS]/
  1415. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1416.   Checking operation #75 (type 75, layer 0)
  1417.   Making operation type 75 opaque [module /[Default VFS]/]
  1418.   Accepting operation type 75 from module /[Default VFS]/
  1419. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1420.   Checking operation #76 (type 76, layer 0)
  1421.   Making operation type 76 opaque [module /[Default VFS]/]
  1422.   Accepting operation type 76 from module /[Default VFS]/
  1423. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1424.   Checking operation #77 (type 77, layer 0)
  1425.   Making operation type 77 opaque [module /[Default VFS]/]
  1426.   Accepting operation type 77 from module /[Default VFS]/
  1427. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1428.   Checking operation #78 (type 78, layer 0)
  1429.   Making operation type 78 opaque [module /[Default VFS]/]
  1430.   Accepting operation type 78 from module /[Default VFS]/
  1431. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1432.   Checking operation #79 (type 79, layer 0)
  1433.   Making operation type 79 opaque [module /[Default VFS]/]
  1434.   Accepting operation type 79 from module /[Default VFS]/
  1435. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1436.   Checking operation #80 (type 80, layer 0)
  1437.   Making operation type 80 opaque [module /[Default VFS]/]
  1438.   Accepting operation type 80 from module /[Default VFS]/
  1439. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1440.   Checking operation #81 (type 81, layer 0)
  1441.   Making operation type 81 opaque [module /[Default VFS]/]
  1442.   Accepting operation type 81 from module /[Default VFS]/
  1443. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1444.   Checking operation #82 (type 82, layer 0)
  1445.   Making operation type 82 opaque [module /[Default VFS]/]
  1446.   Accepting operation type 82 from module /[Default VFS]/
  1447. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1448.   Checking operation #83 (type 83, layer 0)
  1449.   Making operation type 83 opaque [module /[Default VFS]/]
  1450.   Accepting operation type 83 from module /[Default VFS]/
  1451. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1452.   Checking operation #84 (type 84, layer 0)
  1453.   Making operation type 84 opaque [module /[Default VFS]/]
  1454.   Accepting operation type 84 from module /[Default VFS]/
  1455. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1456.   Checking operation #85 (type 85, layer 0)
  1457.   Making operation type 85 opaque [module /[Default VFS]/]
  1458.   Accepting operation type 85 from module /[Default VFS]/
  1459. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1460.   Checking operation #86 (type 86, layer 0)
  1461.   Making operation type 86 opaque [module /[Default VFS]/]
  1462.   Accepting operation type 86 from module /[Default VFS]/
  1463. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1464.   Checking operation #87 (type 87, layer 0)
  1465.   Making operation type 87 opaque [module /[Default VFS]/]
  1466.   Accepting operation type 87 from module /[Default VFS]/
  1467. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1468.   Checking operation #88 (type 88, layer 0)
  1469.   Making operation type 88 opaque [module /[Default VFS]/]
  1470.   Accepting operation type 88 from module /[Default VFS]/
  1471. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1472.   Checking operation #89 (type 89, layer 0)
  1473.   Making operation type 89 opaque [module /[Default VFS]/]
  1474.   Accepting operation type 89 from module /[Default VFS]/
  1475. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1476.   Checking operation #90 (type 90, layer 0)
  1477.   Making operation type 90 opaque [module /[Default VFS]/]
  1478.   Accepting operation type 90 from module /[Default VFS]/
  1479. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1480.   Checking operation #91 (type 91, layer 0)
  1481.   Making operation type 91 opaque [module /[Default VFS]/]
  1482.   Accepting operation type 91 from module /[Default VFS]/
  1483. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1484.   Checking operation #92 (type 92, layer 0)
  1485.   Making operation type 92 opaque [module /[Default VFS]/]
  1486.   Accepting operation type 92 from module /[Default VFS]/
  1487. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1488.   Checking operation #93 (type 93, layer 0)
  1489.   Making operation type 93 opaque [module /[Default VFS]/]
  1490.   Accepting operation type 93 from module /[Default VFS]/
  1491. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1492.   Checking operation #94 (type 94, layer 0)
  1493.   Making operation type 94 opaque [module /[Default VFS]/]
  1494.   Accepting operation type 94 from module /[Default VFS]/
  1495. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1496.   Checking operation #95 (type 95, layer 0)
  1497.   Making operation type 95 opaque [module /[Default VFS]/]
  1498.   Accepting operation type 95 from module /[Default VFS]/
  1499. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1500.   Checking operation #96 (type 96, layer 0)
  1501.   Making operation type 96 opaque [module /[Default VFS]/]
  1502.   Accepting operation type 96 from module /[Default VFS]/
  1503. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1504.   Checking operation #97 (type 97, layer 0)
  1505.   Making operation type 97 opaque [module /[Default VFS]/]
  1506.   Accepting operation type 97 from module /[Default VFS]/
  1507. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1508.   Checking operation #98 (type 98, layer 0)
  1509.   Making operation type 98 opaque [module /[Default VFS]/]
  1510.   Accepting operation type 98 from module /[Default VFS]/
  1511. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1512.   Checking operation #99 (type 99, layer 0)
  1513.   Making operation type 99 opaque [module /[Default VFS]/]
  1514.   Accepting operation type 99 from module /[Default VFS]/
  1515. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1516.   Checking operation #100 (type 100, layer 0)
  1517.   Making operation type 100 opaque [module /[Default VFS]/]
  1518.   Accepting operation type 100 from module /[Default VFS]/
  1519. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1520.   Checking operation #101 (type 101, layer 0)
  1521.   Making operation type 101 opaque [module /[Default VFS]/]
  1522.   Accepting operation type 101 from module /[Default VFS]/
  1523. [2010/02/14 20:52:57,  5] smbd/vfs.c:vfs_init_custom(193)
  1524.   Checking operation #102 (type 102, layer 0)
  1525.   Making operation type 102 opaque [module /[Default VFS]/]
  1526.   Accepting operation type 102 from module /[Default VFS]/
  1527. [2010/02/14 20:52:57,  5] smbd/connection.c:claim_connection(142)
  1528.   claiming [IPC$]
  1529. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  1530.   Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  1531. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  1532.   Allocated locked data 0x0x110de70
  1533. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  1534.   Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  1535. [2010/02/14 20:52:57, 10] smbd/share_access.c:user_ok_token(231)
  1536.   user_ok_token: share IPC$ is ok for unix user nobody
  1537. [2010/02/14 20:52:57, 10] smbd/share_access.c:is_share_read_only_for_token(273)
  1538.   is_share_read_only_for_user: share IPC$ is read-only for unix user nobody
  1539. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_map_generic(175)
  1540.   se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
  1541. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  1542.   se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  1543. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  1544. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  1545.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  1546.   se_access_check: also S-1-1-0
  1547.   se_access_check: also S-1-5-2
  1548.   se_access_check: also S-1-5-32-546
  1549.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1
  1550. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  1551.   se_access_check: access (1) granted.
  1552. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  1553.   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
  1554. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(470)
  1555.   NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
  1556.   contains 4 SIDs
  1557.   SID[  0]: S-1-5-21-2934603361-1946261283-2740193522-501
  1558.   SID[  1]: S-1-1-0
  1559.   SID[  2]: S-1-5-2
  1560.   SID[  3]: S-1-5-32-546
  1561.   SE_PRIV  0x0 0x0 0x0 0x0
  1562. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  1563.   UNIX token of user 65534
  1564.   Primary group is 65534 and contains 0 supplementary groups
  1565. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_user(272)
  1566.   change_to_user uid=(0,65534) gid=(0,65534)
  1567. [2010/02/14 20:52:57,  3] smbd/service.c:make_connection_snum(1198)
  1568.   hds-virtbox1 (::ffff:192.168.1.183) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 21948)
  1569. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  1570.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  1571. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  1572.   NT user token: (NULL)
  1573. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  1574.   UNIX token of user 0
  1575.   Primary group is 0 and contains 0 supplementary groups
  1576. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  1577.   change_to_root_user: now uid=(0,0) gid=(0,0)
  1578. [2010/02/14 20:52:57,  3] smbd/reply.c:reply_tcon_and_X(727)
  1579.   tconX service=IPC$
  1580. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1581. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  1582.   size=56
  1583.   smb_com=0x75
  1584.   smb_rcls=0
  1585.   smb_reh=0
  1586.   smb_err=0
  1587.   smb_flg=136
  1588.   smb_flg2=51201
  1589.   smb_tid=1
  1590.   smb_pid=65279
  1591.   smb_uid=100
  1592.   smb_mid=192
  1593.   smt_wct=7
  1594.   smb_vwv[ 0]=  255 (0xFF)
  1595.   smb_vwv[ 1]=    0 (0x0)
  1596.   smb_vwv[ 2]=    1 (0x1)
  1597.   smb_vwv[ 3]=  511 (0x1FF)
  1598.   smb_vwv[ 4]=    0 (0x0)
  1599.   smb_vwv[ 5]=  511 (0x1FF)
  1600.   smb_vwv[ 6]=    0 (0x0)
  1601.   smb_bcc=7
  1602. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  1603.   [000] 49 50 43 00 00 00 00                              IPC....
  1604. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  1605.   run_events: Nothing to do
  1606. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  1607.   run_events: Nothing to do
  1608. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  1609.   got smb length of 100
  1610. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  1611.   got message type 0x0 of len 0x64
  1612. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  1613.   Transaction 4 of length 104 (0 toread)
  1614. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1615. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  1616.   size=100
  1617.   smb_com=0xa2
  1618.   smb_rcls=0
  1619.   smb_reh=0
  1620.   smb_err=0
  1621.   smb_flg=24
  1622.   smb_flg2=51207
  1623.   smb_tid=1
  1624.   smb_pid=1332
  1625.   smb_uid=100
  1626.   smb_mid=256
  1627.   smt_wct=24
  1628.   smb_vwv[ 0]=  255 (0xFF)
  1629.   smb_vwv[ 1]=57054 (0xDEDE)
  1630.   smb_vwv[ 2]= 3584 (0xE00)
  1631.   smb_vwv[ 3]= 5632 (0x1600)
  1632.   smb_vwv[ 4]=    0 (0x0)
  1633.   smb_vwv[ 5]=    0 (0x0)
  1634.   smb_vwv[ 6]=    0 (0x0)
  1635.   smb_vwv[ 7]=40704 (0x9F00)
  1636.   smb_vwv[ 8]=  513 (0x201)
  1637.   smb_vwv[ 9]=    0 (0x0)
  1638.   smb_vwv[10]=    0 (0x0)
  1639.   smb_vwv[11]=    0 (0x0)
  1640.   smb_vwv[12]=    0 (0x0)
  1641.   smb_vwv[13]=    0 (0x0)
  1642.   smb_vwv[14]=    0 (0x0)
  1643.   smb_vwv[15]=  768 (0x300)
  1644.   smb_vwv[16]=    0 (0x0)
  1645.   smb_vwv[17]=  256 (0x100)
  1646.   smb_vwv[18]=    0 (0x0)
  1647.   smb_vwv[19]=16384 (0x4000)
  1648.   smb_vwv[20]=    0 (0x0)
  1649.   smb_vwv[21]=  512 (0x200)
  1650.   smb_vwv[22]=    0 (0x0)
  1651.   smb_vwv[23]=  768 (0x300)
  1652.   smb_bcc=17
  1653. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  1654.   [000] 00 5C 00 6C 00 73 00 61  00 72 00 70 00 63 00 00  .\.l.s.a .r.p.c..
  1655.   [010] 00                                                .
  1656. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  1657.   switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
  1658. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  1659.   created /tmp/SMBntcreateX.68.req len 104
  1660. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  1661.   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
  1662. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(470)
  1663.   NT user token of user S-1-5-21-2934603361-1946261283-2740193522-501
  1664.   contains 4 SIDs
  1665.   SID[  0]: S-1-5-21-2934603361-1946261283-2740193522-501
  1666.   SID[  1]: S-1-1-0
  1667.   SID[  2]: S-1-5-2
  1668.   SID[  3]: S-1-5-32-546
  1669.   SE_PRIV  0x0 0x0 0x0 0x0
  1670. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  1671.   UNIX token of user 65534
  1672.   Primary group is 65534 and contains 0 supplementary groups
  1673. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_user(272)
  1674.   change_to_user uid=(0,65534) gid=(0,65534)
  1675. [2010/02/14 20:52:57,  4] smbd/vfs.c:vfs_ChDir(733)
  1676.   vfs_ChDir to /tmp
  1677. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
  1678.   reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc
  1679. [2010/02/14 20:52:57,  4] smbd/nttrans.c:nt_open_pipe(295)
  1680.   nt_open_pipe: Opening pipe \lsarpc.
  1681. [2010/02/14 20:52:57,  3] smbd/nttrans.c:nt_open_pipe(320)
  1682.   nt_open_pipe: Known pipe lsarpc opening.
  1683. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
  1684.   Open pipe requested lsarpc (pipes_open=0)
  1685. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
  1686.   Create pipe requested lsarpc
  1687. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
  1688.   init_pipe_handles: created handle list for pipe lsarpc
  1689. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
  1690.   init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc
  1691. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
  1692.   Created internal pipe lsarpc (pipes_open=0)
  1693. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
  1694.   Opened pipe lsarpc with handle 7715 (pipes_open=1)
  1695. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  1696.   open pipes: name lsarpc pnum=7715
  1697. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  1698.   Locking key 6C73617270632F32313934382F333034383500
  1699. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  1700.   Allocated locked data 0x0x10ba6a0
  1701. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  1702.   Unlocking key 6C73617270632F32313934382F333034383500
  1703. [2010/02/14 20:52:57,  5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
  1704.   do_ntcreate_pipe_open: open pipe = \lsarpc
  1705. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1706. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  1707.   size=135
  1708.   smb_com=0xa2
  1709.   smb_rcls=0
  1710.   smb_reh=0
  1711.   smb_err=0
  1712.   smb_flg=136
  1713.   smb_flg2=51201
  1714.   smb_tid=1
  1715.   smb_pid=1332
  1716.   smb_uid=100
  1717.   smb_mid=256
  1718.   smt_wct=42
  1719.   smb_vwv[ 0]=  255 (0xFF)
  1720.   smb_vwv[ 1]=    0 (0x0)
  1721.   smb_vwv[ 2]= 5376 (0x1500)
  1722.   smb_vwv[ 3]=  375 (0x177)
  1723.   smb_vwv[ 4]=    0 (0x0)
  1724.   smb_vwv[ 5]=    0 (0x0)
  1725.   smb_vwv[ 6]=    0 (0x0)
  1726.   smb_vwv[ 7]=    0 (0x0)
  1727.   smb_vwv[ 8]=    0 (0x0)
  1728.   smb_vwv[ 9]=    0 (0x0)
  1729.   smb_vwv[10]=    0 (0x0)
  1730.   smb_vwv[11]=    0 (0x0)
  1731.   smb_vwv[12]=    0 (0x0)
  1732.   smb_vwv[13]=    0 (0x0)
  1733.   smb_vwv[14]=    0 (0x0)
  1734.   smb_vwv[15]=    0 (0x0)
  1735.   smb_vwv[16]=    0 (0x0)
  1736.   smb_vwv[17]=    0 (0x0)
  1737.   smb_vwv[18]=    0 (0x0)
  1738.   smb_vwv[19]=    0 (0x0)
  1739.   smb_vwv[20]=    0 (0x0)
  1740.   smb_vwv[21]=32768 (0x8000)
  1741.   smb_vwv[22]=    0 (0x0)
  1742.   smb_vwv[23]=    0 (0x0)
  1743.   smb_vwv[24]=    0 (0x0)
  1744.   smb_vwv[25]=    0 (0x0)
  1745.   smb_vwv[26]=    0 (0x0)
  1746.   smb_vwv[27]=    0 (0x0)
  1747.   smb_vwv[28]=    0 (0x0)
  1748.   smb_vwv[29]=    0 (0x0)
  1749.   smb_vwv[30]=    0 (0x0)
  1750.   smb_vwv[31]=  512 (0x200)
  1751.   smb_vwv[32]=65280 (0xFF00)
  1752.   smb_vwv[33]=    5 (0x5)
  1753.   smb_vwv[34]=    0 (0x0)
  1754.   smb_vwv[35]=    0 (0x0)
  1755.   smb_vwv[36]=    0 (0x0)
  1756.   smb_vwv[37]=    0 (0x0)
  1757.   smb_vwv[38]=    0 (0x0)
  1758.   smb_vwv[39]=    0 (0x0)
  1759.   smb_vwv[40]=    0 (0x0)
  1760.   smb_vwv[41]=    0 (0x0)
  1761.   smb_bcc=0
  1762. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  1763.   run_events: Nothing to do
  1764. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  1765.   run_events: Nothing to do
  1766. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  1767.   got smb length of 136
  1768. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  1769.   got message type 0x0 of len 0x88
  1770. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  1771.   Transaction 5 of length 140 (0 toread)
  1772. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1773. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  1774.   size=136
  1775.   smb_com=0x2f
  1776.   smb_rcls=0
  1777.   smb_reh=0
  1778.   smb_err=0
  1779.   smb_flg=24
  1780.   smb_flg2=51207
  1781.   smb_tid=1
  1782.   smb_pid=65279
  1783.   smb_uid=100
  1784.   smb_mid=320
  1785.   smt_wct=14
  1786.   smb_vwv[ 0]=  255 (0xFF)
  1787.   smb_vwv[ 1]=57054 (0xDEDE)
  1788.   smb_vwv[ 2]=30485 (0x7715)
  1789.   smb_vwv[ 3]=    0 (0x0)
  1790.   smb_vwv[ 4]=    0 (0x0)
  1791.   smb_vwv[ 5]=65535 (0xFFFF)
  1792.   smb_vwv[ 6]=65535 (0xFFFF)
  1793.   smb_vwv[ 7]=    8 (0x8)
  1794.   smb_vwv[ 8]=   72 (0x48)
  1795.   smb_vwv[ 9]=    0 (0x0)
  1796.   smb_vwv[10]=   72 (0x48)
  1797.   smb_vwv[11]=   64 (0x40)
  1798.   smb_vwv[12]=    0 (0x0)
  1799.   smb_vwv[13]=    0 (0x0)
  1800.   smb_bcc=73
  1801. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  1802.   [000] EE 05 00 0B 03 10 00 00  00 48 00 00 00 01 00 00  ........ .H......
  1803.   [010] 00 B8 10 B8 10 00 00 00  00 01 00 00 00 00 00 01  ........ ........
  1804.   [020] 00 78 57 34 12 34 12 CD  AB EF 00 01 23 45 67 89  .xW4.4.. ....#Eg.
  1805.   [030] AB 00 00 00 00 04 5D 88  8A EB 1C C9 11 9F E8 08  ......]. ........
  1806.   [040] 00 2B 10 48 60 02 00 00  00                       .+.H`... .
  1807. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  1808.   switch message SMBwriteX (pid 21948) conn 0x10fd8d0
  1809. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  1810.   created /tmp/SMBwriteX.68.req len 140
  1811. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  1812.   change_to_user: Skipping user change - already user
  1813. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  1814.   search for pipe pnum=7715
  1815. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  1816.   pipe name lsarpc pnum=7715 (pipes_open=1)
  1817. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  1818.   write_to_pipe: 7715 name: lsarpc open: Yes len: 72
  1819. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  1820.   [000] 05 00 0B 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  1821.   [010] B8 10 B8 10 00 00 00 00  01 00 00 00 00 00 01 00  ........ ........
  1822.   [020] 78 57 34 12 34 12 CD AB  EF 00 01 23 45 67 89 AB  xW4.4... ...#Eg..
  1823.   [030] 00 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  1824.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  1825. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  1826.   write_to_pipe: data_left = 72
  1827. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  1828.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
  1829. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  1830.   fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
  1831. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  1832.   write_to_pipe: data_used = 16
  1833. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  1834.   write_to_pipe: data_left = 56
  1835. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  1836.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
  1837. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  1838.   000000 smb_io_rpc_hdr
  1839. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1840.       0000 major     : 05
  1841. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1842.       0001 minor     : 00
  1843. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1844.       0002 pkt_type  : 0b
  1845. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1846.       0003 flags     : 03
  1847. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1848.       0004 pack_type0: 10
  1849. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1850.       0005 pack_type1: 00
  1851. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1852.       0006 pack_type2: 00
  1853. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1854.       0007 pack_type3: 00
  1855. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1856.       0008 frag_len  : 0048
  1857. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1858.       000a auth_len  : 0000
  1859. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1860.       000c call_id   : 00000001
  1861. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  1862.   unmarshall_rpc_header: using little-endian RPC
  1863. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  1864.   unmarshall_rpc_header: type = 11, flags = 3
  1865. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  1866.   write_to_pipe: data_used = 0
  1867. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  1868.   write_to_pipe: data_left = 56
  1869. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  1870.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
  1871. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  1872.   process_complete_pdu: processing packet type 11
  1873. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
  1874.   api_pipe_bind_req: decode request. 1553
  1875. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
  1876.   api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
  1877. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  1878.   000000 smb_io_rpc_hdr_rb
  1879. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1880.       000000 smb_io_rpc_hdr_bba
  1881. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1882.           0000 max_tsize: 10b8
  1883. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1884.           0002 max_rsize: 10b8
  1885. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1886.           0004 assoc_gid: 00000000
  1887. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1888.       0008 num_contexts: 01
  1889. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1890.       000c context_id  : 0000
  1891. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1892.       000e num_transfer_syntaxes: 01
  1893. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1894.       00000f smb_io_rpc_iface
  1895. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  1896.           000010 smb_io_uuid uuid
  1897. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1898.               0010 data   : 12345778
  1899. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1900.               0014 data   : 1234
  1901. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1902.               0016 data   : abcd
  1903. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1904.               0018 data   : ef 00
  1905. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1906.               001a data   : 01 23 45 67 89 ab
  1907. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1908.           0020 version: 00000000
  1909. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1910.       000024 smb_io_rpc_iface
  1911. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  1912.           000024 smb_io_uuid uuid
  1913. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1914.               0024 data   : 8a885d04
  1915. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1916.               0028 data   : 1ceb
  1917. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1918.               002a data   : 11c9
  1919. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1920.               002c data   : 9f e8
  1921. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1922.               002e data   : 08 00 2b 10 48 60
  1923. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1924.           0034 version: 00000002
  1925. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
  1926.   api_pipe_bind_req: make response. 1608
  1927. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:check_bind_req(991)
  1928.   check_bind_req for \PIPE\lsarpc
  1929.   checking \PIPE\lsarpc
  1930. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  1931.   000000 smb_io_rpc_hdr_ba
  1932. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1933.       000000 smb_io_rpc_hdr_bba
  1934. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1935.           0000 max_tsize: 10b8
  1936. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1937.           0002 max_rsize: 10b8
  1938. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1939.           0004 assoc_gid: 000053f0
  1940. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1941.       000008 smb_io_rpc_addr_str
  1942. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1943.           0008 len: 000d
  1944. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1945.           000a str: \PIPE\lsarpc.
  1946. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1947.       000017 smb_io_rpc_results
  1948. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1949.           0018 num_results: 01
  1950. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1951.           001c result     : 0000
  1952. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1953.           001e reason     : 0000
  1954. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  1955.       000020 smb_io_rpc_iface
  1956. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  1957.           000020 smb_io_uuid uuid
  1958. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1959.               0020 data   : 8a885d04
  1960. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1961.               0024 data   : 1ceb
  1962. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1963.               0026 data   : 11c9
  1964. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1965.               0028 data   : 9f e8
  1966. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  1967.               002a data   : 08 00 2b 10 48 60
  1968. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1969.           0030 version: 00000002
  1970. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  1971.   000000 smb_io_rpc_hdr
  1972. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1973.       0000 major     : 05
  1974. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1975.       0001 minor     : 00
  1976. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1977.       0002 pkt_type  : 0c
  1978. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1979.       0003 flags     : 03
  1980. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1981.       0004 pack_type0: 10
  1982. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1983.       0005 pack_type1: 00
  1984. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1985.       0006 pack_type2: 00
  1986. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  1987.       0007 pack_type3: 00
  1988. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1989.       0008 frag_len  : 0044
  1990. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  1991.       000a auth_len  : 0000
  1992. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  1993.       000c call_id   : 00000001
  1994. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  1995.   write_to_pipe: data_used = 56
  1996. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_write_and_X(251)
  1997.   writeX-IPC pnum=7715 nwritten=72
  1998. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  1999. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2000.   size=47
  2001.   smb_com=0x2f
  2002.   smb_rcls=0
  2003.   smb_reh=0
  2004.   smb_err=0
  2005.   smb_flg=136
  2006.   smb_flg2=51201
  2007.   smb_tid=1
  2008.   smb_pid=65279
  2009.   smb_uid=100
  2010.   smb_mid=320
  2011.   smt_wct=6
  2012.   smb_vwv[ 0]=  255 (0xFF)
  2013.   smb_vwv[ 1]=    0 (0x0)
  2014.   smb_vwv[ 2]=   72 (0x48)
  2015.   smb_vwv[ 3]=    0 (0x0)
  2016.   smb_vwv[ 4]=    0 (0x0)
  2017.   smb_vwv[ 5]=    0 (0x0)
  2018.   smb_bcc=0
  2019. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2020.   run_events: Nothing to do
  2021. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2022.   run_events: Nothing to do
  2023. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2024.   got smb length of 59
  2025. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2026.   got message type 0x0 of len 0x3b
  2027. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2028.   Transaction 6 of length 63 (0 toread)
  2029. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2030. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2031.   size=59
  2032.   smb_com=0x2e
  2033.   smb_rcls=0
  2034.   smb_reh=0
  2035.   smb_err=0
  2036.   smb_flg=24
  2037.   smb_flg2=51207
  2038.   smb_tid=1
  2039.   smb_pid=65279
  2040.   smb_uid=100
  2041.   smb_mid=384
  2042.   smt_wct=12
  2043.   smb_vwv[ 0]=  255 (0xFF)
  2044.   smb_vwv[ 1]=57054 (0xDEDE)
  2045.   smb_vwv[ 2]=30485 (0x7715)
  2046.   smb_vwv[ 3]=    0 (0x0)
  2047.   smb_vwv[ 4]=    0 (0x0)
  2048.   smb_vwv[ 5]= 1024 (0x400)
  2049.   smb_vwv[ 6]= 1024 (0x400)
  2050.   smb_vwv[ 7]=65535 (0xFFFF)
  2051.   smb_vwv[ 8]=65535 (0xFFFF)
  2052.   smb_vwv[ 9]= 1024 (0x400)
  2053.   smb_vwv[10]=    0 (0x0)
  2054.   smb_vwv[11]=    0 (0x0)
  2055.   smb_bcc=0
  2056. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  2057.   switch message SMBreadX (pid 21948) conn 0x10fd8d0
  2058. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  2059.   created /tmp/SMBreadX.68.req len 63
  2060. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  2061.   change_to_user: Skipping user change - already user
  2062. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  2063.   search for pipe pnum=7715
  2064. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  2065.   pipe name lsarpc pnum=7715 (pipes_open=1)
  2066. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  2067.   read_from_pipe: 7715 name: lsarpc len: 1024
  2068. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
  2069.   read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
  2070. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_read_and_X(301)
  2071.   readX-IPC pnum=7715 min=1024 max=1024 nread=68
  2072. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2073. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2074.   size=127
  2075.   smb_com=0x2e
  2076.   smb_rcls=0
  2077.   smb_reh=0
  2078.   smb_err=0
  2079.   smb_flg=136
  2080.   smb_flg2=51201
  2081.   smb_tid=1
  2082.   smb_pid=65279
  2083.   smb_uid=100
  2084.   smb_mid=384
  2085.   smt_wct=12
  2086.   smb_vwv[ 0]=  255 (0xFF)
  2087.   smb_vwv[ 1]=    0 (0x0)
  2088.   smb_vwv[ 2]=    0 (0x0)
  2089.   smb_vwv[ 3]=    0 (0x0)
  2090.   smb_vwv[ 4]=    0 (0x0)
  2091.   smb_vwv[ 5]=   68 (0x44)
  2092.   smb_vwv[ 6]=   59 (0x3B)
  2093.   smb_vwv[ 7]=    0 (0x0)
  2094.   smb_vwv[ 8]=    0 (0x0)
  2095.   smb_vwv[ 9]=    0 (0x0)
  2096.   smb_vwv[10]=    0 (0x0)
  2097.   smb_vwv[11]=    0 (0x0)
  2098.   smb_bcc=68
  2099. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2100.   [000] 05 00 0C 03 10 00 00 00  44 00 00 00 01 00 00 00  ........ D.......
  2101.   [010] B8 10 B8 10 F0 53 00 00  0D 00 5C 50 49 50 45 5C  .....S.. ..\PIPE\
  2102.   [020] 6C 73 61 72 70 63 00 00  01 00 00 00 00 00 00 00  lsarpc.. ........
  2103.   [030] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  2104.   [040] 02 00 00 00                                       ....
  2105. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2106.   run_events: Nothing to do
  2107. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2108.   run_events: Nothing to do
  2109. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2110.   got smb length of 176
  2111. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2112.   got message type 0x0 of len 0xb0
  2113. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2114.   Transaction 7 of length 180 (0 toread)
  2115. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2116. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2117.   size=176
  2118.   smb_com=0x25
  2119.   smb_rcls=0
  2120.   smb_reh=0
  2121.   smb_err=0
  2122.   smb_flg=24
  2123.   smb_flg2=51207
  2124.   smb_tid=1
  2125.   smb_pid=1332
  2126.   smb_uid=100
  2127.   smb_mid=448
  2128.   smt_wct=16
  2129.   smb_vwv[ 0]=    0 (0x0)
  2130.   smb_vwv[ 1]=   92 (0x5C)
  2131.   smb_vwv[ 2]=    0 (0x0)
  2132.   smb_vwv[ 3]= 1024 (0x400)
  2133.   smb_vwv[ 4]=    0 (0x0)
  2134.   smb_vwv[ 5]=    0 (0x0)
  2135.   smb_vwv[ 6]=    0 (0x0)
  2136.   smb_vwv[ 7]=    0 (0x0)
  2137.   smb_vwv[ 8]=    0 (0x0)
  2138.   smb_vwv[ 9]=    0 (0x0)
  2139.   smb_vwv[10]=   84 (0x54)
  2140.   smb_vwv[11]=   92 (0x5C)
  2141.   smb_vwv[12]=   84 (0x54)
  2142.   smb_vwv[13]=    2 (0x2)
  2143.   smb_vwv[14]=   38 (0x26)
  2144.   smb_vwv[15]=30485 (0x7715)
  2145.   smb_bcc=109
  2146. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2147.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  2148.   [010] 00 05 00 00 03 10 00 00  00 5C 00 00 00 01 00 00  ........ .\......
  2149.   [020] 00 44 00 00 00 00 00 2C  00 00 00 02 00 0C 00 00  .D....., ........
  2150.   [030] 00 00 00 00 00 0C 00 00  00 5C 00 5C 00 48 00 44  ........ .\.\.H.D
  2151.   [040] 00 53 00 2D 00 4C 00 49  00 4E 00 55 00 58 00 00  .S.-.L.I .N.U.X..
  2152.   [050] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  2153.   [060] 00 00 00 00 00 00 00 00  00 00 00 00 02           ........ .....
  2154. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  2155.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  2156. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  2157.   change_to_user: Skipping user change - already user
  2158. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  2159.   trans <\PIPE\> data=92 params=0 setup=2
  2160. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  2161.   calling named_pipe
  2162. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  2163.   named pipe command on <> name
  2164. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  2165.   api_fd_reply
  2166. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  2167.   search for pipe pnum=7715
  2168. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  2169.   pipe name lsarpc pnum=7715 (pipes_open=1)
  2170. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  2171.   Got API command 0x26 on pipe "lsarpc" (pnum 7715)
  2172. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  2173.   api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
  2174. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  2175.   write_to_pipe: 7715 name: lsarpc open: Yes len: 92
  2176. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  2177.   [000] 05 00 00 03 10 00 00 00  5C 00 00 00 01 00 00 00  ........ \.......
  2178.   [010] 44 00 00 00 00 00 2C 00  00 00 02 00 0C 00 00 00  D.....,. ........
  2179.   [020] 00 00 00 00 0C 00 00 00  5C 00 5C 00 48 00 44 00  ........ \.\.H.D.
  2180.   [030] 53 00 2D 00 4C 00 49 00  4E 00 55 00 58 00 00 00  S.-.L.I. N.U.X...
  2181.   [040] 18 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  2182.   [050] 00 00 00 00 00 00 00 00  00 00 00 02              ........ ....
  2183. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2184.   write_to_pipe: data_left = 92
  2185. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2186.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92
  2187. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  2188.   fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0
  2189. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2190.   write_to_pipe: data_used = 16
  2191. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2192.   write_to_pipe: data_left = 76
  2193. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2194.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76
  2195. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2196.   000000 smb_io_rpc_hdr
  2197. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2198.       0000 major     : 05
  2199. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2200.       0001 minor     : 00
  2201. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2202.       0002 pkt_type  : 00
  2203. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2204.       0003 flags     : 03
  2205. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2206.       0004 pack_type0: 10
  2207. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2208.       0005 pack_type1: 00
  2209. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2210.       0006 pack_type2: 00
  2211. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2212.       0007 pack_type3: 00
  2213. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2214.       0008 frag_len  : 005c
  2215. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2216.       000a auth_len  : 0000
  2217. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2218.       000c call_id   : 00000001
  2219. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  2220.   unmarshall_rpc_header: using little-endian RPC
  2221. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  2222.   unmarshall_rpc_header: type = 0, flags = 3
  2223. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2224.   write_to_pipe: data_used = 0
  2225. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2226.   write_to_pipe: data_left = 76
  2227. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2228.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76
  2229. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  2230.   process_complete_pdu: processing packet type 0
  2231. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2232.   000000 smb_io_rpc_hdr_req req
  2233. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2234.       0000 alloc_hint: 00000044
  2235. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2236.       0004 context_id: 0000
  2237. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2238.       0006 opnum     : 002c
  2239. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2240.   free_pipe_context: destroying talloc pool of size 74
  2241. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  2242.   Requested \PIPE\lsarpc
  2243. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  2244.   api_rpcTNP: lsarpc op 0x2c - created /tmp/in_lsarpc_44.18.prs
  2245. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  2246.   api_rpcTNP: rpc command: LSA_OPENPOLICY2
  2247. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  2248.   api_rpc_cmds[44].fn == 0x4dd620
  2249.       lsa_OpenPolicy2: struct lsa_OpenPolicy2
  2250.           in: struct lsa_OpenPolicy2
  2251.               system_name              : *
  2252.                   system_name              : '\\HDS-LINUX'
  2253.               attr                     : *
  2254.                   attr: struct lsa_ObjectAttribute
  2255.                       len                      : 0x00000018 (24)
  2256.                       root_dir                 : NULL
  2257.                       object_name              : NULL
  2258.                       attributes               : 0x00000000 (0)
  2259.                       sec_desc                 : NULL
  2260.                       sec_qos                  : NULL
  2261.               access_mask              : 0x02000000 (33554432)
  2262.                      0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  2263.                      0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  2264.                      0: LSA_POLICY_GET_PRIVATE_INFORMATION
  2265.                      0: LSA_POLICY_TRUST_ADMIN  
  2266.                      0: LSA_POLICY_CREATE_ACCOUNT
  2267.                      0: LSA_POLICY_CREATE_SECRET
  2268.                      0: LSA_POLICY_CREATE_PRIVILEGE
  2269.                      0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  2270.                      0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  2271.                      0: LSA_POLICY_AUDIT_LOG_ADMIN
  2272.                      0: LSA_POLICY_SERVER_ADMIN  
  2273.                      0: LSA_POLICY_LOOKUP_NAMES  
  2274. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  2275.   se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  2276. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  2277. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  2278.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  2279.   se_access_check: also S-1-1-0
  2280.   se_access_check: also S-1-5-2
  2281.   se_access_check: also S-1-5-32-546
  2282. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
  2283.   Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  2284.   [010] BC 55 00 00                                       .U..
  2285.       lsa_OpenPolicy2: struct lsa_OpenPolicy2
  2286.           out: struct lsa_OpenPolicy2
  2287.               handle                   : *
  2288.                   handle: struct policy_handle
  2289.                       handle_type              : 0x00000000 (0)
  2290.                       uuid                     : 00000001-0000-0000-784b-a962bc550000
  2291.               result                   : NT_STATUS_OK
  2292. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  2293.   created /tmp/out_lsarpc_44.18.prs
  2294. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  2295.   api_rpcTNP: called lsarpc successfully
  2296. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2297.   free_pipe_context: destroying talloc pool of size 852
  2298. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2299.   write_to_pipe: data_used = 76
  2300. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  2301.   read_from_pipe: 7715 name: lsarpc len: 1024
  2302. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  2303.   read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  2304. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2305.   000000 smb_io_rpc_hdr hdr
  2306. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2307.       0000 major     : 05
  2308. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2309.       0001 minor     : 00
  2310. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2311.       0002 pkt_type  : 02
  2312. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2313.       0003 flags     : 03
  2314. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2315.       0004 pack_type0: 10
  2316. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2317.       0005 pack_type1: 00
  2318. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2319.       0006 pack_type2: 00
  2320. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2321.       0007 pack_type3: 00
  2322. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2323.       0008 frag_len  : 0030
  2324. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2325.       000a auth_len  : 0000
  2326. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2327.       000c call_id   : 00000001
  2328. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2329.   000010 smb_io_rpc_hdr_resp resp
  2330. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2331.       0010 alloc_hint: 00000018
  2332. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2333.       0014 context_id: 0000
  2334. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2335.       0016 cancel_ct : 00
  2336. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2337.       0017 reserved  : 00
  2338. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  2339.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  2340. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2341. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2342.   size=104
  2343.   smb_com=0x25
  2344.   smb_rcls=0
  2345.   smb_reh=0
  2346.   smb_err=0
  2347.   smb_flg=136
  2348.   smb_flg2=51201
  2349.   smb_tid=1
  2350.   smb_pid=1332
  2351.   smb_uid=100
  2352.   smb_mid=448
  2353.   smt_wct=10
  2354.   smb_vwv[ 0]=    0 (0x0)
  2355.   smb_vwv[ 1]=   48 (0x30)
  2356.   smb_vwv[ 2]=    0 (0x0)
  2357.   smb_vwv[ 3]=    0 (0x0)
  2358.   smb_vwv[ 4]=   56 (0x38)
  2359.   smb_vwv[ 5]=    0 (0x0)
  2360.   smb_vwv[ 6]=   48 (0x30)
  2361.   smb_vwv[ 7]=   56 (0x38)
  2362.   smb_vwv[ 8]=    0 (0x0)
  2363.   smb_vwv[ 9]=    0 (0x0)
  2364.   smb_bcc=49
  2365. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2366.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 01 00 00  ........ .0......
  2367.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 01 00 00  ........ ........
  2368.   [020] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 00 00 00  .....xK. b.U.....
  2369.   [030] 00                                                .
  2370. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2371.   run_events: Nothing to do
  2372. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2373.   run_events: Nothing to do
  2374. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2375.   got smb length of 130
  2376. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2377.   got message type 0x0 of len 0x82
  2378. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2379.   Transaction 8 of length 134 (0 toread)
  2380. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2381. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2382.   size=130
  2383.   smb_com=0x25
  2384.   smb_rcls=0
  2385.   smb_reh=0
  2386.   smb_err=0
  2387.   smb_flg=24
  2388.   smb_flg2=51207
  2389.   smb_tid=1
  2390.   smb_pid=1332
  2391.   smb_uid=100
  2392.   smb_mid=512
  2393.   smt_wct=16
  2394.   smb_vwv[ 0]=    0 (0x0)
  2395.   smb_vwv[ 1]=   46 (0x2E)
  2396.   smb_vwv[ 2]=    0 (0x0)
  2397.   smb_vwv[ 3]= 1024 (0x400)
  2398.   smb_vwv[ 4]=    0 (0x0)
  2399.   smb_vwv[ 5]=    0 (0x0)
  2400.   smb_vwv[ 6]=    0 (0x0)
  2401.   smb_vwv[ 7]=    0 (0x0)
  2402.   smb_vwv[ 8]=    0 (0x0)
  2403.   smb_vwv[ 9]=    0 (0x0)
  2404.   smb_vwv[10]=   84 (0x54)
  2405.   smb_vwv[11]=   46 (0x2E)
  2406.   smb_vwv[12]=   84 (0x54)
  2407.   smb_vwv[13]=    2 (0x2)
  2408.   smb_vwv[14]=   38 (0x26)
  2409.   smb_vwv[15]=30485 (0x7715)
  2410.   smb_bcc=63
  2411. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2412.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  2413.   [010] 00 05 00 00 03 10 00 00  00 2E 00 00 00 02 00 00  ........ ........
  2414.   [020] 00 16 00 00 00 00 00 2E  00 00 00 00 00 01 00 00  ........ ........
  2415.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 0C 00     .....xK. b.U....
  2416. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  2417.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  2418. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  2419.   change_to_user: Skipping user change - already user
  2420. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  2421.   trans <\PIPE\> data=46 params=0 setup=2
  2422. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  2423.   calling named_pipe
  2424. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  2425.   named pipe command on <> name
  2426. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  2427.   api_fd_reply
  2428. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  2429.   search for pipe pnum=7715
  2430. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  2431.   pipe name lsarpc pnum=7715 (pipes_open=1)
  2432. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  2433.   Got API command 0x26 on pipe "lsarpc" (pnum 7715)
  2434. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  2435.   api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
  2436. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  2437.   write_to_pipe: 7715 name: lsarpc open: Yes len: 46
  2438. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  2439.   [000] 05 00 00 03 10 00 00 00  2E 00 00 00 02 00 00 00  ........ ........
  2440.   [010] 16 00 00 00 00 00 2E 00  00 00 00 00 01 00 00 00  ........ ........
  2441.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00 0C 00        ....xK.b .U....
  2442. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2443.   write_to_pipe: data_left = 46
  2444. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2445.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
  2446. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  2447.   fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
  2448. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2449.   write_to_pipe: data_used = 16
  2450. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2451.   write_to_pipe: data_left = 30
  2452. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2453.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
  2454. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2455.   000000 smb_io_rpc_hdr
  2456. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2457.       0000 major     : 05
  2458. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2459.       0001 minor     : 00
  2460. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2461.       0002 pkt_type  : 00
  2462. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2463.       0003 flags     : 03
  2464. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2465.       0004 pack_type0: 10
  2466. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2467.       0005 pack_type1: 00
  2468. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2469.       0006 pack_type2: 00
  2470. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2471.       0007 pack_type3: 00
  2472. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2473.       0008 frag_len  : 002e
  2474. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2475.       000a auth_len  : 0000
  2476. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2477.       000c call_id   : 00000002
  2478. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  2479.   unmarshall_rpc_header: using little-endian RPC
  2480. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  2481.   unmarshall_rpc_header: type = 0, flags = 3
  2482. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2483.   write_to_pipe: data_used = 0
  2484. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2485.   write_to_pipe: data_left = 30
  2486. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2487.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
  2488. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  2489.   process_complete_pdu: processing packet type 0
  2490. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2491.   000000 smb_io_rpc_hdr_req req
  2492. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2493.       0000 alloc_hint: 00000016
  2494. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2495.       0004 context_id: 0000
  2496. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2497.       0006 opnum     : 002e
  2498. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2499.   free_pipe_context: destroying talloc pool of size 0
  2500. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  2501.   Requested \PIPE\lsarpc
  2502. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  2503.   api_rpcTNP: lsarpc op 0x2e - created /tmp/in_lsarpc_46.18.prs
  2504. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  2505.   api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
  2506. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  2507.   api_rpc_cmds[46].fn == 0x4dd198
  2508.       lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
  2509.           in: struct lsa_QueryInfoPolicy2
  2510.               handle                   : *
  2511.                   handle: struct policy_handle
  2512.                       handle_type              : 0x00000000 (0)
  2513.                       uuid                     : 00000001-0000-0000-784b-a962bc550000
  2514.               level                    : LSA_POLICY_INFO_DNS (12)
  2515. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2339)
  2516.   api_rpcTNP: rng fault return
  2517. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2518.   000000 smb_io_rpc_hdr
  2519. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2520.       0000 major     : 05
  2521. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2522.       0001 minor     : 00
  2523. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2524.       0002 pkt_type  : 03
  2525. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2526.       0003 flags     : 23
  2527. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2528.       0004 pack_type0: 10
  2529. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2530.       0005 pack_type1: 00
  2531. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2532.       0006 pack_type2: 00
  2533. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2534.       0007 pack_type3: 00
  2535. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2536.       0008 frag_len  : 0020
  2537. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2538.       000a auth_len  : 0000
  2539. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2540.       000c call_id   : 00000002
  2541. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2542.   000010 smb_io_rpc_hdr_resp resp
  2543. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2544.       0010 alloc_hint: 00000000
  2545. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2546.       0014 context_id: 0000
  2547. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2548.       0016 cancel_ct : 00
  2549. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2550.       0017 reserved  : 00
  2551. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2552.   000018 smb_io_rpc_hdr_fault fault
  2553. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_dcerpc_status(807)
  2554.       0018 status  : DCERPC_FAULT_OP_RNG_ERROR
  2555. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2556.       001c reserved: 00000000
  2557. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2558.   free_pipe_context: destroying talloc pool of size 0
  2559. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2560.   write_to_pipe: data_used = 30
  2561. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  2562.   read_from_pipe: 7715 name: lsarpc len: 1024
  2563. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
  2564.   read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes.
  2565. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  2566.   copy_trans_params_and_data: params[0..0] data[0..32] (align 0)
  2567. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2568. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2569.   size=88
  2570.   smb_com=0x25
  2571.   smb_rcls=0
  2572.   smb_reh=0
  2573.   smb_err=0
  2574.   smb_flg=136
  2575.   smb_flg2=51201
  2576.   smb_tid=1
  2577.   smb_pid=1332
  2578.   smb_uid=100
  2579.   smb_mid=512
  2580.   smt_wct=10
  2581.   smb_vwv[ 0]=    0 (0x0)
  2582.   smb_vwv[ 1]=   32 (0x20)
  2583.   smb_vwv[ 2]=    0 (0x0)
  2584.   smb_vwv[ 3]=    0 (0x0)
  2585.   smb_vwv[ 4]=   56 (0x38)
  2586.   smb_vwv[ 5]=    0 (0x0)
  2587.   smb_vwv[ 6]=   32 (0x20)
  2588.   smb_vwv[ 7]=   56 (0x38)
  2589.   smb_vwv[ 8]=    0 (0x0)
  2590.   smb_vwv[ 9]=    0 (0x0)
  2591.   smb_bcc=33
  2592. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2593.   [000] 00 05 00 03 23 10 00 00  00 20 00 00 00 02 00 00  ....#... . ......
  2594.   [010] 00 00 00 00 00 00 00 00  00 02 00 01 1C 00 00 00  ........ ........
  2595.   [020] 00                                                .
  2596. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2597.   run_events: Nothing to do
  2598. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2599.   run_events: Nothing to do
  2600. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2601.   got smb length of 130
  2602. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2603.   got message type 0x0 of len 0x82
  2604. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2605.   Transaction 9 of length 134 (0 toread)
  2606. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2607. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2608.   size=130
  2609.   smb_com=0x25
  2610.   smb_rcls=0
  2611.   smb_reh=0
  2612.   smb_err=0
  2613.   smb_flg=24
  2614.   smb_flg2=51207
  2615.   smb_tid=1
  2616.   smb_pid=1332
  2617.   smb_uid=100
  2618.   smb_mid=576
  2619.   smt_wct=16
  2620.   smb_vwv[ 0]=    0 (0x0)
  2621.   smb_vwv[ 1]=   46 (0x2E)
  2622.   smb_vwv[ 2]=    0 (0x0)
  2623.   smb_vwv[ 3]= 1024 (0x400)
  2624.   smb_vwv[ 4]=    0 (0x0)
  2625.   smb_vwv[ 5]=    0 (0x0)
  2626.   smb_vwv[ 6]=    0 (0x0)
  2627.   smb_vwv[ 7]=    0 (0x0)
  2628.   smb_vwv[ 8]=    0 (0x0)
  2629.   smb_vwv[ 9]=    0 (0x0)
  2630.   smb_vwv[10]=   84 (0x54)
  2631.   smb_vwv[11]=   46 (0x2E)
  2632.   smb_vwv[12]=   84 (0x54)
  2633.   smb_vwv[13]=    2 (0x2)
  2634.   smb_vwv[14]=   38 (0x26)
  2635.   smb_vwv[15]=30485 (0x7715)
  2636.   smb_bcc=63
  2637. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2638.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  2639.   [010] 00 05 00 00 03 10 00 00  00 2E 00 00 00 03 00 00  ........ ........
  2640.   [020] 00 16 00 00 00 00 00 07  00 00 00 00 00 01 00 00  ........ ........
  2641.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 03 00     .....xK. b.U....
  2642. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  2643.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  2644. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  2645.   change_to_user: Skipping user change - already user
  2646. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  2647.   trans <\PIPE\> data=46 params=0 setup=2
  2648. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  2649.   calling named_pipe
  2650. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  2651.   named pipe command on <> name
  2652. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  2653.   api_fd_reply
  2654. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  2655.   search for pipe pnum=7715
  2656. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  2657.   pipe name lsarpc pnum=7715 (pipes_open=1)
  2658. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  2659.   Got API command 0x26 on pipe "lsarpc" (pnum 7715)
  2660. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  2661.   api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
  2662. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  2663.   write_to_pipe: 7715 name: lsarpc open: Yes len: 46
  2664. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  2665.   [000] 05 00 00 03 10 00 00 00  2E 00 00 00 03 00 00 00  ........ ........
  2666.   [010] 16 00 00 00 00 00 07 00  00 00 00 00 01 00 00 00  ........ ........
  2667.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00 03 00        ....xK.b .U....
  2668. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2669.   write_to_pipe: data_left = 46
  2670. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2671.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46
  2672. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  2673.   fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0
  2674. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2675.   write_to_pipe: data_used = 16
  2676. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2677.   write_to_pipe: data_left = 30
  2678. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2679.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30
  2680. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2681.   000000 smb_io_rpc_hdr
  2682. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2683.       0000 major     : 05
  2684. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2685.       0001 minor     : 00
  2686. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2687.       0002 pkt_type  : 00
  2688. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2689.       0003 flags     : 03
  2690. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2691.       0004 pack_type0: 10
  2692. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2693.       0005 pack_type1: 00
  2694. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2695.       0006 pack_type2: 00
  2696. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2697.       0007 pack_type3: 00
  2698. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2699.       0008 frag_len  : 002e
  2700. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2701.       000a auth_len  : 0000
  2702. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2703.       000c call_id   : 00000003
  2704. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  2705.   unmarshall_rpc_header: using little-endian RPC
  2706. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  2707.   unmarshall_rpc_header: type = 0, flags = 3
  2708. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2709.   write_to_pipe: data_used = 0
  2710. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  2711.   write_to_pipe: data_left = 30
  2712. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  2713.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30
  2714. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  2715.   process_complete_pdu: processing packet type 0
  2716. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2717.   000000 smb_io_rpc_hdr_req req
  2718. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2719.       0000 alloc_hint: 00000016
  2720. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2721.       0004 context_id: 0000
  2722. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2723.       0006 opnum     : 0007
  2724. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2725.   free_pipe_context: destroying talloc pool of size 0
  2726. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  2727.   Requested \PIPE\lsarpc
  2728. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  2729.   api_rpcTNP: lsarpc op 0x7 - created /tmp/in_lsarpc_7.18.prs
  2730. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  2731.   api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
  2732. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  2733.   api_rpc_cmds[7].fn == 0x4e2868
  2734.       lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
  2735.           in: struct lsa_QueryInfoPolicy
  2736.               handle                   : *
  2737.                   handle: struct policy_handle
  2738.                       handle_type              : 0x00000000 (0)
  2739.                       uuid                     : 00000001-0000-0000-784b-a962bc550000
  2740.               level                    : LSA_POLICY_INFO_DOMAIN (3)
  2741. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  2742.   Found policy hnd[0] [000] 00 00 00 00 01 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  2743.   [010] BC 55 00 00                                       .U..
  2744.       lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
  2745.           out: struct lsa_QueryInfoPolicy
  2746.               info                     : *
  2747.                   info                     : *
  2748.                       info                     : union lsa_PolicyInformation(case 3)
  2749.                       domain: struct lsa_DomainInfo
  2750.                           name: struct lsa_StringLarge
  2751.                               length                   : 0x0000 (0)
  2752.                               size                     : 0x0000 (0)
  2753.                               string                   : *
  2754.                                   string                   : 'SEMARKIT'
  2755.                           sid                      : *
  2756.                               sid                      : S-1-5-21-2934603361-1946261283-2740193522
  2757.               result                   : NT_STATUS_OK
  2758. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  2759.   created /tmp/out_lsarpc_7.18.prs
  2760. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  2761.   api_rpcTNP: called lsarpc successfully
  2762. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  2763.   free_pipe_context: destroying talloc pool of size 140
  2764. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  2765.   write_to_pipe: data_used = 30
  2766. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  2767.   read_from_pipe: 7715 name: lsarpc len: 1024
  2768. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  2769.   read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80.
  2770. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2771.   000000 smb_io_rpc_hdr hdr
  2772. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2773.       0000 major     : 05
  2774. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2775.       0001 minor     : 00
  2776. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2777.       0002 pkt_type  : 02
  2778. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2779.       0003 flags     : 03
  2780. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2781.       0004 pack_type0: 10
  2782. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2783.       0005 pack_type1: 00
  2784. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2785.       0006 pack_type2: 00
  2786. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2787.       0007 pack_type3: 00
  2788. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2789.       0008 frag_len  : 0068
  2790. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2791.       000a auth_len  : 0000
  2792. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2793.       000c call_id   : 00000003
  2794. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  2795.   000010 smb_io_rpc_hdr_resp resp
  2796. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  2797.       0010 alloc_hint: 00000050
  2798. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  2799.       0014 context_id: 0000
  2800. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2801.       0016 cancel_ct : 00
  2802. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  2803.       0017 reserved  : 00
  2804. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  2805.   copy_trans_params_and_data: params[0..0] data[0..104] (align 0)
  2806. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2807. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2808.   size=160
  2809.   smb_com=0x25
  2810.   smb_rcls=0
  2811.   smb_reh=0
  2812.   smb_err=0
  2813.   smb_flg=136
  2814.   smb_flg2=51201
  2815.   smb_tid=1
  2816.   smb_pid=1332
  2817.   smb_uid=100
  2818.   smb_mid=576
  2819.   smt_wct=10
  2820.   smb_vwv[ 0]=    0 (0x0)
  2821.   smb_vwv[ 1]=  104 (0x68)
  2822.   smb_vwv[ 2]=    0 (0x0)
  2823.   smb_vwv[ 3]=    0 (0x0)
  2824.   smb_vwv[ 4]=   56 (0x38)
  2825.   smb_vwv[ 5]=    0 (0x0)
  2826.   smb_vwv[ 6]=  104 (0x68)
  2827.   smb_vwv[ 7]=   56 (0x38)
  2828.   smb_vwv[ 8]=    0 (0x0)
  2829.   smb_vwv[ 9]=    0 (0x0)
  2830.   smb_bcc=105
  2831. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2832.   [000] 00 05 00 02 03 10 00 00  00 68 00 00 00 03 00 00  ........ .h......
  2833.   [010] 00 50 00 00 00 00 00 00  00 00 00 02 00 03 00 00  .P...... ........
  2834.   [020] 00 10 00 12 00 04 00 02  00 08 00 02 00 09 00 00  ........ ........
  2835.   [030] 00 00 00 00 00 08 00 00  00 53 00 45 00 4D 00 41  ........ .S.E.M.A
  2836.   [040] 00 52 00 4B 00 49 00 54  00 04 00 00 00 01 04 00  .R.K.I.T ........
  2837.   [050] 00 00 00 00 05 15 00 00  00 61 7E EA AE 23 97 01  ........ .a~..#..
  2838.   [060] 74 F2 08 54 A3 00 00 00  00                       t..T.... .
  2839. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2840.   run_events: Nothing to do
  2841. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2842.   run_events: Nothing to do
  2843. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2844.   got smb length of 100
  2845. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2846.   got message type 0x0 of len 0x64
  2847. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2848.   Transaction 10 of length 104 (0 toread)
  2849. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2850. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2851.   size=100
  2852.   smb_com=0xa2
  2853.   smb_rcls=0
  2854.   smb_reh=0
  2855.   smb_err=0
  2856.   smb_flg=24
  2857.   smb_flg2=51207
  2858.   smb_tid=1
  2859.   smb_pid=1332
  2860.   smb_uid=100
  2861.   smb_mid=640
  2862.   smt_wct=24
  2863.   smb_vwv[ 0]=  255 (0xFF)
  2864.   smb_vwv[ 1]=57054 (0xDEDE)
  2865.   smb_vwv[ 2]= 3584 (0xE00)
  2866.   smb_vwv[ 3]= 5632 (0x1600)
  2867.   smb_vwv[ 4]=    0 (0x0)
  2868.   smb_vwv[ 5]=    0 (0x0)
  2869.   smb_vwv[ 6]=    0 (0x0)
  2870.   smb_vwv[ 7]=40704 (0x9F00)
  2871.   smb_vwv[ 8]=  513 (0x201)
  2872.   smb_vwv[ 9]=    0 (0x0)
  2873.   smb_vwv[10]=    0 (0x0)
  2874.   smb_vwv[11]=    0 (0x0)
  2875.   smb_vwv[12]=    0 (0x0)
  2876.   smb_vwv[13]=    0 (0x0)
  2877.   smb_vwv[14]=    0 (0x0)
  2878.   smb_vwv[15]=  768 (0x300)
  2879.   smb_vwv[16]=    0 (0x0)
  2880.   smb_vwv[17]=  256 (0x100)
  2881.   smb_vwv[18]=    0 (0x0)
  2882.   smb_vwv[19]=16384 (0x4000)
  2883.   smb_vwv[20]=    0 (0x0)
  2884.   smb_vwv[21]=  512 (0x200)
  2885.   smb_vwv[22]=    0 (0x0)
  2886.   smb_vwv[23]=  768 (0x300)
  2887.   smb_bcc=17
  2888. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  2889.   [000] 00 5C 00 77 00 69 00 6E  00 72 00 65 00 67 00 00  .\.w.i.n .r.e.g..
  2890.   [010] 00                                                .
  2891. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  2892.   switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
  2893. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  2894.   created /tmp/SMBntcreateX.69.req len 104
  2895. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  2896.   change_to_user: Skipping user change - already user
  2897. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
  2898.   reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = winreg
  2899. [2010/02/14 20:52:57,  4] smbd/nttrans.c:nt_open_pipe(295)
  2900.   nt_open_pipe: Opening pipe \winreg.
  2901. [2010/02/14 20:52:57,  3] smbd/nttrans.c:nt_open_pipe(320)
  2902.   nt_open_pipe: Known pipe winreg opening.
  2903. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
  2904.   Open pipe requested winreg (pipes_open=1)
  2905. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
  2906.   open_rpc_pipe_p: name lsarpc pnum=7715
  2907. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
  2908.   Create pipe requested winreg
  2909. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
  2910.   init_pipe_handles: created handle list for pipe winreg
  2911. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
  2912.   init_pipe_handles: pipe_handles ref count = 1 for pipe winreg
  2913. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
  2914.   Created internal pipe winreg (pipes_open=1)
  2915. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
  2916.   Opened pipe winreg with handle 7716 (pipes_open=2)
  2917. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  2918.   open pipes: name winreg pnum=7716
  2919. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  2920.   open pipes: name lsarpc pnum=7715
  2921. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  2922.   Locking key 77696E7265672F32313934382F333034383600
  2923. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  2924.   Allocated locked data 0x0x1109230
  2925. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  2926.   Unlocking key 77696E7265672F32313934382F333034383600
  2927. [2010/02/14 20:52:57,  5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
  2928.   do_ntcreate_pipe_open: open pipe = \winreg
  2929. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2930. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2931.   size=135
  2932.   smb_com=0xa2
  2933.   smb_rcls=0
  2934.   smb_reh=0
  2935.   smb_err=0
  2936.   smb_flg=136
  2937.   smb_flg2=51201
  2938.   smb_tid=1
  2939.   smb_pid=1332
  2940.   smb_uid=100
  2941.   smb_mid=640
  2942.   smt_wct=42
  2943.   smb_vwv[ 0]=  255 (0xFF)
  2944.   smb_vwv[ 1]=    0 (0x0)
  2945.   smb_vwv[ 2]= 5632 (0x1600)
  2946.   smb_vwv[ 3]=  375 (0x177)
  2947.   smb_vwv[ 4]=    0 (0x0)
  2948.   smb_vwv[ 5]=    0 (0x0)
  2949.   smb_vwv[ 6]=    0 (0x0)
  2950.   smb_vwv[ 7]=    0 (0x0)
  2951.   smb_vwv[ 8]=    0 (0x0)
  2952.   smb_vwv[ 9]=    0 (0x0)
  2953.   smb_vwv[10]=    0 (0x0)
  2954.   smb_vwv[11]=    0 (0x0)
  2955.   smb_vwv[12]=    0 (0x0)
  2956.   smb_vwv[13]=    0 (0x0)
  2957.   smb_vwv[14]=    0 (0x0)
  2958.   smb_vwv[15]=    0 (0x0)
  2959.   smb_vwv[16]=    0 (0x0)
  2960.   smb_vwv[17]=    0 (0x0)
  2961.   smb_vwv[18]=    0 (0x0)
  2962.   smb_vwv[19]=    0 (0x0)
  2963.   smb_vwv[20]=    0 (0x0)
  2964.   smb_vwv[21]=32768 (0x8000)
  2965.   smb_vwv[22]=    0 (0x0)
  2966.   smb_vwv[23]=    0 (0x0)
  2967.   smb_vwv[24]=    0 (0x0)
  2968.   smb_vwv[25]=    0 (0x0)
  2969.   smb_vwv[26]=    0 (0x0)
  2970.   smb_vwv[27]=    0 (0x0)
  2971.   smb_vwv[28]=    0 (0x0)
  2972.   smb_vwv[29]=    0 (0x0)
  2973.   smb_vwv[30]=    0 (0x0)
  2974.   smb_vwv[31]=  512 (0x200)
  2975.   smb_vwv[32]=65280 (0xFF00)
  2976.   smb_vwv[33]=    5 (0x5)
  2977.   smb_vwv[34]=    0 (0x0)
  2978.   smb_vwv[35]=    0 (0x0)
  2979.   smb_vwv[36]=    0 (0x0)
  2980.   smb_vwv[37]=    0 (0x0)
  2981.   smb_vwv[38]=    0 (0x0)
  2982.   smb_vwv[39]=    0 (0x0)
  2983.   smb_vwv[40]=    0 (0x0)
  2984.   smb_vwv[41]=    0 (0x0)
  2985.   smb_bcc=0
  2986. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2987.   run_events: Nothing to do
  2988. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  2989.   run_events: Nothing to do
  2990. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  2991.   got smb length of 136
  2992. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  2993.   got message type 0x0 of len 0x88
  2994. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  2995.   Transaction 11 of length 140 (0 toread)
  2996. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  2997. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  2998.   size=136
  2999.   smb_com=0x2f
  3000.   smb_rcls=0
  3001.   smb_reh=0
  3002.   smb_err=0
  3003.   smb_flg=24
  3004.   smb_flg2=51207
  3005.   smb_tid=1
  3006.   smb_pid=65279
  3007.   smb_uid=100
  3008.   smb_mid=704
  3009.   smt_wct=14
  3010.   smb_vwv[ 0]=  255 (0xFF)
  3011.   smb_vwv[ 1]=57054 (0xDEDE)
  3012.   smb_vwv[ 2]=30486 (0x7716)
  3013.   smb_vwv[ 3]=    0 (0x0)
  3014.   smb_vwv[ 4]=    0 (0x0)
  3015.   smb_vwv[ 5]=65535 (0xFFFF)
  3016.   smb_vwv[ 6]=65535 (0xFFFF)
  3017.   smb_vwv[ 7]=    8 (0x8)
  3018.   smb_vwv[ 8]=   72 (0x48)
  3019.   smb_vwv[ 9]=    0 (0x0)
  3020.   smb_vwv[10]=   72 (0x48)
  3021.   smb_vwv[11]=   64 (0x40)
  3022.   smb_vwv[12]=    0 (0x0)
  3023.   smb_vwv[13]=    0 (0x0)
  3024.   smb_bcc=73
  3025. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  3026.   [000] EE 05 00 0B 03 10 00 00  00 48 00 00 00 01 00 00  ........ .H......
  3027.   [010] 00 B8 10 B8 10 00 00 00  00 01 00 00 00 00 00 01  ........ ........
  3028.   [020] 00 01 D0 8C 33 44 22 F1  31 AA AA 90 00 38 00 10  ....3D". 1....8..
  3029.   [030] 03 01 00 00 00 04 5D 88  8A EB 1C C9 11 9F E8 08  ......]. ........
  3030.   [040] 00 2B 10 48 60 02 00 00  00                       .+.H`... .
  3031. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  3032.   switch message SMBwriteX (pid 21948) conn 0x10fd8d0
  3033. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  3034.   created /tmp/SMBwriteX.69.req len 140
  3035. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  3036.   change_to_user: Skipping user change - already user
  3037. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  3038.   search for pipe pnum=7716
  3039. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3040.   pipe name winreg pnum=7716 (pipes_open=2)
  3041. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3042.   pipe name lsarpc pnum=7715 (pipes_open=2)
  3043. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  3044.   write_to_pipe: 7716 name: winreg open: Yes len: 72
  3045. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  3046.   [000] 05 00 0B 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  3047.   [010] B8 10 B8 10 00 00 00 00  01 00 00 00 00 00 01 00  ........ ........
  3048.   [020] 01 D0 8C 33 44 22 F1 31  AA AA 90 00 38 00 10 03  ...3D".1 ....8...
  3049.   [030] 01 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  3050.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  3051. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3052.   write_to_pipe: data_left = 72
  3053. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3054.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
  3055. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  3056.   fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
  3057. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3058.   write_to_pipe: data_used = 16
  3059. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3060.   write_to_pipe: data_left = 56
  3061. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3062.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
  3063. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3064.   000000 smb_io_rpc_hdr
  3065. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3066.       0000 major     : 05
  3067. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3068.       0001 minor     : 00
  3069. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3070.       0002 pkt_type  : 0b
  3071. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3072.       0003 flags     : 03
  3073. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3074.       0004 pack_type0: 10
  3075. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3076.       0005 pack_type1: 00
  3077. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3078.       0006 pack_type2: 00
  3079. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3080.       0007 pack_type3: 00
  3081. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3082.       0008 frag_len  : 0048
  3083. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3084.       000a auth_len  : 0000
  3085. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3086.       000c call_id   : 00000001
  3087. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  3088.   unmarshall_rpc_header: using little-endian RPC
  3089. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  3090.   unmarshall_rpc_header: type = 11, flags = 3
  3091. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3092.   write_to_pipe: data_used = 0
  3093. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3094.   write_to_pipe: data_left = 56
  3095. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3096.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
  3097. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  3098.   process_complete_pdu: processing packet type 11
  3099. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
  3100.   api_pipe_bind_req: decode request. 1553
  3101. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
  3102.   api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
  3103. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3104.   000000 smb_io_rpc_hdr_rb
  3105. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3106.       000000 smb_io_rpc_hdr_bba
  3107. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3108.           0000 max_tsize: 10b8
  3109. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3110.           0002 max_rsize: 10b8
  3111. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3112.           0004 assoc_gid: 00000000
  3113. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3114.       0008 num_contexts: 01
  3115. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3116.       000c context_id  : 0000
  3117. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3118.       000e num_transfer_syntaxes: 01
  3119. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3120.       00000f smb_io_rpc_iface
  3121. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  3122.           000010 smb_io_uuid uuid
  3123. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3124.               0010 data   : 338cd001
  3125. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3126.               0014 data   : 2244
  3127. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3128.               0016 data   : 31f1
  3129. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3130.               0018 data   : aa aa
  3131. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3132.               001a data   : 90 00 38 00 10 03
  3133. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3134.           0020 version: 00000001
  3135. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3136.       000024 smb_io_rpc_iface
  3137. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  3138.           000024 smb_io_uuid uuid
  3139. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3140.               0024 data   : 8a885d04
  3141. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3142.               0028 data   : 1ceb
  3143. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3144.               002a data   : 11c9
  3145. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3146.               002c data   : 9f e8
  3147. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3148.               002e data   : 08 00 2b 10 48 60
  3149. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3150.           0034 version: 00000002
  3151. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
  3152.   api_pipe_bind_req: make response. 1608
  3153. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:check_bind_req(991)
  3154.   check_bind_req for \PIPE\winreg
  3155.   checking \PIPE\lsarpc
  3156.   checking \PIPE\lsarpc
  3157.   checking \PIPE\samr
  3158.   checking \PIPE\NETLOGON
  3159.   checking \PIPE\srvsvc
  3160.   checking \PIPE\wkssvc
  3161.   checking \PIPE\winreg
  3162. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3163.   000000 smb_io_rpc_hdr_ba
  3164. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3165.       000000 smb_io_rpc_hdr_bba
  3166. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3167.           0000 max_tsize: 10b8
  3168. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3169.           0002 max_rsize: 10b8
  3170. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3171.           0004 assoc_gid: 000053f0
  3172. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3173.       000008 smb_io_rpc_addr_str
  3174. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3175.           0008 len: 000d
  3176. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3177.           000a str: \PIPE\winreg.
  3178. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3179.       000017 smb_io_rpc_results
  3180. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3181.           0018 num_results: 01
  3182. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3183.           001c result     : 0000
  3184. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3185.           001e reason     : 0000
  3186. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  3187.       000020 smb_io_rpc_iface
  3188. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  3189.           000020 smb_io_uuid uuid
  3190. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3191.               0020 data   : 8a885d04
  3192. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3193.               0024 data   : 1ceb
  3194. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3195.               0026 data   : 11c9
  3196. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3197.               0028 data   : 9f e8
  3198. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  3199.               002a data   : 08 00 2b 10 48 60
  3200. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3201.           0030 version: 00000002
  3202. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3203.   000000 smb_io_rpc_hdr
  3204. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3205.       0000 major     : 05
  3206. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3207.       0001 minor     : 00
  3208. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3209.       0002 pkt_type  : 0c
  3210. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3211.       0003 flags     : 03
  3212. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3213.       0004 pack_type0: 10
  3214. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3215.       0005 pack_type1: 00
  3216. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3217.       0006 pack_type2: 00
  3218. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3219.       0007 pack_type3: 00
  3220. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3221.       0008 frag_len  : 0044
  3222. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3223.       000a auth_len  : 0000
  3224. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3225.       000c call_id   : 00000001
  3226. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3227.   write_to_pipe: data_used = 56
  3228. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_write_and_X(251)
  3229.   writeX-IPC pnum=7716 nwritten=72
  3230. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3231. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3232.   size=47
  3233.   smb_com=0x2f
  3234.   smb_rcls=0
  3235.   smb_reh=0
  3236.   smb_err=0
  3237.   smb_flg=136
  3238.   smb_flg2=51201
  3239.   smb_tid=1
  3240.   smb_pid=65279
  3241.   smb_uid=100
  3242.   smb_mid=704
  3243.   smt_wct=6
  3244.   smb_vwv[ 0]=  255 (0xFF)
  3245.   smb_vwv[ 1]=    0 (0x0)
  3246.   smb_vwv[ 2]=   72 (0x48)
  3247.   smb_vwv[ 3]=    0 (0x0)
  3248.   smb_vwv[ 4]=    0 (0x0)
  3249.   smb_vwv[ 5]=    0 (0x0)
  3250.   smb_bcc=0
  3251. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3252.   run_events: Nothing to do
  3253. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3254.   run_events: Nothing to do
  3255. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  3256.   got smb length of 59
  3257. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  3258.   got message type 0x0 of len 0x3b
  3259. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  3260.   Transaction 12 of length 63 (0 toread)
  3261. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3262. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3263.   size=59
  3264.   smb_com=0x2e
  3265.   smb_rcls=0
  3266.   smb_reh=0
  3267.   smb_err=0
  3268.   smb_flg=24
  3269.   smb_flg2=51207
  3270.   smb_tid=1
  3271.   smb_pid=65279
  3272.   smb_uid=100
  3273.   smb_mid=768
  3274.   smt_wct=12
  3275.   smb_vwv[ 0]=  255 (0xFF)
  3276.   smb_vwv[ 1]=57054 (0xDEDE)
  3277.   smb_vwv[ 2]=30486 (0x7716)
  3278.   smb_vwv[ 3]=    0 (0x0)
  3279.   smb_vwv[ 4]=    0 (0x0)
  3280.   smb_vwv[ 5]= 1024 (0x400)
  3281.   smb_vwv[ 6]= 1024 (0x400)
  3282.   smb_vwv[ 7]=65535 (0xFFFF)
  3283.   smb_vwv[ 8]=65535 (0xFFFF)
  3284.   smb_vwv[ 9]= 1024 (0x400)
  3285.   smb_vwv[10]=    0 (0x0)
  3286.   smb_vwv[11]=    0 (0x0)
  3287.   smb_bcc=0
  3288. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  3289.   switch message SMBreadX (pid 21948) conn 0x10fd8d0
  3290. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  3291.   created /tmp/SMBreadX.69.req len 63
  3292. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  3293.   change_to_user: Skipping user change - already user
  3294. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  3295.   search for pipe pnum=7716
  3296. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3297.   pipe name winreg pnum=7716 (pipes_open=2)
  3298. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3299.   pipe name lsarpc pnum=7715 (pipes_open=2)
  3300. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  3301.   read_from_pipe: 7716 name: winreg len: 1024
  3302. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
  3303.   read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes.
  3304. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_read_and_X(301)
  3305.   readX-IPC pnum=7716 min=1024 max=1024 nread=68
  3306. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3307. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3308.   size=127
  3309.   smb_com=0x2e
  3310.   smb_rcls=0
  3311.   smb_reh=0
  3312.   smb_err=0
  3313.   smb_flg=136
  3314.   smb_flg2=51201
  3315.   smb_tid=1
  3316.   smb_pid=65279
  3317.   smb_uid=100
  3318.   smb_mid=768
  3319.   smt_wct=12
  3320.   smb_vwv[ 0]=  255 (0xFF)
  3321.   smb_vwv[ 1]=    0 (0x0)
  3322.   smb_vwv[ 2]=    0 (0x0)
  3323.   smb_vwv[ 3]=    0 (0x0)
  3324.   smb_vwv[ 4]=    0 (0x0)
  3325.   smb_vwv[ 5]=   68 (0x44)
  3326.   smb_vwv[ 6]=   59 (0x3B)
  3327.   smb_vwv[ 7]=    0 (0x0)
  3328.   smb_vwv[ 8]=    0 (0x0)
  3329.   smb_vwv[ 9]=    0 (0x0)
  3330.   smb_vwv[10]=    0 (0x0)
  3331.   smb_vwv[11]=    0 (0x0)
  3332.   smb_bcc=68
  3333. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  3334.   [000] 05 00 0C 03 10 00 00 00  44 00 00 00 01 00 00 00  ........ D.......
  3335.   [010] B8 10 B8 10 F0 53 00 00  0D 00 5C 50 49 50 45 5C  .....S.. ..\PIPE\
  3336.   [020] 77 69 6E 72 65 67 00 00  01 00 00 00 00 00 00 00  winreg.. ........
  3337.   [030] 04 5D 88 8A EB 1C C9 11  9F E8 08 00 2B 10 48 60  .]...... ....+.H`
  3338.   [040] 02 00 00 00                                       ....
  3339. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3340.   run_events: Nothing to do
  3341. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3342.   run_events: Nothing to do
  3343. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  3344.   got smb length of 120
  3345. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  3346.   got message type 0x0 of len 0x78
  3347. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  3348.   Transaction 13 of length 124 (0 toread)
  3349. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3350. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3351.   size=120
  3352.   smb_com=0x25
  3353.   smb_rcls=0
  3354.   smb_reh=0
  3355.   smb_err=0
  3356.   smb_flg=24
  3357.   smb_flg2=51207
  3358.   smb_tid=1
  3359.   smb_pid=1332
  3360.   smb_uid=100
  3361.   smb_mid=832
  3362.   smt_wct=16
  3363.   smb_vwv[ 0]=    0 (0x0)
  3364.   smb_vwv[ 1]=   36 (0x24)
  3365.   smb_vwv[ 2]=    0 (0x0)
  3366.   smb_vwv[ 3]= 1024 (0x400)
  3367.   smb_vwv[ 4]=    0 (0x0)
  3368.   smb_vwv[ 5]=    0 (0x0)
  3369.   smb_vwv[ 6]=    0 (0x0)
  3370.   smb_vwv[ 7]=    0 (0x0)
  3371.   smb_vwv[ 8]=    0 (0x0)
  3372.   smb_vwv[ 9]=    0 (0x0)
  3373.   smb_vwv[10]=   84 (0x54)
  3374.   smb_vwv[11]=   36 (0x24)
  3375.   smb_vwv[12]=   84 (0x54)
  3376.   smb_vwv[13]=    2 (0x2)
  3377.   smb_vwv[14]=   38 (0x26)
  3378.   smb_vwv[15]=30486 (0x7716)
  3379.   smb_bcc=53
  3380. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  3381.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  3382.   [010] 00 05 00 00 03 10 00 00  00 24 00 00 00 01 00 00  ........ .$......
  3383.   [020] 00 0C 00 00 00 00 00 02  00 00 00 02 00 30 C9 01  ........ .....0..
  3384.   [030] 00 00 00 00 02                                    .....
  3385. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  3386.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  3387. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  3388.   change_to_user: Skipping user change - already user
  3389. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  3390.   trans <\PIPE\> data=36 params=0 setup=2
  3391. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  3392.   calling named_pipe
  3393. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  3394.   named pipe command on <> name
  3395. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  3396.   api_fd_reply
  3397. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  3398.   search for pipe pnum=7716
  3399. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3400.   pipe name winreg pnum=7716 (pipes_open=2)
  3401. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3402.   pipe name lsarpc pnum=7715 (pipes_open=2)
  3403. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  3404.   Got API command 0x26 on pipe "winreg" (pnum 7716)
  3405. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  3406.   api_fd_reply: p:0x11090b0 max_trans_reply: 1024
  3407. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  3408.   write_to_pipe: 7716 name: winreg open: Yes len: 36
  3409. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  3410.   [000] 05 00 00 03 10 00 00 00  24 00 00 00 01 00 00 00  ........ $.......
  3411.   [010] 0C 00 00 00 00 00 02 00  00 00 02 00 30 C9 01 00  ........ ....0...
  3412.   [020] 00 00 00 02                                       ....
  3413. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3414.   write_to_pipe: data_left = 36
  3415. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3416.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36
  3417. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  3418.   fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0
  3419. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3420.   write_to_pipe: data_used = 16
  3421. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3422.   write_to_pipe: data_left = 20
  3423. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3424.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20
  3425. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3426.   000000 smb_io_rpc_hdr
  3427. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3428.       0000 major     : 05
  3429. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3430.       0001 minor     : 00
  3431. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3432.       0002 pkt_type  : 00
  3433. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3434.       0003 flags     : 03
  3435. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3436.       0004 pack_type0: 10
  3437. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3438.       0005 pack_type1: 00
  3439. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3440.       0006 pack_type2: 00
  3441. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3442.       0007 pack_type3: 00
  3443. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3444.       0008 frag_len  : 0024
  3445. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3446.       000a auth_len  : 0000
  3447. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3448.       000c call_id   : 00000001
  3449. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  3450.   unmarshall_rpc_header: using little-endian RPC
  3451. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  3452.   unmarshall_rpc_header: type = 0, flags = 3
  3453. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3454.   write_to_pipe: data_used = 0
  3455. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3456.   write_to_pipe: data_left = 20
  3457. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3458.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20
  3459. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  3460.   process_complete_pdu: processing packet type 0
  3461. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3462.   000000 smb_io_rpc_hdr_req req
  3463. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3464.       0000 alloc_hint: 0000000c
  3465. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3466.       0004 context_id: 0000
  3467. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3468.       0006 opnum     : 0002
  3469. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  3470.   free_pipe_context: destroying talloc pool of size 74
  3471. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  3472.   Requested \PIPE\winreg
  3473. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  3474.   api_rpcTNP: winreg op 0x2 - created /tmp/in_winreg_2.18.prs
  3475. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  3476.   api_rpcTNP: rpc command: WINREG_OPENHKLM
  3477. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  3478.   api_rpc_cmds[2].fn == 0x4e8140
  3479.       winreg_OpenHKLM: struct winreg_OpenHKLM
  3480.           in: struct winreg_OpenHKLM
  3481.               system_name              : *
  3482.                   system_name              : 0xc930 (51504)
  3483.               access_mask              : 0x02000000 (33554432)
  3484.                      0: KEY_QUERY_VALUE          
  3485.                      0: KEY_SET_VALUE            
  3486.                      0: KEY_CREATE_SUB_KEY      
  3487.                      0: KEY_ENUMERATE_SUB_KEYS  
  3488.                      0: KEY_NOTIFY              
  3489.                      0: KEY_CREATE_LINK          
  3490.                      0: KEY_WOW64_64KEY          
  3491.                      0: KEY_WOW64_32KEY          
  3492. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  3493.   regkey_open_onelevel: name = [HKLM]
  3494. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  3495.   push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
  3496. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  3497.   push_conn_ctx(100) : conn_ctx_stack_ndx = 0
  3498. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  3499.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  3500. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  3501.   NT user token: (NULL)
  3502. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  3503.   UNIX token of user 0
  3504.   Primary group is 0 and contains 0 supplementary groups
  3505. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  3506.   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
  3507. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(409)
  3508.   regdb_open: refcount reset (1)
  3509. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  3510.   reghook_cache_find: Searching for keyname [/HKLM]
  3511. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  3512.   pathtree_find: Enter [/HKLM]
  3513. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3514.   pathtree_find: [loop] base => [HKLM], new_path => []
  3515. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3516.   pathtree_find_child: child key => [HKLM]
  3517. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3518.   pathtree_find_child: child key => [HKPT]
  3519. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3520.   pathtree_find_child: Found [HKLM]
  3521. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  3522.   pathtree_find: Found data_p!
  3523. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  3524.   pathtree_find: Exit
  3525. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  3526.   reghook_cache_find: found ops 0xb89e00 for key [/HKLM]
  3527. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  3528.   regdb_fetch_keys: Enter key => [HKLM]
  3529. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3530.   tdb_unpack(d, 20) -> 4
  3531. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3532.   tdb_unpack(f, 16) -> 9
  3533. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3534.   tdb_unpack(f, 7) -> 7
  3535. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  3536.   regdb_fetch_keys: Exit [2] items
  3537. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
  3538.   regdb_get_secdesc: Getting secdesc of key [HKLM]
  3539. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  3540.   se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  3541. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  3542. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  3543.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  3544.   se_access_check: also S-1-1-0
  3545.   se_access_check: also S-1-5-2
  3546.   se_access_check: also S-1-5-32-546
  3547. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
  3548.   Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  3549.   [010] BC 55 00 00                                       .U..
  3550.       winreg_OpenHKLM: struct winreg_OpenHKLM
  3551.           out: struct winreg_OpenHKLM
  3552.               handle                   : *
  3553.                   handle: struct policy_handle
  3554.                       handle_type              : 0x00000000 (0)
  3555.                       uuid                     : 00000002-0000-0000-784b-a962bc550000
  3556.               result                   : WERR_OK
  3557. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  3558.   created /tmp/out_winreg_2.18.prs
  3559. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  3560.   api_rpcTNP: called winreg successfully
  3561. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  3562.   free_pipe_context: destroying talloc pool of size 0
  3563. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3564.   write_to_pipe: data_used = 20
  3565. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  3566.   read_from_pipe: 7716 name: winreg len: 1024
  3567. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  3568.   read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  3569. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3570.   000000 smb_io_rpc_hdr hdr
  3571. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3572.       0000 major     : 05
  3573. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3574.       0001 minor     : 00
  3575. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3576.       0002 pkt_type  : 02
  3577. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3578.       0003 flags     : 03
  3579. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3580.       0004 pack_type0: 10
  3581. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3582.       0005 pack_type1: 00
  3583. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3584.       0006 pack_type2: 00
  3585. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3586.       0007 pack_type3: 00
  3587. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3588.       0008 frag_len  : 0030
  3589. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3590.       000a auth_len  : 0000
  3591. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3592.       000c call_id   : 00000001
  3593. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3594.   000010 smb_io_rpc_hdr_resp resp
  3595. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3596.       0010 alloc_hint: 00000018
  3597. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3598.       0014 context_id: 0000
  3599. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3600.       0016 cancel_ct : 00
  3601. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3602.       0017 reserved  : 00
  3603. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  3604.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  3605. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3606. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3607.   size=104
  3608.   smb_com=0x25
  3609.   smb_rcls=0
  3610.   smb_reh=0
  3611.   smb_err=0
  3612.   smb_flg=136
  3613.   smb_flg2=51201
  3614.   smb_tid=1
  3615.   smb_pid=1332
  3616.   smb_uid=100
  3617.   smb_mid=832
  3618.   smt_wct=10
  3619.   smb_vwv[ 0]=    0 (0x0)
  3620.   smb_vwv[ 1]=   48 (0x30)
  3621.   smb_vwv[ 2]=    0 (0x0)
  3622.   smb_vwv[ 3]=    0 (0x0)
  3623.   smb_vwv[ 4]=   56 (0x38)
  3624.   smb_vwv[ 5]=    0 (0x0)
  3625.   smb_vwv[ 6]=   48 (0x30)
  3626.   smb_vwv[ 7]=   56 (0x38)
  3627.   smb_vwv[ 8]=    0 (0x0)
  3628.   smb_vwv[ 9]=    0 (0x0)
  3629.   smb_bcc=49
  3630. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  3631.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 01 00 00  ........ .0......
  3632.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 02 00 00  ........ ........
  3633.   [020] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 00 00 00  .....xK. b.U.....
  3634.   [030] 00                                                .
  3635. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3636.   run_events: Nothing to do
  3637. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  3638.   run_events: Nothing to do
  3639. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  3640.   got smb length of 268
  3641. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  3642.   got message type 0x0 of len 0x10c
  3643. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  3644.   Transaction 14 of length 272 (0 toread)
  3645. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  3646. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  3647.   size=268
  3648.   smb_com=0x25
  3649.   smb_rcls=0
  3650.   smb_reh=0
  3651.   smb_err=0
  3652.   smb_flg=24
  3653.   smb_flg2=51207
  3654.   smb_tid=1
  3655.   smb_pid=1332
  3656.   smb_uid=100
  3657.   smb_mid=896
  3658.   smt_wct=16
  3659.   smb_vwv[ 0]=    0 (0x0)
  3660.   smb_vwv[ 1]=  184 (0xB8)
  3661.   smb_vwv[ 2]=    0 (0x0)
  3662.   smb_vwv[ 3]= 1024 (0x400)
  3663.   smb_vwv[ 4]=    0 (0x0)
  3664.   smb_vwv[ 5]=    0 (0x0)
  3665.   smb_vwv[ 6]=    0 (0x0)
  3666.   smb_vwv[ 7]=    0 (0x0)
  3667.   smb_vwv[ 8]=    0 (0x0)
  3668.   smb_vwv[ 9]=    0 (0x0)
  3669.   smb_vwv[10]=   84 (0x54)
  3670.   smb_vwv[11]=  184 (0xB8)
  3671.   smb_vwv[12]=   84 (0x54)
  3672.   smb_vwv[13]=    2 (0x2)
  3673.   smb_vwv[14]=   38 (0x26)
  3674.   smb_vwv[15]=30486 (0x7716)
  3675.   smb_bcc=201
  3676. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  3677.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  3678.   [010] 00 05 00 00 03 10 00 00  00 B8 00 00 00 02 00 00  ........ ........
  3679.   [020] 00 A0 00 00 00 00 00 0F  00 00 00 00 00 02 00 00  ........ ........
  3680.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 6E 00 6E  .....xK. b.U..n.n
  3681.   [040] 00 00 00 02 00 37 00 00  00 00 00 00 00 37 00 00  .....7.. .....7..
  3682.   [050] 00 53 00 79 00 73 00 74  00 65 00 6D 00 5C 00 43  .S.y.s.t .e.m.\.C
  3683.   [060] 00 75 00 72 00 72 00 65  00 6E 00 74 00 43 00 6F  .u.r.r.e .n.t.C.o
  3684.   [070] 00 6E 00 74 00 72 00 6F  00 6C 00 53 00 65 00 74  .n.t.r.o .l.S.e.t
  3685.   [080] 00 5C 00 73 00 65 00 72  00 76 00 69 00 63 00 65  .\.s.e.r .v.i.c.e
  3686.   [090] 00 73 00 5C 00 4E 00 65  00 74 00 6C 00 6F 00 67  .s.\.N.e .t.l.o.g
  3687.   [0A0] 00 6F 00 6E 00 5C 00 70  00 61 00 72 00 61 00 6D  .o.n.\.p .a.r.a.m
  3688.   [0B0] 00 65 00 74 00 65 00 72  00 73 00 5C 00 00 00 00  .e.t.e.r .s.\....
  3689.   [0C0] 00 00 00 00 00 19 00 02  00                       ........ .
  3690. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  3691.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  3692. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  3693.   change_to_user: Skipping user change - already user
  3694. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  3695.   trans <\PIPE\> data=184 params=0 setup=2
  3696. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  3697.   calling named_pipe
  3698. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  3699.   named pipe command on <> name
  3700. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  3701.   api_fd_reply
  3702. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  3703.   search for pipe pnum=7716
  3704. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3705.   pipe name winreg pnum=7716 (pipes_open=2)
  3706. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  3707.   pipe name lsarpc pnum=7715 (pipes_open=2)
  3708. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  3709.   Got API command 0x26 on pipe "winreg" (pnum 7716)
  3710. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  3711.   api_fd_reply: p:0x11090b0 max_trans_reply: 1024
  3712. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  3713.   write_to_pipe: 7716 name: winreg open: Yes len: 184
  3714. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  3715.   [000] 05 00 00 03 10 00 00 00  B8 00 00 00 02 00 00 00  ........ ........
  3716.   [010] A0 00 00 00 00 00 0F 00  00 00 00 00 02 00 00 00  ........ ........
  3717.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00 6E 00 6E 00  ....xK.b .U..n.n.
  3718.   [030] 00 00 02 00 37 00 00 00  00 00 00 00 37 00 00 00  ....7... ....7...
  3719.   [040] 53 00 79 00 73 00 74 00  65 00 6D 00 5C 00 43 00  S.y.s.t. e.m.\.C.
  3720.   [050] 75 00 72 00 72 00 65 00  6E 00 74 00 43 00 6F 00  u.r.r.e. n.t.C.o.
  3721.   [060] 6E 00 74 00 72 00 6F 00  6C 00 53 00 65 00 74 00  n.t.r.o. l.S.e.t.
  3722.   [070] 5C 00 73 00 65 00 72 00  76 00 69 00 63 00 65 00  \.s.e.r. v.i.c.e.
  3723.   [080] 73 00 5C 00 4E 00 65 00  74 00 6C 00 6F 00 67 00  s.\.N.e. t.l.o.g.
  3724.   [090] 6F 00 6E 00 5C 00 70 00  61 00 72 00 61 00 6D 00  o.n.\.p. a.r.a.m.
  3725.   [0A0] 65 00 74 00 65 00 72 00  73 00 5C 00 00 00 00 00  e.t.e.r. s.\.....
  3726.   [0B0] 00 00 00 00 19 00 02 00                           ........
  3727. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3728.   write_to_pipe: data_left = 184
  3729. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3730.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184
  3731. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  3732.   fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0
  3733. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3734.   write_to_pipe: data_used = 16
  3735. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3736.   write_to_pipe: data_left = 168
  3737. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3738.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168
  3739. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3740.   000000 smb_io_rpc_hdr
  3741. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3742.       0000 major     : 05
  3743. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3744.       0001 minor     : 00
  3745. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3746.       0002 pkt_type  : 00
  3747. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3748.       0003 flags     : 03
  3749. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3750.       0004 pack_type0: 10
  3751. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3752.       0005 pack_type1: 00
  3753. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3754.       0006 pack_type2: 00
  3755. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  3756.       0007 pack_type3: 00
  3757. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3758.       0008 frag_len  : 00b8
  3759. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3760.       000a auth_len  : 0000
  3761. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3762.       000c call_id   : 00000002
  3763. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  3764.   unmarshall_rpc_header: using little-endian RPC
  3765. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  3766.   unmarshall_rpc_header: type = 0, flags = 3
  3767. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  3768.   write_to_pipe: data_used = 0
  3769. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  3770.   write_to_pipe: data_left = 168
  3771. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  3772.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168
  3773. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  3774.   process_complete_pdu: processing packet type 0
  3775. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  3776.   000000 smb_io_rpc_hdr_req req
  3777. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  3778.       0000 alloc_hint: 000000a0
  3779. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3780.       0004 context_id: 0000
  3781. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  3782.       0006 opnum     : 000f
  3783. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  3784.   free_pipe_context: destroying talloc pool of size 0
  3785. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  3786.   Requested \PIPE\winreg
  3787. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  3788.   api_rpcTNP: winreg op 0xf - created /tmp/in_winreg_15.18.prs
  3789. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  3790.   api_rpcTNP: rpc command: WINREG_OPENKEY
  3791. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  3792.   api_rpc_cmds[15].fn == 0x4e64c0
  3793.       winreg_OpenKey: struct winreg_OpenKey
  3794.           in: struct winreg_OpenKey
  3795.               parent_handle            : *
  3796.                   parent_handle: struct policy_handle
  3797.                       handle_type              : 0x00000000 (0)
  3798.                       uuid                     : 00000002-0000-0000-784b-a962bc550000
  3799.               keyname: struct winreg_String
  3800.                   name_len                 : 0x006e (110)
  3801.                   name_size                : 0x006e (110)
  3802.                   name                     : *
  3803.                       name                     : 'System\CurrentControlSet\services\Netlogon\parameters\'
  3804.               unknown                  : 0x00000000 (0)
  3805.               access_mask              : 0x00020019 (131097)
  3806.                      1: KEY_QUERY_VALUE          
  3807.                      0: KEY_SET_VALUE            
  3808.                      0: KEY_CREATE_SUB_KEY      
  3809.                      1: KEY_ENUMERATE_SUB_KEYS  
  3810.                      1: KEY_NOTIFY              
  3811.                      0: KEY_CREATE_LINK          
  3812.                      0: KEY_WOW64_64KEY          
  3813.                      0: KEY_WOW64_32KEY          
  3814. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  3815.   Found policy hnd[0] [000] 00 00 00 00 02 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  3816.   [010] BC 55 00 00                                       .U..
  3817. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  3818.   regkey_open_onelevel: name = [System]
  3819. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
  3820.   regdb_open: incrementing refcount (1)
  3821. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  3822.   reghook_cache_find: Searching for keyname [/HKLM/System]
  3823. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  3824.   pathtree_find: Enter [/HKLM/System]
  3825. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3826.   pathtree_find: [loop] base => [HKLM], new_path => [System]
  3827. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3828.   pathtree_find_child: child key => [HKLM]
  3829. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3830.   pathtree_find_child: child key => [HKPT]
  3831. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3832.   pathtree_find_child: Found [HKLM]
  3833. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3834.   pathtree_find: [loop] base => [System], new_path => []
  3835. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3836.   pathtree_find_child: child key => [SOFTWARE]
  3837. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3838.   pathtree_find_child: child key => [SYSTEM]
  3839. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3840.   pathtree_find_child: Found [System]
  3841. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  3842.   pathtree_find: Found data_p!
  3843. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  3844.   pathtree_find: Exit
  3845. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  3846.   reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System]
  3847. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  3848.   regdb_fetch_keys: Enter key => [HKLM\System]
  3849. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3850.   tdb_unpack(d, 22) -> 4
  3851. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3852.   tdb_unpack(f, 18) -> 18
  3853. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  3854.   regdb_fetch_keys: Exit [1] items
  3855. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
  3856.   regdb_get_secdesc: Getting secdesc of key [HKLM\System]
  3857. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  3858.   se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  3859. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  3860. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  3861.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  3862.   se_access_check: also S-1-1-0
  3863.   se_access_check: also S-1-5-2
  3864.   se_access_check: also S-1-5-32-546
  3865.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
  3866. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  3867.   se_access_check: access (8) granted.
  3868. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  3869.   regkey_open_onelevel: name = [CurrentControlSet]
  3870. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
  3871.   regdb_open: incrementing refcount (2)
  3872. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  3873.   reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet]
  3874. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  3875.   pathtree_find: Enter [/HKLM/System/CurrentControlSet]
  3876. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3877.   pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet]
  3878. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3879.   pathtree_find_child: child key => [HKLM]
  3880. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3881.   pathtree_find_child: child key => [HKPT]
  3882. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3883.   pathtree_find_child: Found [HKLM]
  3884. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3885.   pathtree_find: [loop] base => [System], new_path => [CurrentControlSet]
  3886. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3887.   pathtree_find_child: child key => [SOFTWARE]
  3888. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3889.   pathtree_find_child: child key => [SYSTEM]
  3890. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3891.   pathtree_find_child: Found [System]
  3892. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3893.   pathtree_find: [loop] base => [CurrentControlSet], new_path => []
  3894. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3895.   pathtree_find_child: child key => [CurrentControlSet]
  3896. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3897.   pathtree_find_child: Found [CurrentControlSet]
  3898. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  3899.   pathtree_find: Found data_p!
  3900. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  3901.   pathtree_find: Exit
  3902. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  3903.   reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet]
  3904. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  3905.   regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet]
  3906. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3907.   tdb_unpack(d, 21) -> 4
  3908. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3909.   tdb_unpack(f, 17) -> 8
  3910. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3911.   tdb_unpack(f, 9) -> 9
  3912. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  3913.   regdb_fetch_keys: Exit [2] items
  3914. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
  3915.   regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet]
  3916. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  3917.   se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  3918. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  3919. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  3920.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  3921.   se_access_check: also S-1-1-0
  3922.   se_access_check: also S-1-5-2
  3923.   se_access_check: also S-1-5-32-546
  3924.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
  3925. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  3926.   se_access_check: access (8) granted.
  3927. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  3928.   regdb_close: decrementing refcount (2)
  3929. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  3930.   regkey_open_onelevel: name = [services]
  3931. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
  3932.   regdb_open: incrementing refcount (2)
  3933. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  3934.   reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services]
  3935. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  3936.   pathtree_find: Enter [/HKLM/System/CurrentControlSet/services]
  3937. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3938.   pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services]
  3939. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3940.   pathtree_find_child: child key => [HKLM]
  3941. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3942.   pathtree_find_child: child key => [HKPT]
  3943. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3944.   pathtree_find_child: Found [HKLM]
  3945. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3946.   pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services]
  3947. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3948.   pathtree_find_child: child key => [SOFTWARE]
  3949. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3950.   pathtree_find_child: child key => [SYSTEM]
  3951. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3952.   pathtree_find_child: Found [System]
  3953. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3954.   pathtree_find: [loop] base => [CurrentControlSet], new_path => [services]
  3955. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3956.   pathtree_find_child: child key => [CurrentControlSet]
  3957. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3958.   pathtree_find_child: Found [CurrentControlSet]
  3959. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  3960.   pathtree_find: [loop] base => [services], new_path => []
  3961. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3962.   pathtree_find_child: child key => [Control]
  3963. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  3964.   pathtree_find_child: child key => [Services]
  3965. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  3966.   pathtree_find_child: Found [services]
  3967. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  3968.   pathtree_find: Found data_p!
  3969. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  3970.   pathtree_find: Exit
  3971. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  3972.   reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services]
  3973. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  3974.   regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services]
  3975. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3976.   tdb_unpack(d, 69) -> 4
  3977. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3978.   tdb_unpack(f, 65) -> 13
  3979. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3980.   tdb_unpack(f, 52) -> 9
  3981. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3982.   tdb_unpack(f, 43) -> 6
  3983. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3984.   tdb_unpack(f, 37) -> 9
  3985. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3986.   tdb_unpack(f, 28) -> 8
  3987. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3988.   tdb_unpack(f, 20) -> 15
  3989. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  3990.   tdb_unpack(f, 5) -> 5
  3991. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  3992.   regdb_fetch_keys: Exit [7] items
  3993. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
  3994.   regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services]
  3995. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  3996.   se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  3997. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  3998. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  3999.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  4000.   se_access_check: also S-1-1-0
  4001.   se_access_check: also S-1-5-2
  4002.   se_access_check: also S-1-5-32-546
  4003.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
  4004. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  4005.   se_access_check: access (8) granted.
  4006. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  4007.   regdb_close: decrementing refcount (2)
  4008. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  4009.   regkey_open_onelevel: name = [Netlogon]
  4010. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
  4011.   regdb_open: incrementing refcount (2)
  4012. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  4013.   reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon]
  4014. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  4015.   pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon]
  4016. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4017.   pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon]
  4018. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4019.   pathtree_find_child: child key => [HKLM]
  4020. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4021.   pathtree_find_child: child key => [HKPT]
  4022. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4023.   pathtree_find_child: Found [HKLM]
  4024. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4025.   pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon]
  4026. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4027.   pathtree_find_child: child key => [SOFTWARE]
  4028. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4029.   pathtree_find_child: child key => [SYSTEM]
  4030. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4031.   pathtree_find_child: Found [System]
  4032. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4033.   pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon]
  4034. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4035.   pathtree_find_child: child key => [CurrentControlSet]
  4036. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4037.   pathtree_find_child: Found [CurrentControlSet]
  4038. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4039.   pathtree_find: [loop] base => [services], new_path => [Netlogon]
  4040. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4041.   pathtree_find_child: child key => [Control]
  4042. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4043.   pathtree_find_child: child key => [Services]
  4044. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4045.   pathtree_find_child: Found [services]
  4046. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4047.   pathtree_find: [loop] base => [Netlogon], new_path => []
  4048. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4049.   pathtree_find_child: child key => [LanmanServer]
  4050. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4051.   pathtree_find_child: child key => [Netlogon]
  4052. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4053.   pathtree_find_child: child key => [Tcpip]
  4054. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4055.   pathtree_find_child: Found [Netlogon]
  4056. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  4057.   pathtree_find: Found data_p!
  4058. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  4059.   pathtree_find: Exit
  4060. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  4061.   reghook_cache_find: found ops 0xb89e00 for key [/HKLM/System/CurrentControlSet/services/Netlogon]
  4062. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  4063.   regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon]
  4064. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  4065.   tdb_unpack(d, 24) -> 4
  4066. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  4067.   tdb_unpack(f, 20) -> 11
  4068. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  4069.   tdb_unpack(f, 9) -> 9
  4070. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  4071.   regdb_fetch_keys: Exit [2] items
  4072. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_get_secdesc(963)
  4073.   regdb_get_secdesc: Getting secdesc of key [HKLM\System\CurrentControlSet\services\Netlogon]
  4074. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  4075.   se_access_check: requested access 0x00000008, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  4076. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  4077. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  4078.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  4079.   se_access_check: also S-1-1-0
  4080.   se_access_check: also S-1-5-2
  4081.   se_access_check: also S-1-5-32-546
  4082.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8
  4083. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  4084.   se_access_check: access (8) granted.
  4085. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  4086.   regdb_close: decrementing refcount (2)
  4087. [2010/02/14 20:52:57,  7] registry/reg_api.c:regkey_open_onelevel(132)
  4088.   regkey_open_onelevel: name = [parameters]
  4089. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_open(391)
  4090.   regdb_open: incrementing refcount (2)
  4091. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(125)
  4092.   reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
  4093. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(352)
  4094.   pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
  4095. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4096.   pathtree_find: [loop] base => [HKLM], new_path => [System/CurrentControlSet/services/Netlogon/parameters]
  4097. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4098.   pathtree_find_child: child key => [HKLM]
  4099. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4100.   pathtree_find_child: child key => [HKPT]
  4101. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4102.   pathtree_find_child: Found [HKLM]
  4103. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4104.   pathtree_find: [loop] base => [System], new_path => [CurrentControlSet/services/Netlogon/parameters]
  4105. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4106.   pathtree_find_child: child key => [SOFTWARE]
  4107. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4108.   pathtree_find_child: child key => [SYSTEM]
  4109. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4110.   pathtree_find_child: Found [System]
  4111. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4112.   pathtree_find: [loop] base => [CurrentControlSet], new_path => [services/Netlogon/parameters]
  4113. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4114.   pathtree_find_child: child key => [CurrentControlSet]
  4115. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4116.   pathtree_find_child: Found [CurrentControlSet]
  4117. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4118.   pathtree_find: [loop] base => [services], new_path => [Netlogon/parameters]
  4119. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4120.   pathtree_find_child: child key => [Control]
  4121. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4122.   pathtree_find_child: child key => [Services]
  4123. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4124.   pathtree_find_child: Found [services]
  4125. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4126.   pathtree_find: [loop] base => [Netlogon], new_path => [parameters]
  4127. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4128.   pathtree_find_child: child key => [LanmanServer]
  4129. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4130.   pathtree_find_child: child key => [Netlogon]
  4131. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4132.   pathtree_find_child: child key => [Tcpip]
  4133. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4134.   pathtree_find_child: Found [Netlogon]
  4135. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(398)
  4136.   pathtree_find: [loop] base => [parameters], new_path => []
  4137. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(169)
  4138.   pathtree_find_child: child key => [Parameters]
  4139. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find_child(185)
  4140.   pathtree_find_child: Found [parameters]
  4141. [2010/02/14 20:52:57, 11] lib/adt_tree.c:pathtree_find(421)
  4142.   pathtree_find: Found data_p!
  4143. [2010/02/14 20:52:57, 10] lib/adt_tree.c:pathtree_find(425)
  4144.   pathtree_find: Exit
  4145. [2010/02/14 20:52:57, 10] registry/reg_cachehook.c:reghook_cache_find(130)
  4146.   reghook_cache_find: found ops 0xb8b280 for key [/HKLM/System/CurrentControlSet/services/Netlogon/parameters]
  4147. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(727)
  4148.   regdb_fetch_keys: Enter key => [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
  4149. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  4150.   tdb_unpack(d, 4) -> 4
  4151. [2010/02/14 20:52:57, 11] registry/reg_backend_db.c:regdb_fetch_keys(768)
  4152.   regdb_fetch_keys: Exit [0] items
  4153. [2010/02/14 20:52:57, 10] lib/util_seaccess.c:se_access_check(232)
  4154.   se_access_check: requested access 0x00020019, for NT token with 4 entries and first sid S-1-5-21-2934603361-1946261283-2740193522-501.
  4155. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(249)
  4156. [2010/02/14 20:52:57,  3] lib/util_seaccess.c:se_access_check(252)
  4157.   se_access_check: user sid is S-1-5-21-2934603361-1946261283-2740193522-501
  4158.   se_access_check: also S-1-1-0
  4159.   se_access_check: also S-1-5-2
  4160.   se_access_check: also S-1-5-32-546
  4161.   se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019
  4162. [2010/02/14 20:52:57,  5] lib/util_seaccess.c:se_access_check(310)
  4163.   se_access_check: access (20019) granted.
  4164. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  4165.   regdb_close: decrementing refcount (2)
  4166. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148)
  4167.   Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4168.   [010] BC 55 00 00                                       .U..
  4169.       winreg_OpenKey: struct winreg_OpenKey
  4170.           out: struct winreg_OpenKey
  4171.               handle                   : *
  4172.                   handle: struct policy_handle
  4173.                       handle_type              : 0x00000000 (0)
  4174.                       uuid                     : 00000003-0000-0000-784b-a962bc550000
  4175.               result                   : WERR_OK
  4176. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  4177.   created /tmp/out_winreg_15.18.prs
  4178. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  4179.   api_rpcTNP: called winreg successfully
  4180. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4181.   free_pipe_context: destroying talloc pool of size 0
  4182. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4183.   write_to_pipe: data_used = 168
  4184. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  4185.   read_from_pipe: 7716 name: winreg len: 1024
  4186. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  4187.   read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  4188. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4189.   000000 smb_io_rpc_hdr hdr
  4190. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4191.       0000 major     : 05
  4192. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4193.       0001 minor     : 00
  4194. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4195.       0002 pkt_type  : 02
  4196. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4197.       0003 flags     : 03
  4198. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4199.       0004 pack_type0: 10
  4200. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4201.       0005 pack_type1: 00
  4202. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4203.       0006 pack_type2: 00
  4204. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4205.       0007 pack_type3: 00
  4206. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4207.       0008 frag_len  : 0030
  4208. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4209.       000a auth_len  : 0000
  4210. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4211.       000c call_id   : 00000002
  4212. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4213.   000010 smb_io_rpc_hdr_resp resp
  4214. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4215.       0010 alloc_hint: 00000018
  4216. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4217.       0014 context_id: 0000
  4218. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4219.       0016 cancel_ct : 00
  4220. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4221.       0017 reserved  : 00
  4222. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  4223.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  4224. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4225. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4226.   size=104
  4227.   smb_com=0x25
  4228.   smb_rcls=0
  4229.   smb_reh=0
  4230.   smb_err=0
  4231.   smb_flg=136
  4232.   smb_flg2=51201
  4233.   smb_tid=1
  4234.   smb_pid=1332
  4235.   smb_uid=100
  4236.   smb_mid=896
  4237.   smt_wct=10
  4238.   smb_vwv[ 0]=    0 (0x0)
  4239.   smb_vwv[ 1]=   48 (0x30)
  4240.   smb_vwv[ 2]=    0 (0x0)
  4241.   smb_vwv[ 3]=    0 (0x0)
  4242.   smb_vwv[ 4]=   56 (0x38)
  4243.   smb_vwv[ 5]=    0 (0x0)
  4244.   smb_vwv[ 6]=   48 (0x30)
  4245.   smb_vwv[ 7]=   56 (0x38)
  4246.   smb_vwv[ 8]=    0 (0x0)
  4247.   smb_vwv[ 9]=    0 (0x0)
  4248.   smb_bcc=49
  4249. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4250.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  ........ .0......
  4251.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 03 00 00  ........ ........
  4252.   [020] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 00 00 00  .....xK. b.U.....
  4253.   [030] 00                                                .
  4254. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4255.   run_events: Nothing to do
  4256. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4257.   run_events: Nothing to do
  4258. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  4259.   got smb length of 232
  4260. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  4261.   got message type 0x0 of len 0xe8
  4262. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  4263.   Transaction 15 of length 236 (0 toread)
  4264. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4265. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4266.   size=232
  4267.   smb_com=0x25
  4268.   smb_rcls=0
  4269.   smb_reh=0
  4270.   smb_err=0
  4271.   smb_flg=24
  4272.   smb_flg2=51207
  4273.   smb_tid=1
  4274.   smb_pid=1332
  4275.   smb_uid=100
  4276.   smb_mid=960
  4277.   smt_wct=16
  4278.   smb_vwv[ 0]=    0 (0x0)
  4279.   smb_vwv[ 1]=  148 (0x94)
  4280.   smb_vwv[ 2]=    0 (0x0)
  4281.   smb_vwv[ 3]= 1024 (0x400)
  4282.   smb_vwv[ 4]=    0 (0x0)
  4283.   smb_vwv[ 5]=    0 (0x0)
  4284.   smb_vwv[ 6]=    0 (0x0)
  4285.   smb_vwv[ 7]=    0 (0x0)
  4286.   smb_vwv[ 8]=    0 (0x0)
  4287.   smb_vwv[ 9]=    0 (0x0)
  4288.   smb_vwv[10]=   84 (0x54)
  4289.   smb_vwv[11]=  148 (0x94)
  4290.   smb_vwv[12]=   84 (0x54)
  4291.   smb_vwv[13]=    2 (0x2)
  4292.   smb_vwv[14]=   38 (0x26)
  4293.   smb_vwv[15]=30486 (0x7716)
  4294.   smb_bcc=165
  4295. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4296.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  4297.   [010] 00 05 00 00 03 10 00 00  00 94 00 00 00 03 00 00  ........ ........
  4298.   [020] 00 7C 00 00 00 00 00 11  00 00 00 00 00 03 00 00  .|...... ........
  4299.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00 2A 00 2A  .....xK. b.U..*.*
  4300.   [040] 00 00 00 02 00 15 00 00  00 00 00 00 00 15 00 00  ........ ........
  4301.   [050] 00 52 00 65 00 66 00 75  00 73 00 65 00 50 00 61  .R.e.f.u .s.e.P.a
  4302.   [060] 00 73 00 73 00 77 00 6F  00 72 00 64 00 43 00 68  .s.s.w.o .r.d.C.h
  4303.   [070] 00 61 00 6E 00 67 00 65  00 00 00 53 00 04 00 02  .a.n.g.e ...S....
  4304.   [080] 00 94 F5 F8 01 08 00 02  00 04 00 00 00 00 00 00  ........ ........
  4305.   [090] 00 00 00 00 00 0C 00 02  00 04 00 00 00 10 00 02  ........ ........
  4306.   [0A0] 00 00 00 00 00                                    .....
  4307. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  4308.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  4309. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  4310.   change_to_user: Skipping user change - already user
  4311. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  4312.   trans <\PIPE\> data=148 params=0 setup=2
  4313. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  4314.   calling named_pipe
  4315. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  4316.   named pipe command on <> name
  4317. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  4318.   api_fd_reply
  4319. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  4320.   search for pipe pnum=7716
  4321. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4322.   pipe name winreg pnum=7716 (pipes_open=2)
  4323. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4324.   pipe name lsarpc pnum=7715 (pipes_open=2)
  4325. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  4326.   Got API command 0x26 on pipe "winreg" (pnum 7716)
  4327. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  4328.   api_fd_reply: p:0x11090b0 max_trans_reply: 1024
  4329. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  4330.   write_to_pipe: 7716 name: winreg open: Yes len: 148
  4331. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  4332.   [000] 05 00 00 03 10 00 00 00  94 00 00 00 03 00 00 00  ........ ........
  4333.   [010] 7C 00 00 00 00 00 11 00  00 00 00 00 03 00 00 00  |....... ........
  4334.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00 2A 00 2A 00  ....xK.b .U..*.*.
  4335.   [030] 00 00 02 00 15 00 00 00  00 00 00 00 15 00 00 00  ........ ........
  4336.   [040] 52 00 65 00 66 00 75 00  73 00 65 00 50 00 61 00  R.e.f.u. s.e.P.a.
  4337.   [050] 73 00 73 00 77 00 6F 00  72 00 64 00 43 00 68 00  s.s.w.o. r.d.C.h.
  4338.   [060] 61 00 6E 00 67 00 65 00  00 00 53 00 04 00 02 00  a.n.g.e. ..S.....
  4339.   [070] 94 F5 F8 01 08 00 02 00  04 00 00 00 00 00 00 00  ........ ........
  4340.   [080] 00 00 00 00 0C 00 02 00  04 00 00 00 10 00 02 00  ........ ........
  4341.   [090] 00 00 00 00                                       ....
  4342. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4343.   write_to_pipe: data_left = 148
  4344. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4345.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148
  4346. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  4347.   fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0
  4348. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4349.   write_to_pipe: data_used = 16
  4350. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4351.   write_to_pipe: data_left = 132
  4352. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4353.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132
  4354. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4355.   000000 smb_io_rpc_hdr
  4356. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4357.       0000 major     : 05
  4358. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4359.       0001 minor     : 00
  4360. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4361.       0002 pkt_type  : 00
  4362. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4363.       0003 flags     : 03
  4364. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4365.       0004 pack_type0: 10
  4366. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4367.       0005 pack_type1: 00
  4368. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4369.       0006 pack_type2: 00
  4370. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4371.       0007 pack_type3: 00
  4372. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4373.       0008 frag_len  : 0094
  4374. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4375.       000a auth_len  : 0000
  4376. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4377.       000c call_id   : 00000003
  4378. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  4379.   unmarshall_rpc_header: using little-endian RPC
  4380. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  4381.   unmarshall_rpc_header: type = 0, flags = 3
  4382. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4383.   write_to_pipe: data_used = 0
  4384. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4385.   write_to_pipe: data_left = 132
  4386. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4387.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132
  4388. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  4389.   process_complete_pdu: processing packet type 0
  4390. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4391.   000000 smb_io_rpc_hdr_req req
  4392. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4393.       0000 alloc_hint: 0000007c
  4394. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4395.       0004 context_id: 0000
  4396. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4397.       0006 opnum     : 0011
  4398. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4399.   free_pipe_context: destroying talloc pool of size 0
  4400. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  4401.   Requested \PIPE\winreg
  4402. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  4403.   api_rpcTNP: winreg op 0x11 - created /tmp/in_winreg_17.18.prs
  4404. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  4405.   api_rpcTNP: rpc command: WINREG_QUERYVALUE
  4406. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  4407.   api_rpc_cmds[17].fn == 0x4e5ec8
  4408.       winreg_QueryValue: struct winreg_QueryValue
  4409.           in: struct winreg_QueryValue
  4410.               handle                   : *
  4411.                   handle: struct policy_handle
  4412.                       handle_type              : 0x00000000 (0)
  4413.                       uuid                     : 00000003-0000-0000-784b-a962bc550000
  4414.               value_name               : *
  4415.                   value_name: struct winreg_String
  4416.                       name_len                 : 0x002a (42)
  4417.                       name_size                : 0x002a (42)
  4418.                       name                     : *
  4419.                           name                     : 'RefusePasswordChange'
  4420.               type                     : *
  4421.                   type                     : UNKNOWN_ENUM_VALUE (33093012)
  4422.               data                     : *
  4423.                   data: ARRAY(0)
  4424.               data_size                : *
  4425.                   data_size                : 0x00000004 (4)
  4426.               value_length             : *
  4427.                   value_length             : 0x00000000 (0)
  4428. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  4429.   Found policy hnd[0] [000] 00 00 00 00 03 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4430.   [010] BC 55 00 00                                       .U..
  4431. [2010/02/14 20:52:57,  7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(239)
  4432.   _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters]
  4433. [2010/02/14 20:52:57,  7] rpc_server/srv_winreg_nt.c:_winreg_QueryValue(240)
  4434.   _reg_info: policy key type = [00000000]
  4435. [2010/02/14 20:52:57, 10] registry/reg_dispatcher.c:fetch_reg_values(131)
  4436.   fetch_reg_values called for key 'HKLM\System\CurrentControlSet\services\Netlogon\parameters' (ops 0xb8b280)
  4437. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  4438.   push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
  4439. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  4440.   push_conn_ctx(100) : conn_ctx_stack_ndx = 0
  4441. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  4442.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  4443. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  4444.   NT user token: (NULL)
  4445. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  4446.   UNIX token of user 0
  4447.   Primary group is 0 and contains 0 supplementary groups
  4448. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  4449.   Cache entry with key = ACCT_POL/refuse machine password change couldn't be found
  4450. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845)
  4451.   ldapsam_get_account_policy_from_ldap
  4452. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  4453.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(objectclass=*)], scope => [0]
  4454. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  4455.   smbldap_open: already connected to the LDAP server
  4456. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy(3925)
  4457.   ldapsam_get_account_policy: failed to retrieve from ldap
  4458. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_set_account_policy_in_ldap(3786)
  4459.   ldapsam_set_account_policy_in_ldap
  4460. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_modify(1402)
  4461.   smbldap_modify: dn => [sambaDomainName=SEMARKIT,dc=semarkit,dc=dk]
  4462. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  4463.   smbldap_open: already connected to the LDAP server
  4464. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  4465.   cache_account_policy_set: updating account pol cache
  4466. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  4467.   Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
  4468.    and timeout = Sun Feb 14 20:53:57 2010
  4469.    (60 seconds ahead)
  4470. [2010/02/14 20:52:57, 10] lib/account_pol.c:cache_account_policy_set(395)
  4471.   cache_account_policy_set: updating account pol cache
  4472. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_set(131)
  4473.   Adding cache entry with key = ACCT_POL/refuse machine password change; value = 0
  4474.    and timeout = Sun Feb 14 20:53:57 2010
  4475.    (60 seconds ahead)
  4476. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  4477.   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
  4478.       winreg_QueryValue: struct winreg_QueryValue
  4479.           out: struct winreg_QueryValue
  4480.               type                     : *
  4481.                   type                     : REG_DWORD (4)
  4482.               data                     : *
  4483.                   data: ARRAY(4)
  4484.                       [0]                      : 0x00 (0)
  4485.                       [1]                      : 0x00 (0)
  4486.                       [2]                      : 0x00 (0)
  4487.                       [3]                      : 0x00 (0)
  4488.               data_size                : *
  4489.                   data_size                : 0x00000004 (4)
  4490.               value_length             : *
  4491.                   value_length             : 0x00000004 (4)
  4492.               result                   : WERR_OK
  4493. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  4494.   created /tmp/out_winreg_17.18.prs
  4495. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  4496.   api_rpcTNP: called winreg successfully
  4497. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4498.   free_pipe_context: destroying talloc pool of size 36
  4499. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4500.   write_to_pipe: data_used = 132
  4501. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  4502.   read_from_pipe: 7716 name: winreg len: 1024
  4503. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  4504.   read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48.
  4505. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4506.   000000 smb_io_rpc_hdr hdr
  4507. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4508.       0000 major     : 05
  4509. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4510.       0001 minor     : 00
  4511. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4512.       0002 pkt_type  : 02
  4513. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4514.       0003 flags     : 03
  4515. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4516.       0004 pack_type0: 10
  4517. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4518.       0005 pack_type1: 00
  4519. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4520.       0006 pack_type2: 00
  4521. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4522.       0007 pack_type3: 00
  4523. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4524.       0008 frag_len  : 0048
  4525. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4526.       000a auth_len  : 0000
  4527. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4528.       000c call_id   : 00000003
  4529. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4530.   000010 smb_io_rpc_hdr_resp resp
  4531. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4532.       0010 alloc_hint: 00000030
  4533. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4534.       0014 context_id: 0000
  4535. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4536.       0016 cancel_ct : 00
  4537. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4538.       0017 reserved  : 00
  4539. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  4540.   copy_trans_params_and_data: params[0..0] data[0..72] (align 0)
  4541. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4542. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4543.   size=128
  4544.   smb_com=0x25
  4545.   smb_rcls=0
  4546.   smb_reh=0
  4547.   smb_err=0
  4548.   smb_flg=136
  4549.   smb_flg2=51201
  4550.   smb_tid=1
  4551.   smb_pid=1332
  4552.   smb_uid=100
  4553.   smb_mid=960
  4554.   smt_wct=10
  4555.   smb_vwv[ 0]=    0 (0x0)
  4556.   smb_vwv[ 1]=   72 (0x48)
  4557.   smb_vwv[ 2]=    0 (0x0)
  4558.   smb_vwv[ 3]=    0 (0x0)
  4559.   smb_vwv[ 4]=   56 (0x38)
  4560.   smb_vwv[ 5]=    0 (0x0)
  4561.   smb_vwv[ 6]=   72 (0x48)
  4562.   smb_vwv[ 7]=   56 (0x38)
  4563.   smb_vwv[ 8]=    0 (0x0)
  4564.   smb_vwv[ 9]=    0 (0x0)
  4565.   smb_bcc=73
  4566. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4567.   [000] 00 05 00 02 03 10 00 00  00 48 00 00 00 03 00 00  ........ .H......
  4568.   [010] 00 30 00 00 00 00 00 00  00 00 00 02 00 04 00 00  .0...... ........
  4569.   [020] 00 04 00 02 00 04 00 00  00 00 00 00 00 04 00 00  ........ ........
  4570.   [030] 00 00 00 00 00 08 00 02  00 04 00 00 00 0C 00 02  ........ ........
  4571.   [040] 00 04 00 00 00 00 00 00  00                       ........ .
  4572. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4573.   run_events: Nothing to do
  4574. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4575.   run_events: Nothing to do
  4576. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  4577.   got smb length of 128
  4578. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  4579.   got message type 0x0 of len 0x80
  4580. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  4581.   Transaction 16 of length 132 (0 toread)
  4582. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4583. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4584.   size=128
  4585.   smb_com=0x25
  4586.   smb_rcls=0
  4587.   smb_reh=0
  4588.   smb_err=0
  4589.   smb_flg=24
  4590.   smb_flg2=51207
  4591.   smb_tid=1
  4592.   smb_pid=1332
  4593.   smb_uid=100
  4594.   smb_mid=1024
  4595.   smt_wct=16
  4596.   smb_vwv[ 0]=    0 (0x0)
  4597.   smb_vwv[ 1]=   44 (0x2C)
  4598.   smb_vwv[ 2]=    0 (0x0)
  4599.   smb_vwv[ 3]= 1024 (0x400)
  4600.   smb_vwv[ 4]=    0 (0x0)
  4601.   smb_vwv[ 5]=    0 (0x0)
  4602.   smb_vwv[ 6]=    0 (0x0)
  4603.   smb_vwv[ 7]=    0 (0x0)
  4604.   smb_vwv[ 8]=    0 (0x0)
  4605.   smb_vwv[ 9]=    0 (0x0)
  4606.   smb_vwv[10]=   84 (0x54)
  4607.   smb_vwv[11]=   44 (0x2C)
  4608.   smb_vwv[12]=   84 (0x54)
  4609.   smb_vwv[13]=    2 (0x2)
  4610.   smb_vwv[14]=   38 (0x26)
  4611.   smb_vwv[15]=30486 (0x7716)
  4612.   smb_bcc=61
  4613. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4614.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  4615.   [010] 00 05 00 00 03 10 00 00  00 2C 00 00 00 04 00 00  ........ .,......
  4616.   [020] 00 14 00 00 00 00 00 05  00 00 00 00 00 03 00 00  ........ ........
  4617.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00           .....xK. b.U..
  4618. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  4619.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  4620. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  4621.   change_to_user: Skipping user change - already user
  4622. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  4623.   trans <\PIPE\> data=44 params=0 setup=2
  4624. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  4625.   calling named_pipe
  4626. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  4627.   named pipe command on <> name
  4628. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  4629.   api_fd_reply
  4630. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  4631.   search for pipe pnum=7716
  4632. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4633.   pipe name winreg pnum=7716 (pipes_open=2)
  4634. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4635.   pipe name lsarpc pnum=7715 (pipes_open=2)
  4636. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  4637.   Got API command 0x26 on pipe "winreg" (pnum 7716)
  4638. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  4639.   api_fd_reply: p:0x11090b0 max_trans_reply: 1024
  4640. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  4641.   write_to_pipe: 7716 name: winreg open: Yes len: 44
  4642. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  4643.   [000] 05 00 00 03 10 00 00 00  2C 00 00 00 04 00 00 00  ........ ,.......
  4644.   [010] 14 00 00 00 00 00 05 00  00 00 00 00 03 00 00 00  ........ ........
  4645.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00              ....xK.b .U..
  4646. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4647.   write_to_pipe: data_left = 44
  4648. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4649.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
  4650. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  4651.   fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
  4652. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4653.   write_to_pipe: data_used = 16
  4654. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4655.   write_to_pipe: data_left = 28
  4656. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4657.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
  4658. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4659.   000000 smb_io_rpc_hdr
  4660. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4661.       0000 major     : 05
  4662. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4663.       0001 minor     : 00
  4664. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4665.       0002 pkt_type  : 00
  4666. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4667.       0003 flags     : 03
  4668. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4669.       0004 pack_type0: 10
  4670. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4671.       0005 pack_type1: 00
  4672. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4673.       0006 pack_type2: 00
  4674. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4675.       0007 pack_type3: 00
  4676. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4677.       0008 frag_len  : 002c
  4678. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4679.       000a auth_len  : 0000
  4680. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4681.       000c call_id   : 00000004
  4682. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  4683.   unmarshall_rpc_header: using little-endian RPC
  4684. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  4685.   unmarshall_rpc_header: type = 0, flags = 3
  4686. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4687.   write_to_pipe: data_used = 0
  4688. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4689.   write_to_pipe: data_left = 28
  4690. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4691.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
  4692. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  4693.   process_complete_pdu: processing packet type 0
  4694. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4695.   000000 smb_io_rpc_hdr_req req
  4696. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4697.       0000 alloc_hint: 00000014
  4698. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4699.       0004 context_id: 0000
  4700. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4701.       0006 opnum     : 0005
  4702. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4703.   free_pipe_context: destroying talloc pool of size 0
  4704. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  4705.   Requested \PIPE\winreg
  4706. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  4707.   api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.35.prs
  4708. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  4709.   api_rpcTNP: rpc command: WINREG_CLOSEKEY
  4710. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  4711.   api_rpc_cmds[5].fn == 0x4e7a78
  4712.       winreg_CloseKey: struct winreg_CloseKey
  4713.           in: struct winreg_CloseKey
  4714.               handle                   : *
  4715.                   handle: struct policy_handle
  4716.                       handle_type              : 0x00000000 (0)
  4717.                       uuid                     : 00000003-0000-0000-784b-a962bc550000
  4718. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  4719.   Found policy hnd[0] [000] 00 00 00 00 03 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4720.   [010] BC 55 00 00                                       .U..
  4721. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  4722.   Found policy hnd[0] [000] 00 00 00 00 03 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4723.   [010] BC 55 00 00                                       .U..
  4724. [2010/02/14 20:52:57,  3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
  4725.   Closed policy
  4726. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  4727.   regdb_close: decrementing refcount (1)
  4728.       winreg_CloseKey: struct winreg_CloseKey
  4729.           out: struct winreg_CloseKey
  4730.               handle                   : *
  4731.                   handle: struct policy_handle
  4732.                       handle_type              : 0x00000000 (0)
  4733.                       uuid                     : 00000000-0000-0000-0000-000000000000
  4734.               result                   : WERR_OK
  4735. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  4736.   created /tmp/out_winreg_5.35.prs
  4737. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  4738.   api_rpcTNP: called winreg successfully
  4739. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4740.   free_pipe_context: destroying talloc pool of size 0
  4741. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4742.   write_to_pipe: data_used = 28
  4743. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  4744.   read_from_pipe: 7716 name: winreg len: 1024
  4745. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  4746.   read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  4747. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4748.   000000 smb_io_rpc_hdr hdr
  4749. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4750.       0000 major     : 05
  4751. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4752.       0001 minor     : 00
  4753. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4754.       0002 pkt_type  : 02
  4755. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4756.       0003 flags     : 03
  4757. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4758.       0004 pack_type0: 10
  4759. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4760.       0005 pack_type1: 00
  4761. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4762.       0006 pack_type2: 00
  4763. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4764.       0007 pack_type3: 00
  4765. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4766.       0008 frag_len  : 0030
  4767. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4768.       000a auth_len  : 0000
  4769. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4770.       000c call_id   : 00000004
  4771. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4772.   000010 smb_io_rpc_hdr_resp resp
  4773. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4774.       0010 alloc_hint: 00000018
  4775. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4776.       0014 context_id: 0000
  4777. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4778.       0016 cancel_ct : 00
  4779. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4780.       0017 reserved  : 00
  4781. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  4782.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  4783. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4784. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4785.   size=104
  4786.   smb_com=0x25
  4787.   smb_rcls=0
  4788.   smb_reh=0
  4789.   smb_err=0
  4790.   smb_flg=136
  4791.   smb_flg2=51201
  4792.   smb_tid=1
  4793.   smb_pid=1332
  4794.   smb_uid=100
  4795.   smb_mid=1024
  4796.   smt_wct=10
  4797.   smb_vwv[ 0]=    0 (0x0)
  4798.   smb_vwv[ 1]=   48 (0x30)
  4799.   smb_vwv[ 2]=    0 (0x0)
  4800.   smb_vwv[ 3]=    0 (0x0)
  4801.   smb_vwv[ 4]=   56 (0x38)
  4802.   smb_vwv[ 5]=    0 (0x0)
  4803.   smb_vwv[ 6]=   48 (0x30)
  4804.   smb_vwv[ 7]=   56 (0x38)
  4805.   smb_vwv[ 8]=    0 (0x0)
  4806.   smb_vwv[ 9]=    0 (0x0)
  4807.   smb_bcc=49
  4808. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4809.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 04 00 00  ........ .0......
  4810.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  4811.   [020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  4812.   [030] 00                                                .
  4813. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4814.   run_events: Nothing to do
  4815. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  4816.   run_events: Nothing to do
  4817. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  4818.   got smb length of 128
  4819. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  4820.   got message type 0x0 of len 0x80
  4821. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  4822.   Transaction 17 of length 132 (0 toread)
  4823. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  4824. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  4825.   size=128
  4826.   smb_com=0x25
  4827.   smb_rcls=0
  4828.   smb_reh=0
  4829.   smb_err=0
  4830.   smb_flg=24
  4831.   smb_flg2=51207
  4832.   smb_tid=1
  4833.   smb_pid=1332
  4834.   smb_uid=100
  4835.   smb_mid=1088
  4836.   smt_wct=16
  4837.   smb_vwv[ 0]=    0 (0x0)
  4838.   smb_vwv[ 1]=   44 (0x2C)
  4839.   smb_vwv[ 2]=    0 (0x0)
  4840.   smb_vwv[ 3]= 1024 (0x400)
  4841.   smb_vwv[ 4]=    0 (0x0)
  4842.   smb_vwv[ 5]=    0 (0x0)
  4843.   smb_vwv[ 6]=    0 (0x0)
  4844.   smb_vwv[ 7]=    0 (0x0)
  4845.   smb_vwv[ 8]=    0 (0x0)
  4846.   smb_vwv[ 9]=    0 (0x0)
  4847.   smb_vwv[10]=   84 (0x54)
  4848.   smb_vwv[11]=   44 (0x2C)
  4849.   smb_vwv[12]=   84 (0x54)
  4850.   smb_vwv[13]=    2 (0x2)
  4851.   smb_vwv[14]=   38 (0x26)
  4852.   smb_vwv[15]=30486 (0x7716)
  4853.   smb_bcc=61
  4854. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  4855.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  4856.   [010] 00 05 00 00 03 10 00 00  00 2C 00 00 00 05 00 00  ........ .,......
  4857.   [020] 00 14 00 00 00 00 00 05  00 00 00 00 00 02 00 00  ........ ........
  4858.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00           .....xK. b.U..
  4859. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  4860.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  4861. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  4862.   change_to_user: Skipping user change - already user
  4863. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  4864.   trans <\PIPE\> data=44 params=0 setup=2
  4865. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  4866.   calling named_pipe
  4867. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  4868.   named pipe command on <> name
  4869. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  4870.   api_fd_reply
  4871. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  4872.   search for pipe pnum=7716
  4873. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4874.   pipe name winreg pnum=7716 (pipes_open=2)
  4875. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  4876.   pipe name lsarpc pnum=7715 (pipes_open=2)
  4877. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  4878.   Got API command 0x26 on pipe "winreg" (pnum 7716)
  4879. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  4880.   api_fd_reply: p:0x11090b0 max_trans_reply: 1024
  4881. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  4882.   write_to_pipe: 7716 name: winreg open: Yes len: 44
  4883. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  4884.   [000] 05 00 00 03 10 00 00 00  2C 00 00 00 05 00 00 00  ........ ,.......
  4885.   [010] 14 00 00 00 00 00 05 00  00 00 00 00 02 00 00 00  ........ ........
  4886.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00              ....xK.b .U..
  4887. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4888.   write_to_pipe: data_left = 44
  4889. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4890.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
  4891. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  4892.   fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
  4893. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4894.   write_to_pipe: data_used = 16
  4895. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4896.   write_to_pipe: data_left = 28
  4897. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4898.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
  4899. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4900.   000000 smb_io_rpc_hdr
  4901. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4902.       0000 major     : 05
  4903. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4904.       0001 minor     : 00
  4905. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4906.       0002 pkt_type  : 00
  4907. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4908.       0003 flags     : 03
  4909. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4910.       0004 pack_type0: 10
  4911. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4912.       0005 pack_type1: 00
  4913. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4914.       0006 pack_type2: 00
  4915. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4916.       0007 pack_type3: 00
  4917. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4918.       0008 frag_len  : 002c
  4919. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4920.       000a auth_len  : 0000
  4921. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4922.       000c call_id   : 00000005
  4923. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  4924.   unmarshall_rpc_header: using little-endian RPC
  4925. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  4926.   unmarshall_rpc_header: type = 0, flags = 3
  4927. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4928.   write_to_pipe: data_used = 0
  4929. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  4930.   write_to_pipe: data_left = 28
  4931. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  4932.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
  4933. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  4934.   process_complete_pdu: processing packet type 0
  4935. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4936.   000000 smb_io_rpc_hdr_req req
  4937. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  4938.       0000 alloc_hint: 00000014
  4939. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4940.       0004 context_id: 0000
  4941. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  4942.       0006 opnum     : 0005
  4943. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4944.   free_pipe_context: destroying talloc pool of size 0
  4945. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  4946.   Requested \PIPE\winreg
  4947. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  4948.   api_rpcTNP: winreg op 0x5 - created /tmp/in_winreg_5.36.prs
  4949. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  4950.   api_rpcTNP: rpc command: WINREG_CLOSEKEY
  4951. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  4952.   api_rpc_cmds[5].fn == 0x4e7a78
  4953.       winreg_CloseKey: struct winreg_CloseKey
  4954.           in: struct winreg_CloseKey
  4955.               handle                   : *
  4956.                   handle: struct policy_handle
  4957.                       handle_type              : 0x00000000 (0)
  4958.                       uuid                     : 00000002-0000-0000-784b-a962bc550000
  4959. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  4960.   Found policy hnd[0] [000] 00 00 00 00 02 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4961.   [010] BC 55 00 00                                       .U..
  4962. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  4963.   Found policy hnd[0] [000] 00 00 00 00 02 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  4964.   [010] BC 55 00 00                                       .U..
  4965. [2010/02/14 20:52:57,  3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
  4966.   Closed policy
  4967. [2010/02/14 20:52:57, 10] registry/reg_backend_db.c:regdb_close(425)
  4968.   regdb_close: decrementing refcount (0)
  4969.       winreg_CloseKey: struct winreg_CloseKey
  4970.           out: struct winreg_CloseKey
  4971.               handle                   : *
  4972.                   handle: struct policy_handle
  4973.                       handle_type              : 0x00000000 (0)
  4974.                       uuid                     : 00000000-0000-0000-0000-000000000000
  4975.               result                   : WERR_OK
  4976. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  4977.   created /tmp/out_winreg_5.36.prs
  4978. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  4979.   api_rpcTNP: called winreg successfully
  4980. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  4981.   free_pipe_context: destroying talloc pool of size 0
  4982. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  4983.   write_to_pipe: data_used = 28
  4984. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  4985.   read_from_pipe: 7716 name: winreg len: 1024
  4986. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  4987.   read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  4988. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  4989.   000000 smb_io_rpc_hdr hdr
  4990. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4991.       0000 major     : 05
  4992. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4993.       0001 minor     : 00
  4994. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4995.       0002 pkt_type  : 02
  4996. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4997.       0003 flags     : 03
  4998. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  4999.       0004 pack_type0: 10
  5000. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5001.       0005 pack_type1: 00
  5002. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5003.       0006 pack_type2: 00
  5004. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5005.       0007 pack_type3: 00
  5006. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5007.       0008 frag_len  : 0030
  5008. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5009.       000a auth_len  : 0000
  5010. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5011.       000c call_id   : 00000005
  5012. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5013.   000010 smb_io_rpc_hdr_resp resp
  5014. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5015.       0010 alloc_hint: 00000018
  5016. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5017.       0014 context_id: 0000
  5018. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5019.       0016 cancel_ct : 00
  5020. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5021.       0017 reserved  : 00
  5022. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  5023.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  5024. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5025. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5026.   size=104
  5027.   smb_com=0x25
  5028.   smb_rcls=0
  5029.   smb_reh=0
  5030.   smb_err=0
  5031.   smb_flg=136
  5032.   smb_flg2=51201
  5033.   smb_tid=1
  5034.   smb_pid=1332
  5035.   smb_uid=100
  5036.   smb_mid=1088
  5037.   smt_wct=10
  5038.   smb_vwv[ 0]=    0 (0x0)
  5039.   smb_vwv[ 1]=   48 (0x30)
  5040.   smb_vwv[ 2]=    0 (0x0)
  5041.   smb_vwv[ 3]=    0 (0x0)
  5042.   smb_vwv[ 4]=   56 (0x38)
  5043.   smb_vwv[ 5]=    0 (0x0)
  5044.   smb_vwv[ 6]=   48 (0x30)
  5045.   smb_vwv[ 7]=   56 (0x38)
  5046.   smb_vwv[ 8]=    0 (0x0)
  5047.   smb_vwv[ 9]=    0 (0x0)
  5048.   smb_bcc=49
  5049. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5050.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 05 00 00  ........ .0......
  5051.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  5052.   [020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  5053.   [030] 00                                                .
  5054. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5055.   run_events: Nothing to do
  5056. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5057.   run_events: Nothing to do
  5058. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5059.   got smb length of 41
  5060. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5061.   got message type 0x0 of len 0x29
  5062. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5063.   Transaction 18 of length 45 (0 toread)
  5064. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5065. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5066.   size=41
  5067.   smb_com=0x4
  5068.   smb_rcls=0
  5069.   smb_reh=0
  5070.   smb_err=0
  5071.   smb_flg=24
  5072.   smb_flg2=51207
  5073.   smb_tid=1
  5074.   smb_pid=65279
  5075.   smb_uid=100
  5076.   smb_mid=1152
  5077.   smt_wct=3
  5078.   smb_vwv[ 0]=30486 (0x7716)
  5079.   smb_vwv[ 1]=65535 (0xFFFF)
  5080.   smb_vwv[ 2]=65535 (0xFFFF)
  5081.   smb_bcc=0
  5082. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5083.   switch message SMBclose (pid 21948) conn 0x10fd8d0
  5084. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5085.   created /tmp/SMBclose.68.req len 45
  5086. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5087.   change_to_user: Skipping user change - already user
  5088. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  5089.   search for pipe pnum=7716
  5090. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5091.   pipe name winreg pnum=7716 (pipes_open=2)
  5092. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5093.   pipe name lsarpc pnum=7715 (pipes_open=2)
  5094. [2010/02/14 20:52:57,  5] smbd/pipes.c:reply_pipe_close(319)
  5095.   reply_pipe_close: pnum:7716
  5096. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
  5097.   close_policy_by_pipe: deleted handle list for pipe winreg
  5098. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
  5099.   closed pipe name winreg pnum=7716 (pipes_open=1)
  5100. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  5101.   Locking key 77696E7265672F32313934382F333034383600
  5102. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  5103.   Allocated locked data 0x0x10fed00
  5104. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  5105.   Unlocking key 77696E7265672F32313934382F333034383600
  5106. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5107. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5108.   size=35
  5109.   smb_com=0x4
  5110.   smb_rcls=0
  5111.   smb_reh=0
  5112.   smb_err=0
  5113.   smb_flg=136
  5114.   smb_flg2=51201
  5115.   smb_tid=1
  5116.   smb_pid=65279
  5117.   smb_uid=100
  5118.   smb_mid=1152
  5119.   smt_wct=0
  5120.   smb_bcc=0
  5121. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5122.   run_events: Nothing to do
  5123. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5124.   run_events: Nothing to do
  5125. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5126.   got smb length of 104
  5127. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5128.   got message type 0x0 of len 0x68
  5129. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5130.   Transaction 19 of length 108 (0 toread)
  5131. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5132. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5133.   size=104
  5134.   smb_com=0xa2
  5135.   smb_rcls=0
  5136.   smb_reh=0
  5137.   smb_err=0
  5138.   smb_flg=24
  5139.   smb_flg2=51207
  5140.   smb_tid=1
  5141.   smb_pid=1332
  5142.   smb_uid=100
  5143.   smb_mid=1216
  5144.   smt_wct=24
  5145.   smb_vwv[ 0]=  255 (0xFF)
  5146.   smb_vwv[ 1]=57054 (0xDEDE)
  5147.   smb_vwv[ 2]= 4608 (0x1200)
  5148.   smb_vwv[ 3]= 5632 (0x1600)
  5149.   smb_vwv[ 4]=    0 (0x0)
  5150.   smb_vwv[ 5]=    0 (0x0)
  5151.   smb_vwv[ 6]=    0 (0x0)
  5152.   smb_vwv[ 7]=40704 (0x9F00)
  5153.   smb_vwv[ 8]=  513 (0x201)
  5154.   smb_vwv[ 9]=    0 (0x0)
  5155.   smb_vwv[10]=    0 (0x0)
  5156.   smb_vwv[11]=    0 (0x0)
  5157.   smb_vwv[12]=    0 (0x0)
  5158.   smb_vwv[13]=    0 (0x0)
  5159.   smb_vwv[14]=    0 (0x0)
  5160.   smb_vwv[15]=  768 (0x300)
  5161.   smb_vwv[16]=    0 (0x0)
  5162.   smb_vwv[17]=  256 (0x100)
  5163.   smb_vwv[18]=    0 (0x0)
  5164.   smb_vwv[19]=16384 (0x4000)
  5165.   smb_vwv[20]=16384 (0x4000)
  5166.   smb_vwv[21]=  512 (0x200)
  5167.   smb_vwv[22]=    0 (0x0)
  5168.   smb_vwv[23]=  256 (0x100)
  5169.   smb_bcc=21
  5170. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5171.   [000] 00 5C 00 4E 00 45 00 54  00 4C 00 4F 00 47 00 4F  .\.N.E.T .L.O.G.O
  5172.   [010] 00 4E 00 00 00                                    .N...
  5173. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5174.   switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
  5175. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5176.   created /tmp/SMBntcreateX.70.req len 108
  5177. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5178.   change_to_user: Skipping user change - already user
  5179. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
  5180.   reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
  5181. [2010/02/14 20:52:57,  4] smbd/nttrans.c:nt_open_pipe(295)
  5182.   nt_open_pipe: Opening pipe \NETLOGON.
  5183. [2010/02/14 20:52:57,  3] smbd/nttrans.c:nt_open_pipe(320)
  5184.   nt_open_pipe: Known pipe NETLOGON opening.
  5185. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
  5186.   Open pipe requested NETLOGON (pipes_open=1)
  5187. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
  5188.   open_rpc_pipe_p: name lsarpc pnum=7715
  5189. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
  5190.   Create pipe requested NETLOGON
  5191. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
  5192.   init_pipe_handles: created handle list for pipe NETLOGON
  5193. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
  5194.   init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
  5195. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
  5196.   Created internal pipe NETLOGON (pipes_open=1)
  5197. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
  5198.   Opened pipe NETLOGON with handle 7717 (pipes_open=2)
  5199. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  5200.   open pipes: name NETLOGON pnum=7717
  5201. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  5202.   open pipes: name lsarpc pnum=7715
  5203. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  5204.   Locking key 4E45544C4F474F4E2F32313934382F333034383700
  5205. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  5206.   Allocated locked data 0x0x111f1b0
  5207. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  5208.   Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
  5209. [2010/02/14 20:52:57,  5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
  5210.   do_ntcreate_pipe_open: open pipe = \NETLOGON
  5211. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5212. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5213.   size=135
  5214.   smb_com=0xa2
  5215.   smb_rcls=0
  5216.   smb_reh=0
  5217.   smb_err=0
  5218.   smb_flg=136
  5219.   smb_flg2=51201
  5220.   smb_tid=1
  5221.   smb_pid=1332
  5222.   smb_uid=100
  5223.   smb_mid=1216
  5224.   smt_wct=42
  5225.   smb_vwv[ 0]=  255 (0xFF)
  5226.   smb_vwv[ 1]=    0 (0x0)
  5227.   smb_vwv[ 2]= 5888 (0x1700)
  5228.   smb_vwv[ 3]=  375 (0x177)
  5229.   smb_vwv[ 4]=    0 (0x0)
  5230.   smb_vwv[ 5]=    0 (0x0)
  5231.   smb_vwv[ 6]=    0 (0x0)
  5232.   smb_vwv[ 7]=    0 (0x0)
  5233.   smb_vwv[ 8]=    0 (0x0)
  5234.   smb_vwv[ 9]=    0 (0x0)
  5235.   smb_vwv[10]=    0 (0x0)
  5236.   smb_vwv[11]=    0 (0x0)
  5237.   smb_vwv[12]=    0 (0x0)
  5238.   smb_vwv[13]=    0 (0x0)
  5239.   smb_vwv[14]=    0 (0x0)
  5240.   smb_vwv[15]=    0 (0x0)
  5241.   smb_vwv[16]=    0 (0x0)
  5242.   smb_vwv[17]=    0 (0x0)
  5243.   smb_vwv[18]=    0 (0x0)
  5244.   smb_vwv[19]=    0 (0x0)
  5245.   smb_vwv[20]=    0 (0x0)
  5246.   smb_vwv[21]=32768 (0x8000)
  5247.   smb_vwv[22]=    0 (0x0)
  5248.   smb_vwv[23]=    0 (0x0)
  5249.   smb_vwv[24]=    0 (0x0)
  5250.   smb_vwv[25]=    0 (0x0)
  5251.   smb_vwv[26]=    0 (0x0)
  5252.   smb_vwv[27]=    0 (0x0)
  5253.   smb_vwv[28]=    0 (0x0)
  5254.   smb_vwv[29]=    0 (0x0)
  5255.   smb_vwv[30]=    0 (0x0)
  5256.   smb_vwv[31]=  512 (0x200)
  5257.   smb_vwv[32]=65280 (0xFF00)
  5258.   smb_vwv[33]=    5 (0x5)
  5259.   smb_vwv[34]=    0 (0x0)
  5260.   smb_vwv[35]=    0 (0x0)
  5261.   smb_vwv[36]=    0 (0x0)
  5262.   smb_vwv[37]=    0 (0x0)
  5263.   smb_vwv[38]=    0 (0x0)
  5264.   smb_vwv[39]=    0 (0x0)
  5265.   smb_vwv[40]=    0 (0x0)
  5266.   smb_vwv[41]=    0 (0x0)
  5267.   smb_bcc=0
  5268. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5269.   run_events: Nothing to do
  5270. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5271.   run_events: Nothing to do
  5272. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5273.   got smb length of 136
  5274. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5275.   got message type 0x0 of len 0x88
  5276. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5277.   Transaction 20 of length 140 (0 toread)
  5278. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5279. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5280.   size=136
  5281.   smb_com=0x2f
  5282.   smb_rcls=0
  5283.   smb_reh=0
  5284.   smb_err=0
  5285.   smb_flg=24
  5286.   smb_flg2=51207
  5287.   smb_tid=1
  5288.   smb_pid=65279
  5289.   smb_uid=100
  5290.   smb_mid=1280
  5291.   smt_wct=14
  5292.   smb_vwv[ 0]=  255 (0xFF)
  5293.   smb_vwv[ 1]=57054 (0xDEDE)
  5294.   smb_vwv[ 2]=30487 (0x7717)
  5295.   smb_vwv[ 3]=    0 (0x0)
  5296.   smb_vwv[ 4]=    0 (0x0)
  5297.   smb_vwv[ 5]=65535 (0xFFFF)
  5298.   smb_vwv[ 6]=65535 (0xFFFF)
  5299.   smb_vwv[ 7]=    8 (0x8)
  5300.   smb_vwv[ 8]=   72 (0x48)
  5301.   smb_vwv[ 9]=    0 (0x0)
  5302.   smb_vwv[10]=   72 (0x48)
  5303.   smb_vwv[11]=   64 (0x40)
  5304.   smb_vwv[12]=    0 (0x0)
  5305.   smb_vwv[13]=    0 (0x0)
  5306.   smb_bcc=73
  5307. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5308.   [000] EE 05 00 0B 03 10 00 00  00 48 00 00 00 01 00 00  ........ .H......
  5309.   [010] 00 B8 10 B8 10 00 00 00  00 01 00 00 00 00 00 01  ........ ........
  5310.   [020] 00 78 56 34 12 34 12 CD  AB EF 00 01 23 45 67 CF  .xV4.4.. ....#Eg.
  5311.   [030] FB 01 00 00 00 04 5D 88  8A EB 1C C9 11 9F E8 08  ......]. ........
  5312.   [040] 00 2B 10 48 60 02 00 00  00                       .+.H`... .
  5313. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5314.   switch message SMBwriteX (pid 21948) conn 0x10fd8d0
  5315. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5316.   created /tmp/SMBwriteX.70.req len 140
  5317. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5318.   change_to_user: Skipping user change - already user
  5319. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  5320.   search for pipe pnum=7717
  5321. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5322.   pipe name NETLOGON pnum=7717 (pipes_open=2)
  5323. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5324.   pipe name lsarpc pnum=7715 (pipes_open=2)
  5325. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  5326.   write_to_pipe: 7717 name: NETLOGON open: Yes len: 72
  5327. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  5328.   [000] 05 00 0B 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  5329.   [010] B8 10 B8 10 00 00 00 00  01 00 00 00 00 00 01 00  ........ ........
  5330.   [020] 78 56 34 12 34 12 CD AB  EF 00 01 23 45 67 CF FB  xV4.4... ...#Eg..
  5331.   [030] 01 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  5332.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  5333. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5334.   write_to_pipe: data_left = 72
  5335. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5336.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
  5337. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  5338.   fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
  5339. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5340.   write_to_pipe: data_used = 16
  5341. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5342.   write_to_pipe: data_left = 56
  5343. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5344.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
  5345. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5346.   000000 smb_io_rpc_hdr
  5347. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5348.       0000 major     : 05
  5349. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5350.       0001 minor     : 00
  5351. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5352.       0002 pkt_type  : 0b
  5353. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5354.       0003 flags     : 03
  5355. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5356.       0004 pack_type0: 10
  5357. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5358.       0005 pack_type1: 00
  5359. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5360.       0006 pack_type2: 00
  5361. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5362.       0007 pack_type3: 00
  5363. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5364.       0008 frag_len  : 0048
  5365. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5366.       000a auth_len  : 0000
  5367. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5368.       000c call_id   : 00000001
  5369. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  5370.   unmarshall_rpc_header: using little-endian RPC
  5371. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  5372.   unmarshall_rpc_header: type = 11, flags = 3
  5373. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5374.   write_to_pipe: data_used = 0
  5375. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5376.   write_to_pipe: data_left = 56
  5377. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5378.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
  5379. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  5380.   process_complete_pdu: processing packet type 11
  5381. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
  5382.   api_pipe_bind_req: decode request. 1553
  5383. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
  5384.   api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
  5385. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5386.   000000 smb_io_rpc_hdr_rb
  5387. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5388.       000000 smb_io_rpc_hdr_bba
  5389. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5390.           0000 max_tsize: 10b8
  5391. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5392.           0002 max_rsize: 10b8
  5393. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5394.           0004 assoc_gid: 00000000
  5395. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5396.       0008 num_contexts: 01
  5397. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5398.       000c context_id  : 0000
  5399. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5400.       000e num_transfer_syntaxes: 01
  5401. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5402.       00000f smb_io_rpc_iface
  5403. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  5404.           000010 smb_io_uuid uuid
  5405. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5406.               0010 data   : 12345678
  5407. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5408.               0014 data   : 1234
  5409. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5410.               0016 data   : abcd
  5411. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5412.               0018 data   : ef 00
  5413. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5414.               001a data   : 01 23 45 67 cf fb
  5415. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5416.           0020 version: 00000001
  5417. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5418.       000024 smb_io_rpc_iface
  5419. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  5420.           000024 smb_io_uuid uuid
  5421. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5422.               0024 data   : 8a885d04
  5423. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5424.               0028 data   : 1ceb
  5425. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5426.               002a data   : 11c9
  5427. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5428.               002c data   : 9f e8
  5429. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5430.               002e data   : 08 00 2b 10 48 60
  5431. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5432.           0034 version: 00000002
  5433. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
  5434.   api_pipe_bind_req: make response. 1608
  5435. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:check_bind_req(991)
  5436.   check_bind_req for \PIPE\NETLOGON
  5437.   checking \PIPE\lsarpc
  5438.   checking \PIPE\lsarpc
  5439.   checking \PIPE\samr
  5440.   checking \PIPE\NETLOGON
  5441. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5442.   000000 smb_io_rpc_hdr_ba
  5443. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5444.       000000 smb_io_rpc_hdr_bba
  5445. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5446.           0000 max_tsize: 10b8
  5447. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5448.           0002 max_rsize: 10b8
  5449. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5450.           0004 assoc_gid: 000053f0
  5451. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5452.       000008 smb_io_rpc_addr_str
  5453. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5454.           0008 len: 000f
  5455. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5456.           000a str: \PIPE\netlogon.
  5457. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5458.       000019 smb_io_rpc_results
  5459. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5460.           001c num_results: 01
  5461. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5462.           0020 result     : 0000
  5463. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5464.           0022 reason     : 0000
  5465. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  5466.       000024 smb_io_rpc_iface
  5467. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  5468.           000024 smb_io_uuid uuid
  5469. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5470.               0024 data   : 8a885d04
  5471. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5472.               0028 data   : 1ceb
  5473. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5474.               002a data   : 11c9
  5475. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5476.               002c data   : 9f e8
  5477. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  5478.               002e data   : 08 00 2b 10 48 60
  5479. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5480.           0034 version: 00000002
  5481. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5482.   000000 smb_io_rpc_hdr
  5483. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5484.       0000 major     : 05
  5485. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5486.       0001 minor     : 00
  5487. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5488.       0002 pkt_type  : 0c
  5489. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5490.       0003 flags     : 03
  5491. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5492.       0004 pack_type0: 10
  5493. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5494.       0005 pack_type1: 00
  5495. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5496.       0006 pack_type2: 00
  5497. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5498.       0007 pack_type3: 00
  5499. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5500.       0008 frag_len  : 0048
  5501. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5502.       000a auth_len  : 0000
  5503. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5504.       000c call_id   : 00000001
  5505. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5506.   write_to_pipe: data_used = 56
  5507. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_write_and_X(251)
  5508.   writeX-IPC pnum=7717 nwritten=72
  5509. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5510. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5511.   size=47
  5512.   smb_com=0x2f
  5513.   smb_rcls=0
  5514.   smb_reh=0
  5515.   smb_err=0
  5516.   smb_flg=136
  5517.   smb_flg2=51201
  5518.   smb_tid=1
  5519.   smb_pid=65279
  5520.   smb_uid=100
  5521.   smb_mid=1280
  5522.   smt_wct=6
  5523.   smb_vwv[ 0]=  255 (0xFF)
  5524.   smb_vwv[ 1]=    0 (0x0)
  5525.   smb_vwv[ 2]=   72 (0x48)
  5526.   smb_vwv[ 3]=    0 (0x0)
  5527.   smb_vwv[ 4]=    0 (0x0)
  5528.   smb_vwv[ 5]=    0 (0x0)
  5529.   smb_bcc=0
  5530. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5531.   run_events: Nothing to do
  5532. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5533.   run_events: Nothing to do
  5534. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5535.   got smb length of 59
  5536. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5537.   got message type 0x0 of len 0x3b
  5538. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5539.   Transaction 21 of length 63 (0 toread)
  5540. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5541. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5542.   size=59
  5543.   smb_com=0x2e
  5544.   smb_rcls=0
  5545.   smb_reh=0
  5546.   smb_err=0
  5547.   smb_flg=24
  5548.   smb_flg2=51207
  5549.   smb_tid=1
  5550.   smb_pid=65279
  5551.   smb_uid=100
  5552.   smb_mid=1344
  5553.   smt_wct=12
  5554.   smb_vwv[ 0]=  255 (0xFF)
  5555.   smb_vwv[ 1]=57054 (0xDEDE)
  5556.   smb_vwv[ 2]=30487 (0x7717)
  5557.   smb_vwv[ 3]=    0 (0x0)
  5558.   smb_vwv[ 4]=    0 (0x0)
  5559.   smb_vwv[ 5]= 1024 (0x400)
  5560.   smb_vwv[ 6]= 1024 (0x400)
  5561.   smb_vwv[ 7]=65535 (0xFFFF)
  5562.   smb_vwv[ 8]=65535 (0xFFFF)
  5563.   smb_vwv[ 9]= 1024 (0x400)
  5564.   smb_vwv[10]=    0 (0x0)
  5565.   smb_vwv[11]=    0 (0x0)
  5566.   smb_bcc=0
  5567. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5568.   switch message SMBreadX (pid 21948) conn 0x10fd8d0
  5569. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5570.   created /tmp/SMBreadX.70.req len 63
  5571. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5572.   change_to_user: Skipping user change - already user
  5573. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  5574.   search for pipe pnum=7717
  5575. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5576.   pipe name NETLOGON pnum=7717 (pipes_open=2)
  5577. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5578.   pipe name lsarpc pnum=7715 (pipes_open=2)
  5579. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  5580.   read_from_pipe: 7717 name: NETLOGON len: 1024
  5581. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
  5582.   read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
  5583. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_read_and_X(301)
  5584.   readX-IPC pnum=7717 min=1024 max=1024 nread=72
  5585. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5586. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5587.   size=131
  5588.   smb_com=0x2e
  5589.   smb_rcls=0
  5590.   smb_reh=0
  5591.   smb_err=0
  5592.   smb_flg=136
  5593.   smb_flg2=51201
  5594.   smb_tid=1
  5595.   smb_pid=65279
  5596.   smb_uid=100
  5597.   smb_mid=1344
  5598.   smt_wct=12
  5599.   smb_vwv[ 0]=  255 (0xFF)
  5600.   smb_vwv[ 1]=    0 (0x0)
  5601.   smb_vwv[ 2]=    0 (0x0)
  5602.   smb_vwv[ 3]=    0 (0x0)
  5603.   smb_vwv[ 4]=    0 (0x0)
  5604.   smb_vwv[ 5]=   72 (0x48)
  5605.   smb_vwv[ 6]=   59 (0x3B)
  5606.   smb_vwv[ 7]=    0 (0x0)
  5607.   smb_vwv[ 8]=    0 (0x0)
  5608.   smb_vwv[ 9]=    0 (0x0)
  5609.   smb_vwv[10]=    0 (0x0)
  5610.   smb_vwv[11]=    0 (0x0)
  5611.   smb_bcc=72
  5612. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5613.   [000] 05 00 0C 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  5614.   [010] B8 10 B8 10 F0 53 00 00  0F 00 5C 50 49 50 45 5C  .....S.. ..\PIPE\
  5615.   [020] 6E 65 74 6C 6F 67 6F 6E  00 00 00 00 01 00 00 00  netlogon ........
  5616.   [030] 00 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  5617.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  5618. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5619.   run_events: Nothing to do
  5620. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5621.   run_events: Nothing to do
  5622. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5623.   got smb length of 194
  5624. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5625.   got message type 0x0 of len 0xc2
  5626. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5627.   Transaction 22 of length 198 (0 toread)
  5628. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5629. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5630.   size=194
  5631.   smb_com=0x25
  5632.   smb_rcls=0
  5633.   smb_reh=0
  5634.   smb_err=0
  5635.   smb_flg=24
  5636.   smb_flg2=51207
  5637.   smb_tid=1
  5638.   smb_pid=1332
  5639.   smb_uid=100
  5640.   smb_mid=1408
  5641.   smt_wct=16
  5642.   smb_vwv[ 0]=    0 (0x0)
  5643.   smb_vwv[ 1]=  110 (0x6E)
  5644.   smb_vwv[ 2]=    0 (0x0)
  5645.   smb_vwv[ 3]= 1024 (0x400)
  5646.   smb_vwv[ 4]=    0 (0x0)
  5647.   smb_vwv[ 5]=    0 (0x0)
  5648.   smb_vwv[ 6]=    0 (0x0)
  5649.   smb_vwv[ 7]=    0 (0x0)
  5650.   smb_vwv[ 8]=    0 (0x0)
  5651.   smb_vwv[ 9]=    0 (0x0)
  5652.   smb_vwv[10]=   84 (0x54)
  5653.   smb_vwv[11]=  110 (0x6E)
  5654.   smb_vwv[12]=   84 (0x54)
  5655.   smb_vwv[13]=    2 (0x2)
  5656.   smb_vwv[14]=   38 (0x26)
  5657.   smb_vwv[15]=30487 (0x7717)
  5658.   smb_bcc=127
  5659. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5660.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  5661.   [010] 00 05 00 00 03 10 00 00  00 6E 00 00 00 01 00 00  ........ .n......
  5662.   [020] 00 56 00 00 00 00 00 04  00 00 00 02 00 0C 00 00  .V...... ........
  5663.   [030] 00 00 00 00 00 0C 00 00  00 5C 00 5C 00 48 00 44  ........ .\.\.H.D
  5664.   [040] 00 53 00 2D 00 4C 00 49  00 4E 00 55 00 58 00 00  .S.-.L.I .N.U.X..
  5665.   [050] 00 0D 00 00 00 00 00 00  00 0D 00 00 00 48 00 44  ........ .....H.D
  5666.   [060] 00 53 00 2D 00 56 00 49  00 52 00 54 00 42 00 4F  .S.-.V.I .R.T.B.O
  5667.   [070] 00 58 00 31 00 00 00 91  EB 96 8E 75 4D E0 91     .X.1.... ...uM..
  5668. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5669.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  5670. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5671.   change_to_user: Skipping user change - already user
  5672. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  5673.   trans <\PIPE\> data=110 params=0 setup=2
  5674. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  5675.   calling named_pipe
  5676. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  5677.   named pipe command on <> name
  5678. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  5679.   api_fd_reply
  5680. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  5681.   search for pipe pnum=7717
  5682. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5683.   pipe name NETLOGON pnum=7717 (pipes_open=2)
  5684. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5685.   pipe name lsarpc pnum=7715 (pipes_open=2)
  5686. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  5687.   Got API command 0x26 on pipe "NETLOGON" (pnum 7717)
  5688. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  5689.   api_fd_reply: p:0x111ef10 max_trans_reply: 1024
  5690. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  5691.   write_to_pipe: 7717 name: NETLOGON open: Yes len: 110
  5692. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  5693.   [000] 05 00 00 03 10 00 00 00  6E 00 00 00 01 00 00 00  ........ n.......
  5694.   [010] 56 00 00 00 00 00 04 00  00 00 02 00 0C 00 00 00  V....... ........
  5695.   [020] 00 00 00 00 0C 00 00 00  5C 00 5C 00 48 00 44 00  ........ \.\.H.D.
  5696.   [030] 53 00 2D 00 4C 00 49 00  4E 00 55 00 58 00 00 00  S.-.L.I. N.U.X...
  5697.   [040] 0D 00 00 00 00 00 00 00  0D 00 00 00 48 00 44 00  ........ ....H.D.
  5698.   [050] 53 00 2D 00 56 00 49 00  52 00 54 00 42 00 4F 00  S.-.V.I. R.T.B.O.
  5699.   [060] 58 00 31 00 00 00 91 EB  96 8E 75 4D E0 91        X.1..... ..uM..
  5700. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5701.   write_to_pipe: data_left = 110
  5702. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5703.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 110
  5704. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  5705.   fill_rpc_header: data_to_copy = 110, len_needed_to_complete_hdr = 16, receive_len = 0
  5706. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5707.   write_to_pipe: data_used = 16
  5708. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5709.   write_to_pipe: data_left = 94
  5710. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5711.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 94
  5712. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5713.   000000 smb_io_rpc_hdr
  5714. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5715.       0000 major     : 05
  5716. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5717.       0001 minor     : 00
  5718. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5719.       0002 pkt_type  : 00
  5720. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5721.       0003 flags     : 03
  5722. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5723.       0004 pack_type0: 10
  5724. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5725.       0005 pack_type1: 00
  5726. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5727.       0006 pack_type2: 00
  5728. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5729.       0007 pack_type3: 00
  5730. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5731.       0008 frag_len  : 006e
  5732. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5733.       000a auth_len  : 0000
  5734. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5735.       000c call_id   : 00000001
  5736. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  5737.   unmarshall_rpc_header: using little-endian RPC
  5738. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  5739.   unmarshall_rpc_header: type = 0, flags = 3
  5740. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5741.   write_to_pipe: data_used = 0
  5742. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  5743.   write_to_pipe: data_left = 94
  5744. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  5745.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 94, incoming data = 94
  5746. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  5747.   process_complete_pdu: processing packet type 0
  5748. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5749.   000000 smb_io_rpc_hdr_req req
  5750. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5751.       0000 alloc_hint: 00000056
  5752. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5753.       0004 context_id: 0000
  5754. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5755.       0006 opnum     : 0004
  5756. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  5757.   free_pipe_context: destroying talloc pool of size 76
  5758. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  5759.   Requested \PIPE\NETLOGON
  5760. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  5761.   api_rpcTNP: NETLOGON op 0x4 - created /tmp/in_NETLOGON_4.17.prs
  5762. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  5763.   api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
  5764. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  5765.   api_rpc_cmds[4].fn == 0x5083d8
  5766.       netr_ServerReqChallenge: struct netr_ServerReqChallenge
  5767.           in: struct netr_ServerReqChallenge
  5768.               server_name              : *
  5769.                   server_name              : '\\HDS-LINUX'
  5770.               computer_name            : 'HDS-VIRTBOX1'
  5771.               credentials              : *
  5772.                   credentials: struct netr_Credential
  5773.                       data                     : 91eb968e754de091
  5774. [2010/02/14 20:52:57,  6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41)
  5775.   init_net_r_req_chal: 41
  5776.       netr_ServerReqChallenge: struct netr_ServerReqChallenge
  5777.           out: struct netr_ServerReqChallenge
  5778.               return_credentials       : *
  5779.                   return_credentials: struct netr_Credential
  5780.                       data                     : 0e180ab05334a0ce
  5781.               result                   : NT_STATUS_OK
  5782. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  5783.   created /tmp/out_NETLOGON_4.17.prs
  5784. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  5785.   api_rpcTNP: called NETLOGON successfully
  5786. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  5787.   free_pipe_context: destroying talloc pool of size 0
  5788. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  5789.   write_to_pipe: data_used = 94
  5790. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  5791.   read_from_pipe: 7717 name: NETLOGON len: 1024
  5792. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  5793.   read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
  5794. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5795.   000000 smb_io_rpc_hdr hdr
  5796. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5797.       0000 major     : 05
  5798. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5799.       0001 minor     : 00
  5800. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5801.       0002 pkt_type  : 02
  5802. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5803.       0003 flags     : 03
  5804. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5805.       0004 pack_type0: 10
  5806. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5807.       0005 pack_type1: 00
  5808. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5809.       0006 pack_type2: 00
  5810. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5811.       0007 pack_type3: 00
  5812. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5813.       0008 frag_len  : 0024
  5814. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5815.       000a auth_len  : 0000
  5816. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5817.       000c call_id   : 00000001
  5818. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  5819.   000010 smb_io_rpc_hdr_resp resp
  5820. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  5821.       0010 alloc_hint: 0000000c
  5822. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  5823.       0014 context_id: 0000
  5824. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5825.       0016 cancel_ct : 00
  5826. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  5827.       0017 reserved  : 00
  5828. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  5829.   copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
  5830. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5831. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5832.   size=92
  5833.   smb_com=0x25
  5834.   smb_rcls=0
  5835.   smb_reh=0
  5836.   smb_err=0
  5837.   smb_flg=136
  5838.   smb_flg2=51201
  5839.   smb_tid=1
  5840.   smb_pid=1332
  5841.   smb_uid=100
  5842.   smb_mid=1408
  5843.   smt_wct=10
  5844.   smb_vwv[ 0]=    0 (0x0)
  5845.   smb_vwv[ 1]=   36 (0x24)
  5846.   smb_vwv[ 2]=    0 (0x0)
  5847.   smb_vwv[ 3]=    0 (0x0)
  5848.   smb_vwv[ 4]=   56 (0x38)
  5849.   smb_vwv[ 5]=    0 (0x0)
  5850.   smb_vwv[ 6]=   36 (0x24)
  5851.   smb_vwv[ 7]=   56 (0x38)
  5852.   smb_vwv[ 8]=    0 (0x0)
  5853.   smb_vwv[ 9]=    0 (0x0)
  5854.   smb_bcc=37
  5855. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5856.   [000] 00 05 00 02 03 10 00 00  00 24 00 00 00 01 00 00  ........ .$......
  5857.   [010] 00 0C 00 00 00 00 00 00  00 0E 18 0A B0 53 34 A0  ........ .....S4.
  5858.   [020] CE 00 00 00 00                                    .....
  5859. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5860.   run_events: Nothing to do
  5861. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5862.   run_events: Nothing to do
  5863. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5864.   got smb length of 41
  5865. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5866.   got message type 0x0 of len 0x29
  5867. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5868.   Transaction 23 of length 45 (0 toread)
  5869. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5870. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5871.   size=41
  5872.   smb_com=0x4
  5873.   smb_rcls=0
  5874.   smb_reh=0
  5875.   smb_err=0
  5876.   smb_flg=24
  5877.   smb_flg2=51207
  5878.   smb_tid=1
  5879.   smb_pid=65279
  5880.   smb_uid=100
  5881.   smb_mid=1472
  5882.   smt_wct=3
  5883.   smb_vwv[ 0]=30487 (0x7717)
  5884.   smb_vwv[ 1]=65535 (0xFFFF)
  5885.   smb_vwv[ 2]=65535 (0xFFFF)
  5886.   smb_bcc=0
  5887. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5888.   switch message SMBclose (pid 21948) conn 0x10fd8d0
  5889. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5890.   created /tmp/SMBclose.69.req len 45
  5891. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5892.   change_to_user: Skipping user change - already user
  5893. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  5894.   search for pipe pnum=7717
  5895. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5896.   pipe name NETLOGON pnum=7717 (pipes_open=2)
  5897. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  5898.   pipe name lsarpc pnum=7715 (pipes_open=2)
  5899. [2010/02/14 20:52:57,  5] smbd/pipes.c:reply_pipe_close(319)
  5900.   reply_pipe_close: pnum:7717
  5901. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
  5902.   close_policy_by_pipe: deleted handle list for pipe NETLOGON
  5903. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
  5904.   closed pipe name NETLOGON pnum=7717 (pipes_open=1)
  5905. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  5906.   Locking key 4E45544C4F474F4E2F32313934382F333034383700
  5907. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  5908.   Allocated locked data 0x0x111d6d0
  5909. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  5910.   Unlocking key 4E45544C4F474F4E2F32313934382F333034383700
  5911. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5912. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5913.   size=35
  5914.   smb_com=0x4
  5915.   smb_rcls=0
  5916.   smb_reh=0
  5917.   smb_err=0
  5918.   smb_flg=136
  5919.   smb_flg2=51201
  5920.   smb_tid=1
  5921.   smb_pid=65279
  5922.   smb_uid=100
  5923.   smb_mid=1472
  5924.   smt_wct=0
  5925.   smb_bcc=0
  5926. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5927.   run_events: Nothing to do
  5928. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  5929.   run_events: Nothing to do
  5930. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  5931.   got smb length of 104
  5932. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  5933.   got message type 0x0 of len 0x68
  5934. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  5935.   Transaction 24 of length 108 (0 toread)
  5936. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  5937. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  5938.   size=104
  5939.   smb_com=0xa2
  5940.   smb_rcls=0
  5941.   smb_reh=0
  5942.   smb_err=0
  5943.   smb_flg=24
  5944.   smb_flg2=51207
  5945.   smb_tid=1
  5946.   smb_pid=1332
  5947.   smb_uid=100
  5948.   smb_mid=1536
  5949.   smt_wct=24
  5950.   smb_vwv[ 0]=  255 (0xFF)
  5951.   smb_vwv[ 1]=57054 (0xDEDE)
  5952.   smb_vwv[ 2]= 4608 (0x1200)
  5953.   smb_vwv[ 3]= 5632 (0x1600)
  5954.   smb_vwv[ 4]=    0 (0x0)
  5955.   smb_vwv[ 5]=    0 (0x0)
  5956.   smb_vwv[ 6]=    0 (0x0)
  5957.   smb_vwv[ 7]=40704 (0x9F00)
  5958.   smb_vwv[ 8]=  513 (0x201)
  5959.   smb_vwv[ 9]=    0 (0x0)
  5960.   smb_vwv[10]=    0 (0x0)
  5961.   smb_vwv[11]=    0 (0x0)
  5962.   smb_vwv[12]=    0 (0x0)
  5963.   smb_vwv[13]=    0 (0x0)
  5964.   smb_vwv[14]=    0 (0x0)
  5965.   smb_vwv[15]=  768 (0x300)
  5966.   smb_vwv[16]=    0 (0x0)
  5967.   smb_vwv[17]=  256 (0x100)
  5968.   smb_vwv[18]=    0 (0x0)
  5969.   smb_vwv[19]=16384 (0x4000)
  5970.   smb_vwv[20]=16384 (0x4000)
  5971.   smb_vwv[21]=  512 (0x200)
  5972.   smb_vwv[22]=    0 (0x0)
  5973.   smb_vwv[23]=  256 (0x100)
  5974.   smb_bcc=21
  5975. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  5976.   [000] 00 5C 00 4E 00 45 00 54  00 4C 00 4F 00 47 00 4F  .\.N.E.T .L.O.G.O
  5977.   [010] 00 4E 00 00 00                                    .N...
  5978. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  5979.   switch message SMBntcreateX (pid 21948) conn 0x10fd8d0
  5980. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  5981.   created /tmp/SMBntcreateX.71.req len 108
  5982. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  5983.   change_to_user: Skipping user change - already user
  5984. [2010/02/14 20:52:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488)
  5985.   reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON
  5986. [2010/02/14 20:52:57,  4] smbd/nttrans.c:nt_open_pipe(295)
  5987.   nt_open_pipe: Opening pipe \NETLOGON.
  5988. [2010/02/14 20:52:57,  3] smbd/nttrans.c:nt_open_pipe(320)
  5989.   nt_open_pipe: Known pipe NETLOGON opening.
  5990. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165)
  5991.   Open pipe requested NETLOGON (pipes_open=1)
  5992. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195)
  5993.   open_rpc_pipe_p: name lsarpc pnum=7715
  5994. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275)
  5995.   Create pipe requested NETLOGON
  5996. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77)
  5997.   init_pipe_handles: created handle list for pipe NETLOGON
  5998. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93)
  5999.   init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON
  6000. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356)
  6001.   Created internal pipe NETLOGON (pipes_open=1)
  6002. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253)
  6003.   Opened pipe NETLOGON with handle 7718 (pipes_open=2)
  6004. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  6005.   open pipes: name NETLOGON pnum=7718
  6006. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259)
  6007.   open pipes: name lsarpc pnum=7715
  6008. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  6009.   Locking key 4E45544C4F474F4E2F32313934382F333034383800
  6010. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  6011.   Allocated locked data 0x0x111d6d0
  6012. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  6013.   Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
  6014. [2010/02/14 20:52:57,  5] smbd/nttrans.c:do_ntcreate_pipe_open(408)
  6015.   do_ntcreate_pipe_open: open pipe = \NETLOGON
  6016. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6017. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6018.   size=135
  6019.   smb_com=0xa2
  6020.   smb_rcls=0
  6021.   smb_reh=0
  6022.   smb_err=0
  6023.   smb_flg=136
  6024.   smb_flg2=51201
  6025.   smb_tid=1
  6026.   smb_pid=1332
  6027.   smb_uid=100
  6028.   smb_mid=1536
  6029.   smt_wct=42
  6030.   smb_vwv[ 0]=  255 (0xFF)
  6031.   smb_vwv[ 1]=    0 (0x0)
  6032.   smb_vwv[ 2]= 6144 (0x1800)
  6033.   smb_vwv[ 3]=  375 (0x177)
  6034.   smb_vwv[ 4]=    0 (0x0)
  6035.   smb_vwv[ 5]=    0 (0x0)
  6036.   smb_vwv[ 6]=    0 (0x0)
  6037.   smb_vwv[ 7]=    0 (0x0)
  6038.   smb_vwv[ 8]=    0 (0x0)
  6039.   smb_vwv[ 9]=    0 (0x0)
  6040.   smb_vwv[10]=    0 (0x0)
  6041.   smb_vwv[11]=    0 (0x0)
  6042.   smb_vwv[12]=    0 (0x0)
  6043.   smb_vwv[13]=    0 (0x0)
  6044.   smb_vwv[14]=    0 (0x0)
  6045.   smb_vwv[15]=    0 (0x0)
  6046.   smb_vwv[16]=    0 (0x0)
  6047.   smb_vwv[17]=    0 (0x0)
  6048.   smb_vwv[18]=    0 (0x0)
  6049.   smb_vwv[19]=    0 (0x0)
  6050.   smb_vwv[20]=    0 (0x0)
  6051.   smb_vwv[21]=32768 (0x8000)
  6052.   smb_vwv[22]=    0 (0x0)
  6053.   smb_vwv[23]=    0 (0x0)
  6054.   smb_vwv[24]=    0 (0x0)
  6055.   smb_vwv[25]=    0 (0x0)
  6056.   smb_vwv[26]=    0 (0x0)
  6057.   smb_vwv[27]=    0 (0x0)
  6058.   smb_vwv[28]=    0 (0x0)
  6059.   smb_vwv[29]=    0 (0x0)
  6060.   smb_vwv[30]=    0 (0x0)
  6061.   smb_vwv[31]=  512 (0x200)
  6062.   smb_vwv[32]=65280 (0xFF00)
  6063.   smb_vwv[33]=    5 (0x5)
  6064.   smb_vwv[34]=    0 (0x0)
  6065.   smb_vwv[35]=    0 (0x0)
  6066.   smb_vwv[36]=    0 (0x0)
  6067.   smb_vwv[37]=    0 (0x0)
  6068.   smb_vwv[38]=    0 (0x0)
  6069.   smb_vwv[39]=    0 (0x0)
  6070.   smb_vwv[40]=    0 (0x0)
  6071.   smb_vwv[41]=    0 (0x0)
  6072.   smb_bcc=0
  6073. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6074.   run_events: Nothing to do
  6075. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6076.   run_events: Nothing to do
  6077. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6078.   got smb length of 136
  6079. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6080.   got message type 0x0 of len 0x88
  6081. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6082.   Transaction 25 of length 140 (0 toread)
  6083. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6084. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6085.   size=136
  6086.   smb_com=0x2f
  6087.   smb_rcls=0
  6088.   smb_reh=0
  6089.   smb_err=0
  6090.   smb_flg=24
  6091.   smb_flg2=51207
  6092.   smb_tid=1
  6093.   smb_pid=65279
  6094.   smb_uid=100
  6095.   smb_mid=1600
  6096.   smt_wct=14
  6097.   smb_vwv[ 0]=  255 (0xFF)
  6098.   smb_vwv[ 1]=57054 (0xDEDE)
  6099.   smb_vwv[ 2]=30488 (0x7718)
  6100.   smb_vwv[ 3]=    0 (0x0)
  6101.   smb_vwv[ 4]=    0 (0x0)
  6102.   smb_vwv[ 5]=65535 (0xFFFF)
  6103.   smb_vwv[ 6]=65535 (0xFFFF)
  6104.   smb_vwv[ 7]=    8 (0x8)
  6105.   smb_vwv[ 8]=   72 (0x48)
  6106.   smb_vwv[ 9]=    0 (0x0)
  6107.   smb_vwv[10]=   72 (0x48)
  6108.   smb_vwv[11]=   64 (0x40)
  6109.   smb_vwv[12]=    0 (0x0)
  6110.   smb_vwv[13]=    0 (0x0)
  6111.   smb_bcc=73
  6112. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6113.   [000] EE 05 00 0B 03 10 00 00  00 48 00 00 00 01 00 00  ........ .H......
  6114.   [010] 00 B8 10 B8 10 00 00 00  00 01 00 00 00 00 00 01  ........ ........
  6115.   [020] 00 78 56 34 12 34 12 CD  AB EF 00 01 23 45 67 CF  .xV4.4.. ....#Eg.
  6116.   [030] FB 01 00 00 00 04 5D 88  8A EB 1C C9 11 9F E8 08  ......]. ........
  6117.   [040] 00 2B 10 48 60 02 00 00  00                       .+.H`... .
  6118. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  6119.   switch message SMBwriteX (pid 21948) conn 0x10fd8d0
  6120. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  6121.   created /tmp/SMBwriteX.71.req len 140
  6122. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  6123.   change_to_user: Skipping user change - already user
  6124. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  6125.   search for pipe pnum=7718
  6126. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6127.   pipe name NETLOGON pnum=7718 (pipes_open=2)
  6128. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6129.   pipe name lsarpc pnum=7715 (pipes_open=2)
  6130. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  6131.   write_to_pipe: 7718 name: NETLOGON open: Yes len: 72
  6132. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  6133.   [000] 05 00 0B 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  6134.   [010] B8 10 B8 10 00 00 00 00  01 00 00 00 00 00 01 00  ........ ........
  6135.   [020] 78 56 34 12 34 12 CD AB  EF 00 01 23 45 67 CF FB  xV4.4... ...#Eg..
  6136.   [030] 01 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  6137.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  6138. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6139.   write_to_pipe: data_left = 72
  6140. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6141.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72
  6142. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  6143.   fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0
  6144. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6145.   write_to_pipe: data_used = 16
  6146. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6147.   write_to_pipe: data_left = 56
  6148. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6149.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56
  6150. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6151.   000000 smb_io_rpc_hdr
  6152. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6153.       0000 major     : 05
  6154. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6155.       0001 minor     : 00
  6156. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6157.       0002 pkt_type  : 0b
  6158. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6159.       0003 flags     : 03
  6160. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6161.       0004 pack_type0: 10
  6162. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6163.       0005 pack_type1: 00
  6164. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6165.       0006 pack_type2: 00
  6166. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6167.       0007 pack_type3: 00
  6168. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6169.       0008 frag_len  : 0048
  6170. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6171.       000a auth_len  : 0000
  6172. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6173.       000c call_id   : 00000001
  6174. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  6175.   unmarshall_rpc_header: using little-endian RPC
  6176. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  6177.   unmarshall_rpc_header: type = 11, flags = 3
  6178. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6179.   write_to_pipe: data_used = 0
  6180. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6181.   write_to_pipe: data_left = 56
  6182. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6183.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56
  6184. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  6185.   process_complete_pdu: processing packet type 11
  6186. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553)
  6187.   api_pipe_bind_req: decode request. 1553
  6188. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564)
  6189.   api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
  6190. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6191.   000000 smb_io_rpc_hdr_rb
  6192. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6193.       000000 smb_io_rpc_hdr_bba
  6194. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6195.           0000 max_tsize: 10b8
  6196. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6197.           0002 max_rsize: 10b8
  6198. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6199.           0004 assoc_gid: 00000000
  6200. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6201.       0008 num_contexts: 01
  6202. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6203.       000c context_id  : 0000
  6204. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6205.       000e num_transfer_syntaxes: 01
  6206. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6207.       00000f smb_io_rpc_iface
  6208. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  6209.           000010 smb_io_uuid uuid
  6210. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6211.               0010 data   : 12345678
  6212. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6213.               0014 data   : 1234
  6214. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6215.               0016 data   : abcd
  6216. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6217.               0018 data   : ef 00
  6218. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6219.               001a data   : 01 23 45 67 cf fb
  6220. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6221.           0020 version: 00000001
  6222. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6223.       000024 smb_io_rpc_iface
  6224. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  6225.           000024 smb_io_uuid uuid
  6226. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6227.               0024 data   : 8a885d04
  6228. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6229.               0028 data   : 1ceb
  6230. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6231.               002a data   : 11c9
  6232. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6233.               002c data   : 9f e8
  6234. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6235.               002e data   : 08 00 2b 10 48 60
  6236. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6237.           0034 version: 00000002
  6238. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608)
  6239.   api_pipe_bind_req: make response. 1608
  6240. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:check_bind_req(991)
  6241.   check_bind_req for \PIPE\NETLOGON
  6242.   checking \PIPE\lsarpc
  6243.   checking \PIPE\lsarpc
  6244.   checking \PIPE\samr
  6245.   checking \PIPE\NETLOGON
  6246. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6247.   000000 smb_io_rpc_hdr_ba
  6248. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6249.       000000 smb_io_rpc_hdr_bba
  6250. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6251.           0000 max_tsize: 10b8
  6252. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6253.           0002 max_rsize: 10b8
  6254. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6255.           0004 assoc_gid: 000053f0
  6256. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6257.       000008 smb_io_rpc_addr_str
  6258. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6259.           0008 len: 000f
  6260. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6261.           000a str: \PIPE\netlogon.
  6262. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6263.       000019 smb_io_rpc_results
  6264. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6265.           001c num_results: 01
  6266. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6267.           0020 result     : 0000
  6268. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6269.           0022 reason     : 0000
  6270. [2010/02/14 20:52:57,  6] rpc_parse/parse_prs.c:prs_debug(88)
  6271.       000024 smb_io_rpc_iface
  6272. [2010/02/14 20:52:57,  7] rpc_parse/parse_prs.c:prs_debug(88)
  6273.           000024 smb_io_uuid uuid
  6274. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6275.               0024 data   : 8a885d04
  6276. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6277.               0028 data   : 1ceb
  6278. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6279.               002a data   : 11c9
  6280. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6281.               002c data   : 9f e8
  6282. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
  6283.               002e data   : 08 00 2b 10 48 60
  6284. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6285.           0034 version: 00000002
  6286. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6287.   000000 smb_io_rpc_hdr
  6288. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6289.       0000 major     : 05
  6290. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6291.       0001 minor     : 00
  6292. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6293.       0002 pkt_type  : 0c
  6294. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6295.       0003 flags     : 03
  6296. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6297.       0004 pack_type0: 10
  6298. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6299.       0005 pack_type1: 00
  6300. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6301.       0006 pack_type2: 00
  6302. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6303.       0007 pack_type3: 00
  6304. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6305.       0008 frag_len  : 0048
  6306. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6307.       000a auth_len  : 0000
  6308. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6309.       000c call_id   : 00000001
  6310. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6311.   write_to_pipe: data_used = 56
  6312. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_write_and_X(251)
  6313.   writeX-IPC pnum=7718 nwritten=72
  6314. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6315. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6316.   size=47
  6317.   smb_com=0x2f
  6318.   smb_rcls=0
  6319.   smb_reh=0
  6320.   smb_err=0
  6321.   smb_flg=136
  6322.   smb_flg2=51201
  6323.   smb_tid=1
  6324.   smb_pid=65279
  6325.   smb_uid=100
  6326.   smb_mid=1600
  6327.   smt_wct=6
  6328.   smb_vwv[ 0]=  255 (0xFF)
  6329.   smb_vwv[ 1]=    0 (0x0)
  6330.   smb_vwv[ 2]=   72 (0x48)
  6331.   smb_vwv[ 3]=    0 (0x0)
  6332.   smb_vwv[ 4]=    0 (0x0)
  6333.   smb_vwv[ 5]=    0 (0x0)
  6334.   smb_bcc=0
  6335. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6336.   run_events: Nothing to do
  6337. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6338.   run_events: Nothing to do
  6339. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6340.   got smb length of 59
  6341. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6342.   got message type 0x0 of len 0x3b
  6343. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6344.   Transaction 26 of length 63 (0 toread)
  6345. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6346. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6347.   size=59
  6348.   smb_com=0x2e
  6349.   smb_rcls=0
  6350.   smb_reh=0
  6351.   smb_err=0
  6352.   smb_flg=24
  6353.   smb_flg2=51207
  6354.   smb_tid=1
  6355.   smb_pid=65279
  6356.   smb_uid=100
  6357.   smb_mid=1664
  6358.   smt_wct=12
  6359.   smb_vwv[ 0]=  255 (0xFF)
  6360.   smb_vwv[ 1]=57054 (0xDEDE)
  6361.   smb_vwv[ 2]=30488 (0x7718)
  6362.   smb_vwv[ 3]=    0 (0x0)
  6363.   smb_vwv[ 4]=    0 (0x0)
  6364.   smb_vwv[ 5]= 1024 (0x400)
  6365.   smb_vwv[ 6]= 1024 (0x400)
  6366.   smb_vwv[ 7]=65535 (0xFFFF)
  6367.   smb_vwv[ 8]=65535 (0xFFFF)
  6368.   smb_vwv[ 9]= 1024 (0x400)
  6369.   smb_vwv[10]=    0 (0x0)
  6370.   smb_vwv[11]=    0 (0x0)
  6371.   smb_bcc=0
  6372. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  6373.   switch message SMBreadX (pid 21948) conn 0x10fd8d0
  6374. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  6375.   created /tmp/SMBreadX.71.req len 63
  6376. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  6377.   change_to_user: Skipping user change - already user
  6378. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  6379.   search for pipe pnum=7718
  6380. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6381.   pipe name NETLOGON pnum=7718 (pipes_open=2)
  6382. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6383.   pipe name lsarpc pnum=7715 (pipes_open=2)
  6384. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  6385.   read_from_pipe: 7718 name: NETLOGON len: 1024
  6386. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045)
  6387.   read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes.
  6388. [2010/02/14 20:52:57,  3] smbd/pipes.c:reply_pipe_read_and_X(301)
  6389.   readX-IPC pnum=7718 min=1024 max=1024 nread=72
  6390. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6391. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6392.   size=131
  6393.   smb_com=0x2e
  6394.   smb_rcls=0
  6395.   smb_reh=0
  6396.   smb_err=0
  6397.   smb_flg=136
  6398.   smb_flg2=51201
  6399.   smb_tid=1
  6400.   smb_pid=65279
  6401.   smb_uid=100
  6402.   smb_mid=1664
  6403.   smt_wct=12
  6404.   smb_vwv[ 0]=  255 (0xFF)
  6405.   smb_vwv[ 1]=    0 (0x0)
  6406.   smb_vwv[ 2]=    0 (0x0)
  6407.   smb_vwv[ 3]=    0 (0x0)
  6408.   smb_vwv[ 4]=    0 (0x0)
  6409.   smb_vwv[ 5]=   72 (0x48)
  6410.   smb_vwv[ 6]=   59 (0x3B)
  6411.   smb_vwv[ 7]=    0 (0x0)
  6412.   smb_vwv[ 8]=    0 (0x0)
  6413.   smb_vwv[ 9]=    0 (0x0)
  6414.   smb_vwv[10]=    0 (0x0)
  6415.   smb_vwv[11]=    0 (0x0)
  6416.   smb_bcc=72
  6417. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6418.   [000] 05 00 0C 03 10 00 00 00  48 00 00 00 01 00 00 00  ........ H.......
  6419.   [010] B8 10 B8 10 F0 53 00 00  0F 00 5C 50 49 50 45 5C  .....S.. ..\PIPE\
  6420.   [020] 6E 65 74 6C 6F 67 6F 6E  00 00 00 00 01 00 00 00  netlogon ........
  6421.   [030] 00 00 00 00 04 5D 88 8A  EB 1C C9 11 9F E8 08 00  .....].. ........
  6422.   [040] 2B 10 48 60 02 00 00 00                           +.H`....
  6423. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6424.   run_events: Nothing to do
  6425. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6426.   run_events: Nothing to do
  6427. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6428.   got smb length of 238
  6429. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6430.   got message type 0x0 of len 0xee
  6431. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6432.   Transaction 27 of length 242 (0 toread)
  6433. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6434. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6435.   size=238
  6436.   smb_com=0x25
  6437.   smb_rcls=0
  6438.   smb_reh=0
  6439.   smb_err=0
  6440.   smb_flg=24
  6441.   smb_flg2=51207
  6442.   smb_tid=1
  6443.   smb_pid=1332
  6444.   smb_uid=100
  6445.   smb_mid=1728
  6446.   smt_wct=16
  6447.   smb_vwv[ 0]=    0 (0x0)
  6448.   smb_vwv[ 1]=  154 (0x9A)
  6449.   smb_vwv[ 2]=    0 (0x0)
  6450.   smb_vwv[ 3]= 1024 (0x400)
  6451.   smb_vwv[ 4]=    0 (0x0)
  6452.   smb_vwv[ 5]=    0 (0x0)
  6453.   smb_vwv[ 6]=    0 (0x0)
  6454.   smb_vwv[ 7]=    0 (0x0)
  6455.   smb_vwv[ 8]=    0 (0x0)
  6456.   smb_vwv[ 9]=    0 (0x0)
  6457.   smb_vwv[10]=   84 (0x54)
  6458.   smb_vwv[11]=  154 (0x9A)
  6459.   smb_vwv[12]=   84 (0x54)
  6460.   smb_vwv[13]=    2 (0x2)
  6461.   smb_vwv[14]=   38 (0x26)
  6462.   smb_vwv[15]=30488 (0x7718)
  6463.   smb_bcc=171
  6464. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6465.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  6466.   [010] 00 05 00 00 03 10 00 00  00 9A 00 00 00 01 00 00  ........ ........
  6467.   [020] 00 82 00 00 00 00 00 05  00 00 00 02 00 0C 00 00  ........ ........
  6468.   [030] 00 00 00 00 00 0C 00 00  00 5C 00 5C 00 48 00 44  ........ .\.\.H.D
  6469.   [040] 00 53 00 2D 00 4C 00 49  00 4E 00 55 00 58 00 00  .S.-.L.I .N.U.X..
  6470.   [050] 00 0E 00 00 00 00 00 00  00 0E 00 00 00 48 00 44  ........ .....H.D
  6471.   [060] 00 53 00 2D 00 56 00 49  00 52 00 54 00 42 00 4F  .S.-.V.I .R.T.B.O
  6472.   [070] 00 58 00 31 00 24 00 00  00 02 00 75 4D 0D 00 00  .X.1.$.. ...uM...
  6473.   [080] 00 00 00 00 00 0D 00 00  00 48 00 44 00 53 00 2D  ........ .H.D.S.-
  6474.   [090] 00 56 00 49 00 52 00 54  00 42 00 4F 00 58 00 31  .V.I.R.T .B.O.X.1
  6475.   [0A0] 00 00 00 E8 DB 52 90 EC  3B 18 7B                 .....R.. ;.{
  6476. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  6477.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  6478. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  6479.   change_to_user: Skipping user change - already user
  6480. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  6481.   trans <\PIPE\> data=154 params=0 setup=2
  6482. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  6483.   calling named_pipe
  6484. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  6485.   named pipe command on <> name
  6486. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  6487.   api_fd_reply
  6488. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  6489.   search for pipe pnum=7718
  6490. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6491.   pipe name NETLOGON pnum=7718 (pipes_open=2)
  6492. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6493.   pipe name lsarpc pnum=7715 (pipes_open=2)
  6494. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  6495.   Got API command 0x26 on pipe "NETLOGON" (pnum 7718)
  6496. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  6497.   api_fd_reply: p:0x111d180 max_trans_reply: 1024
  6498. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  6499.   write_to_pipe: 7718 name: NETLOGON open: Yes len: 154
  6500. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  6501.   [000] 05 00 00 03 10 00 00 00  9A 00 00 00 01 00 00 00  ........ ........
  6502.   [010] 82 00 00 00 00 00 05 00  00 00 02 00 0C 00 00 00  ........ ........
  6503.   [020] 00 00 00 00 0C 00 00 00  5C 00 5C 00 48 00 44 00  ........ \.\.H.D.
  6504.   [030] 53 00 2D 00 4C 00 49 00  4E 00 55 00 58 00 00 00  S.-.L.I. N.U.X...
  6505.   [040] 0E 00 00 00 00 00 00 00  0E 00 00 00 48 00 44 00  ........ ....H.D.
  6506.   [050] 53 00 2D 00 56 00 49 00  52 00 54 00 42 00 4F 00  S.-.V.I. R.T.B.O.
  6507.   [060] 58 00 31 00 24 00 00 00  02 00 75 4D 0D 00 00 00  X.1.$... ..uM....
  6508.   [070] 00 00 00 00 0D 00 00 00  48 00 44 00 53 00 2D 00  ........ H.D.S.-.
  6509.   [080] 56 00 49 00 52 00 54 00  42 00 4F 00 58 00 31 00  V.I.R.T. B.O.X.1.
  6510.   [090] 00 00 E8 DB 52 90 EC 3B  18 7B                    ....R..; .{
  6511. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6512.   write_to_pipe: data_left = 154
  6513. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6514.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 154
  6515. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  6516.   fill_rpc_header: data_to_copy = 154, len_needed_to_complete_hdr = 16, receive_len = 0
  6517. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6518.   write_to_pipe: data_used = 16
  6519. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6520.   write_to_pipe: data_left = 138
  6521. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6522.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 138
  6523. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6524.   000000 smb_io_rpc_hdr
  6525. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6526.       0000 major     : 05
  6527. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6528.       0001 minor     : 00
  6529. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6530.       0002 pkt_type  : 00
  6531. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6532.       0003 flags     : 03
  6533. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6534.       0004 pack_type0: 10
  6535. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6536.       0005 pack_type1: 00
  6537. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6538.       0006 pack_type2: 00
  6539. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6540.       0007 pack_type3: 00
  6541. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6542.       0008 frag_len  : 009a
  6543. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6544.       000a auth_len  : 0000
  6545. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6546.       000c call_id   : 00000001
  6547. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  6548.   unmarshall_rpc_header: using little-endian RPC
  6549. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  6550.   unmarshall_rpc_header: type = 0, flags = 3
  6551. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6552.   write_to_pipe: data_used = 0
  6553. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6554.   write_to_pipe: data_left = 138
  6555. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6556.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 138, incoming data = 138
  6557. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  6558.   process_complete_pdu: processing packet type 0
  6559. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6560.   000000 smb_io_rpc_hdr_req req
  6561. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6562.       0000 alloc_hint: 00000082
  6563. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6564.       0004 context_id: 0000
  6565. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6566.       0006 opnum     : 0005
  6567. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  6568.   free_pipe_context: destroying talloc pool of size 76
  6569. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  6570.   Requested \PIPE\NETLOGON
  6571. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  6572.   api_rpcTNP: NETLOGON op 0x5 - created /tmp/in_NETLOGON_5.17.prs
  6573. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  6574.   api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
  6575. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  6576.   api_rpc_cmds[5].fn == 0x508188
  6577.       netr_ServerAuthenticate: struct netr_ServerAuthenticate
  6578.           in: struct netr_ServerAuthenticate
  6579.               server_name              : *
  6580.                   server_name              : '\\HDS-LINUX'
  6581.               account_name             : 'HDS-VIRTBOX1$'
  6582.               secure_channel_type      : SEC_CHAN_WKSTA (2)
  6583.               computer_name            : 'HDS-VIRTBOX1'
  6584.               credentials              : *
  6585.                   credentials: struct netr_Credential
  6586.                       data                     : e8db5290ec3b187b
  6587.       netr_ServerAuthenticate: struct netr_ServerAuthenticate
  6588.           out: struct netr_ServerAuthenticate
  6589.               return_credentials       : *
  6590.                   return_credentials: struct netr_Credential
  6591.                       data                     : 0000000000000000
  6592.               result                   : NT_STATUS_ACCESS_DENIED
  6593. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  6594.   created /tmp/out_NETLOGON_5.17.prs
  6595. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  6596.   api_rpcTNP: called NETLOGON successfully
  6597. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  6598.   free_pipe_context: destroying talloc pool of size 0
  6599. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6600.   write_to_pipe: data_used = 138
  6601. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  6602.   read_from_pipe: 7718 name: NETLOGON len: 1024
  6603. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  6604.   read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12.
  6605. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6606.   000000 smb_io_rpc_hdr hdr
  6607. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6608.       0000 major     : 05
  6609. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6610.       0001 minor     : 00
  6611. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6612.       0002 pkt_type  : 02
  6613. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6614.       0003 flags     : 03
  6615. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6616.       0004 pack_type0: 10
  6617. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6618.       0005 pack_type1: 00
  6619. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6620.       0006 pack_type2: 00
  6621. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6622.       0007 pack_type3: 00
  6623. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6624.       0008 frag_len  : 0024
  6625. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6626.       000a auth_len  : 0000
  6627. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6628.       000c call_id   : 00000001
  6629. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6630.   000010 smb_io_rpc_hdr_resp resp
  6631. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6632.       0010 alloc_hint: 0000000c
  6633. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6634.       0014 context_id: 0000
  6635. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6636.       0016 cancel_ct : 00
  6637. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6638.       0017 reserved  : 00
  6639. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  6640.   copy_trans_params_and_data: params[0..0] data[0..36] (align 0)
  6641. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6642. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6643.   size=92
  6644.   smb_com=0x25
  6645.   smb_rcls=0
  6646.   smb_reh=0
  6647.   smb_err=0
  6648.   smb_flg=136
  6649.   smb_flg2=51201
  6650.   smb_tid=1
  6651.   smb_pid=1332
  6652.   smb_uid=100
  6653.   smb_mid=1728
  6654.   smt_wct=10
  6655.   smb_vwv[ 0]=    0 (0x0)
  6656.   smb_vwv[ 1]=   36 (0x24)
  6657.   smb_vwv[ 2]=    0 (0x0)
  6658.   smb_vwv[ 3]=    0 (0x0)
  6659.   smb_vwv[ 4]=   56 (0x38)
  6660.   smb_vwv[ 5]=    0 (0x0)
  6661.   smb_vwv[ 6]=   36 (0x24)
  6662.   smb_vwv[ 7]=   56 (0x38)
  6663.   smb_vwv[ 8]=    0 (0x0)
  6664.   smb_vwv[ 9]=    0 (0x0)
  6665.   smb_bcc=37
  6666. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6667.   [000] 00 05 00 02 03 10 00 00  00 24 00 00 00 01 00 00  ........ .$......
  6668.   [010] 00 0C 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  6669.   [020] 00 22 00 00 C0                                    ."...
  6670. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6671.   run_events: Nothing to do
  6672. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6673.   run_events: Nothing to do
  6674. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6675.   got smb length of 41
  6676. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6677.   got message type 0x0 of len 0x29
  6678. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6679.   Transaction 28 of length 45 (0 toread)
  6680. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6681. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6682.   size=41
  6683.   smb_com=0x4
  6684.   smb_rcls=0
  6685.   smb_reh=0
  6686.   smb_err=0
  6687.   smb_flg=24
  6688.   smb_flg2=51207
  6689.   smb_tid=1
  6690.   smb_pid=65279
  6691.   smb_uid=100
  6692.   smb_mid=1792
  6693.   smt_wct=3
  6694.   smb_vwv[ 0]=30488 (0x7718)
  6695.   smb_vwv[ 1]=65535 (0xFFFF)
  6696.   smb_vwv[ 2]=65535 (0xFFFF)
  6697.   smb_bcc=0
  6698. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  6699.   switch message SMBclose (pid 21948) conn 0x10fd8d0
  6700. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  6701.   created /tmp/SMBclose.70.req len 45
  6702. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  6703.   change_to_user: Skipping user change - already user
  6704. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  6705.   search for pipe pnum=7718
  6706. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6707.   pipe name NETLOGON pnum=7718 (pipes_open=2)
  6708. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6709.   pipe name lsarpc pnum=7715 (pipes_open=2)
  6710. [2010/02/14 20:52:57,  5] smbd/pipes.c:reply_pipe_close(319)
  6711.   reply_pipe_close: pnum:7718
  6712. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
  6713.   close_policy_by_pipe: deleted handle list for pipe NETLOGON
  6714. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
  6715.   closed pipe name NETLOGON pnum=7718 (pipes_open=1)
  6716. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  6717.   Locking key 4E45544C4F474F4E2F32313934382F333034383800
  6718. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  6719.   Allocated locked data 0x0x1120a30
  6720. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  6721.   Unlocking key 4E45544C4F474F4E2F32313934382F333034383800
  6722. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6723. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6724.   size=35
  6725.   smb_com=0x4
  6726.   smb_rcls=0
  6727.   smb_reh=0
  6728.   smb_err=0
  6729.   smb_flg=136
  6730.   smb_flg2=51201
  6731.   smb_tid=1
  6732.   smb_pid=65279
  6733.   smb_uid=100
  6734.   smb_mid=1792
  6735.   smt_wct=0
  6736.   smb_bcc=0
  6737. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6738.   run_events: Nothing to do
  6739. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6740.   run_events: Nothing to do
  6741. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6742.   got smb length of 128
  6743. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6744.   got message type 0x0 of len 0x80
  6745. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6746.   Transaction 29 of length 132 (0 toread)
  6747. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6748. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6749.   size=128
  6750.   smb_com=0x25
  6751.   smb_rcls=0
  6752.   smb_reh=0
  6753.   smb_err=0
  6754.   smb_flg=24
  6755.   smb_flg2=51207
  6756.   smb_tid=1
  6757.   smb_pid=1332
  6758.   smb_uid=100
  6759.   smb_mid=1856
  6760.   smt_wct=16
  6761.   smb_vwv[ 0]=    0 (0x0)
  6762.   smb_vwv[ 1]=   44 (0x2C)
  6763.   smb_vwv[ 2]=    0 (0x0)
  6764.   smb_vwv[ 3]= 1024 (0x400)
  6765.   smb_vwv[ 4]=    0 (0x0)
  6766.   smb_vwv[ 5]=    0 (0x0)
  6767.   smb_vwv[ 6]=    0 (0x0)
  6768.   smb_vwv[ 7]=    0 (0x0)
  6769.   smb_vwv[ 8]=    0 (0x0)
  6770.   smb_vwv[ 9]=    0 (0x0)
  6771.   smb_vwv[10]=   84 (0x54)
  6772.   smb_vwv[11]=   44 (0x2C)
  6773.   smb_vwv[12]=   84 (0x54)
  6774.   smb_vwv[13]=    2 (0x2)
  6775.   smb_vwv[14]=   38 (0x26)
  6776.   smb_vwv[15]=30485 (0x7715)
  6777.   smb_bcc=61
  6778. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6779.   [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 00  .\.P.I.P .E.\....
  6780.   [010] 00 05 00 00 03 10 00 00  00 2C 00 00 00 04 00 00  ........ .,......
  6781.   [020] 00 14 00 00 00 00 00 00  00 00 00 00 00 01 00 00  ........ ........
  6782.   [030] 00 00 00 00 00 78 4B A9  62 BC 55 00 00           .....xK. b.U..
  6783. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  6784.   switch message SMBtrans (pid 21948) conn 0x10fd8d0
  6785. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  6786.   change_to_user: Skipping user change - already user
  6787. [2010/02/14 20:52:57,  3] smbd/ipc.c:handle_trans(436)
  6788.   trans <\PIPE\> data=44 params=0 setup=2
  6789. [2010/02/14 20:52:57,  5] smbd/ipc.c:handle_trans(469)
  6790.   calling named_pipe
  6791. [2010/02/14 20:52:57,  3] smbd/ipc.c:named_pipe(387)
  6792.   named pipe command on <> name
  6793. [2010/02/14 20:52:57,  5] smbd/ipc.c:api_fd_reply(307)
  6794.   api_fd_reply
  6795. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  6796.   search for pipe pnum=7715
  6797. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  6798.   pipe name lsarpc pnum=7715 (pipes_open=1)
  6799. [2010/02/14 20:52:57,  3] smbd/ipc.c:api_fd_reply(345)
  6800.   Got API command 0x26 on pipe "lsarpc" (pnum 7715)
  6801. [2010/02/14 20:52:57, 10] smbd/ipc.c:api_fd_reply(350)
  6802.   api_fd_reply: p:0x10f9f70 max_trans_reply: 1024
  6803. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927)
  6804.   write_to_pipe: 7715 name: lsarpc open: Yes len: 44
  6805. [2010/02/14 20:52:57, 50] lib/util.c:dump_data(2223)
  6806.   [000] 05 00 00 03 10 00 00 00  2C 00 00 00 04 00 00 00  ........ ,.......
  6807.   [010] 14 00 00 00 00 00 00 00  00 00 00 00 01 00 00 00  ........ ........
  6808.   [020] 00 00 00 00 78 4B A9 62  BC 55 00 00              ....xK.b .U..
  6809. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6810.   write_to_pipe: data_left = 44
  6811. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6812.   process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44
  6813. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385)
  6814.   fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0
  6815. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6816.   write_to_pipe: data_used = 16
  6817. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6818.   write_to_pipe: data_left = 28
  6819. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6820.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28
  6821. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6822.   000000 smb_io_rpc_hdr
  6823. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6824.       0000 major     : 05
  6825. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6826.       0001 minor     : 00
  6827. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6828.       0002 pkt_type  : 00
  6829. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6830.       0003 flags     : 03
  6831. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6832.       0004 pack_type0: 10
  6833. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6834.       0005 pack_type1: 00
  6835. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6836.       0006 pack_type2: 00
  6837. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6838.       0007 pack_type3: 00
  6839. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6840.       0008 frag_len  : 002c
  6841. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6842.       000a auth_len  : 0000
  6843. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6844.       000c call_id   : 00000004
  6845. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472)
  6846.   unmarshall_rpc_header: using little-endian RPC
  6847. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501)
  6848.   unmarshall_rpc_header: type = 0, flags = 3
  6849. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6850.   write_to_pipe: data_used = 0
  6851. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949)
  6852.   write_to_pipe: data_left = 28
  6853. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842)
  6854.   process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28
  6855. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709)
  6856.   process_complete_pdu: processing packet type 0
  6857. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6858.   000000 smb_io_rpc_hdr_req req
  6859. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6860.       0000 alloc_hint: 00000014
  6861. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6862.       0004 context_id: 0000
  6863. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6864.       0006 opnum     : 0000
  6865. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  6866.   free_pipe_context: destroying talloc pool of size 0
  6867. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_pipe_request(2262)
  6868.   Requested \PIPE\lsarpc
  6869. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe.c:api_rpcTNP(2297)
  6870.   api_rpcTNP: lsarpc op 0x0 - created /tmp/in_lsarpc_0.18.prs
  6871. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe.c:api_rpcTNP(2304)
  6872.   api_rpcTNP: rpc command: LSA_CLOSE
  6873. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe.c:api_rpcTNP(2323)
  6874.   api_rpc_cmds[0].fn == 0x4e37d8
  6875.       lsa_Close: struct lsa_Close
  6876.           in: struct lsa_Close
  6877.               handle                   : *
  6878.                   handle: struct policy_handle
  6879.                       handle_type              : 0x00000000 (0)
  6880.                       uuid                     : 00000001-0000-0000-784b-a962bc550000
  6881. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  6882.   Found policy hnd[0] [000] 00 00 00 00 01 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  6883.   [010] BC 55 00 00                                       .U..
  6884. [2010/02/14 20:52:57,  4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168)
  6885.   Found policy hnd[0] [000] 00 00 00 00 01 00 00 00  00 00 00 00 78 4B A9 62  ........ ....xK.b
  6886.   [010] BC 55 00 00                                       .U..
  6887. [2010/02/14 20:52:57,  3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206)
  6888.   Closed policy
  6889.       lsa_Close: struct lsa_Close
  6890.           out: struct lsa_Close
  6891.               handle                   : *
  6892.                   handle: struct policy_handle
  6893.                       handle_type              : 0x00000000 (0)
  6894.                       uuid                     : 00000000-0000-0000-0000-000000000000
  6895.               result                   : NT_STATUS_OK
  6896. [2010/02/14 20:52:57,  0] rpc_parse/parse_prs.c:prs_dump_region(73)
  6897.   created /tmp/out_lsarpc_0.18.prs
  6898. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe.c:api_rpcTNP(2351)
  6899.   api_rpcTNP: called lsarpc successfully
  6900. [2010/02/14 20:52:57,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519)
  6901.   free_pipe_context: destroying talloc pool of size 0
  6902. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953)
  6903.   write_to_pipe: data_used = 28
  6904. [2010/02/14 20:52:57,  6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985)
  6905.   read_from_pipe: 7715 name: lsarpc len: 1024
  6906. [2010/02/14 20:52:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059)
  6907.   read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24.
  6908. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6909.   000000 smb_io_rpc_hdr hdr
  6910. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6911.       0000 major     : 05
  6912. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6913.       0001 minor     : 00
  6914. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6915.       0002 pkt_type  : 02
  6916. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6917.       0003 flags     : 03
  6918. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6919.       0004 pack_type0: 10
  6920. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6921.       0005 pack_type1: 00
  6922. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6923.       0006 pack_type2: 00
  6924. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6925.       0007 pack_type3: 00
  6926. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6927.       0008 frag_len  : 0030
  6928. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6929.       000a auth_len  : 0000
  6930. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6931.       000c call_id   : 00000004
  6932. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_debug(88)
  6933.   000010 smb_io_rpc_hdr_resp resp
  6934. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint32(718)
  6935.       0010 alloc_hint: 00000018
  6936. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint16(689)
  6937.       0014 context_id: 0000
  6938. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6939.       0016 cancel_ct : 00
  6940. [2010/02/14 20:52:57,  5] rpc_parse/parse_prs.c:prs_uint8(624)
  6941.       0017 reserved  : 00
  6942. [2010/02/14 20:52:57,  5] smbd/ipc.c:copy_trans_params_and_data(60)
  6943.   copy_trans_params_and_data: params[0..0] data[0..48] (align 0)
  6944. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6945. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6946.   size=104
  6947.   smb_com=0x25
  6948.   smb_rcls=0
  6949.   smb_reh=0
  6950.   smb_err=0
  6951.   smb_flg=136
  6952.   smb_flg2=51201
  6953.   smb_tid=1
  6954.   smb_pid=1332
  6955.   smb_uid=100
  6956.   smb_mid=1856
  6957.   smt_wct=10
  6958.   smb_vwv[ 0]=    0 (0x0)
  6959.   smb_vwv[ 1]=   48 (0x30)
  6960.   smb_vwv[ 2]=    0 (0x0)
  6961.   smb_vwv[ 3]=    0 (0x0)
  6962.   smb_vwv[ 4]=   56 (0x38)
  6963.   smb_vwv[ 5]=    0 (0x0)
  6964.   smb_vwv[ 6]=   48 (0x30)
  6965.   smb_vwv[ 7]=   56 (0x38)
  6966.   smb_vwv[ 8]=    0 (0x0)
  6967.   smb_vwv[ 9]=    0 (0x0)
  6968.   smb_bcc=49
  6969. [2010/02/14 20:52:57, 10] lib/util.c:dump_data(2223)
  6970.   [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 04 00 00  ........ .0......
  6971.   [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  6972.   [020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  6973.   [030] 00                                                .
  6974. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6975.   run_events: Nothing to do
  6976. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  6977.   run_events: Nothing to do
  6978. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  6979.   got smb length of 41
  6980. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  6981.   got message type 0x0 of len 0x29
  6982. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  6983.   Transaction 30 of length 45 (0 toread)
  6984. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  6985. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  6986.   size=41
  6987.   smb_com=0x4
  6988.   smb_rcls=0
  6989.   smb_reh=0
  6990.   smb_err=0
  6991.   smb_flg=24
  6992.   smb_flg2=51207
  6993.   smb_tid=1
  6994.   smb_pid=65279
  6995.   smb_uid=100
  6996.   smb_mid=1920
  6997.   smt_wct=3
  6998.   smb_vwv[ 0]=30485 (0x7715)
  6999.   smb_vwv[ 1]=65535 (0xFFFF)
  7000.   smb_vwv[ 2]=65535 (0xFFFF)
  7001.   smb_bcc=0
  7002. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  7003.   switch message SMBclose (pid 21948) conn 0x10fd8d0
  7004. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  7005.   created /tmp/SMBclose.71.req len 45
  7006. [2010/02/14 20:52:57,  4] smbd/uid.c:change_to_user(182)
  7007.   change_to_user: Skipping user change - already user
  7008. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258)
  7009.   search for pipe pnum=7715
  7010. [2010/02/14 20:52:57,  5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262)
  7011.   pipe name lsarpc pnum=7715 (pipes_open=1)
  7012. [2010/02/14 20:52:57,  5] smbd/pipes.c:reply_pipe_close(319)
  7013.   reply_pipe_close: pnum:7715
  7014. [2010/02/14 20:52:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241)
  7015.   close_policy_by_pipe: deleted handle list for pipe lsarpc
  7016. [2010/02/14 20:52:57,  4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160)
  7017.   closed pipe name lsarpc pnum=7715 (pipes_open=0)
  7018. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  7019.   Locking key 6C73617270632F32313934382F333034383500
  7020. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  7021.   Allocated locked data 0x0x11196f0
  7022. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  7023.   Unlocking key 6C73617270632F32313934382F333034383500
  7024. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7025. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7026.   size=35
  7027.   smb_com=0x4
  7028.   smb_rcls=0
  7029.   smb_reh=0
  7030.   smb_err=0
  7031.   smb_flg=136
  7032.   smb_flg2=51201
  7033.   smb_tid=1
  7034.   smb_pid=65279
  7035.   smb_uid=100
  7036.   smb_mid=1920
  7037.   smt_wct=0
  7038.   smb_bcc=0
  7039. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7040.   run_events: Nothing to do
  7041. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7042.   run_events: Nothing to do
  7043. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  7044.   got smb length of 39
  7045. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  7046.   got message type 0x0 of len 0x27
  7047. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  7048.   Transaction 31 of length 43 (0 toread)
  7049. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7050. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7051.   size=39
  7052.   smb_com=0x74
  7053.   smb_rcls=0
  7054.   smb_reh=0
  7055.   smb_err=0
  7056.   smb_flg=24
  7057.   smb_flg2=51207
  7058.   smb_tid=0
  7059.   smb_pid=65279
  7060.   smb_uid=100
  7061.   smb_mid=1984
  7062.   smt_wct=2
  7063.   smb_vwv[ 0]=  255 (0xFF)
  7064.   smb_vwv[ 1]=    0 (0x0)
  7065.   smb_bcc=0
  7066. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  7067.   switch message SMBulogoffX (pid 21948) conn 0x0
  7068. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  7069.   created /tmp/SMBulogoffX.30.req len 43
  7070. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7071.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7072. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7073.   NT user token: (NULL)
  7074. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7075.   UNIX token of user 0
  7076.   Primary group is 0 and contains 0 supplementary groups
  7077. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7078.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7079. [2010/02/14 20:52:57,  3] smbd/reply.c:reply_ulogoffX(1910)
  7080.   ulogoffX vuid=100
  7081. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7082. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7083.   size=39
  7084.   smb_com=0x74
  7085.   smb_rcls=0
  7086.   smb_reh=0
  7087.   smb_err=0
  7088.   smb_flg=136
  7089.   smb_flg2=51201
  7090.   smb_tid=0
  7091.   smb_pid=65279
  7092.   smb_uid=100
  7093.   smb_mid=1984
  7094.   smt_wct=2
  7095.   smb_vwv[ 0]=  255 (0xFF)
  7096.   smb_vwv[ 1]=    0 (0x0)
  7097.   smb_bcc=0
  7098. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7099.   run_events: Nothing to do
  7100. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7101.   run_events: Nothing to do
  7102. [2010/02/14 20:52:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187)
  7103.   got smb length of 35
  7104. [2010/02/14 20:52:57,  6] smbd/process.c:process_smb(1567)
  7105.   got message type 0x0 of len 0x23
  7106. [2010/02/14 20:52:57,  3] smbd/process.c:process_smb(1570)
  7107.   Transaction 32 of length 39 (0 toread)
  7108. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7109. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7110.   size=35
  7111.   smb_com=0x71
  7112.   smb_rcls=0
  7113.   smb_reh=0
  7114.   smb_err=0
  7115.   smb_flg=24
  7116.   smb_flg2=51207
  7117.   smb_tid=1
  7118.   smb_pid=65279
  7119.   smb_uid=100
  7120.   smb_mid=2048
  7121.   smt_wct=0
  7122.   smb_bcc=0
  7123. [2010/02/14 20:52:57,  3] smbd/process.c:switch_message(1374)
  7124.   switch message SMBtdis (pid 21948) conn 0x10fd8d0
  7125. [2010/02/14 20:52:57,  0] smbd/process.c:smb_dump(1322)
  7126.   created /tmp/SMBtdis.31.req len 39
  7127. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7128.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7129. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7130.   NT user token: (NULL)
  7131. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7132.   UNIX token of user 0
  7133.   Primary group is 0 and contains 0 supplementary groups
  7134. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7135.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7136. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7137.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7138. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7139.   NT user token: (NULL)
  7140. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7141.   UNIX token of user 0
  7142.   Primary group is 0 and contains 0 supplementary groups
  7143. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7144.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7145. [2010/02/14 20:52:57,  3] smbd/service.c:close_cnum(1409)
  7146.   hds-virtbox1 (::ffff:192.168.1.183) closed connection to service IPC$
  7147. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  7148.   Yielding connection to IPC$
  7149. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  7150.   Locking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7151. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  7152.   Allocated locked data 0x0x111a940
  7153. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  7154.   Unlocking key BC5500000100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7155. [2010/02/14 20:52:57,  4] smbd/vfs.c:vfs_ChDir(733)
  7156.   vfs_ChDir to /
  7157. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7158.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7159. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7160.   NT user token: (NULL)
  7161. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7162.   UNIX token of user 0
  7163.   Primary group is 0 and contains 0 supplementary groups
  7164. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7165.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7166. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7167. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7168.   size=35
  7169.   smb_com=0x71
  7170.   smb_rcls=0
  7171.   smb_reh=0
  7172.   smb_err=0
  7173.   smb_flg=136
  7174.   smb_flg2=51201
  7175.   smb_tid=1
  7176.   smb_pid=65279
  7177.   smb_uid=100
  7178.   smb_mid=2048
  7179.   smt_wct=0
  7180.   smb_bcc=0
  7181. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7182.   run_events: Nothing to do
  7183. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7184.   run_events: Nothing to do
  7185. [2010/02/14 20:52:57,  5] lib/util_sock.c:read_socket_with_timeout(928)
  7186.   read_socket_with_timeout: blocking read. EOF from client.
  7187. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
  7188.   receive_smb_raw: NT_STATUS_END_OF_FILE
  7189. [2010/02/14 20:52:57,  3] smbd/process.c:smbd_process(2056)
  7190.   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
  7191. [2010/02/14 20:52:57,  5] lib/gencache.c:gencache_shutdown(93)
  7192.   Closing cache file
  7193. [2010/02/14 20:52:57,  5] libsmb/namecache.c:namecache_shutdown(81)
  7194.   namecache_shutdown: netbios namecache closed successfully.
  7195. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7196.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7197. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7198.   NT user token: (NULL)
  7199. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7200.   UNIX token of user 0
  7201.   Primary group is 0 and contains 0 supplementary groups
  7202. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7203.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7204. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  7205.   Yielding connection to
  7206. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  7207.   Locking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7208. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  7209.   Allocated locked data 0x0x1108860
  7210. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  7211.   Unlocking key BC550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7212. [2010/02/14 20:52:57,  3] smbd/server.c:exit_server_common(949)
  7213.   Server exit (normal exit)
  7214. [2010/02/14 20:52:57,  6] param/loadparm.c:lp_file_list_changed(6729)
  7215.   lp_file_list_changed()
  7216.   file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf  last mod_time: Thu Feb 11 11:51:52 2010
  7217.  
  7218.   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Thu Feb 11 16:28:47 2010
  7219.  
  7220. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info_map(206)
  7221.   make_user_info_map: Mapping user [SEMARKIT]\[Admin] from workstation [HDS-VIRTBOX1]
  7222. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7223.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  7224. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7225.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  7226. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7227.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  7228. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7229.   NT user token: (NULL)
  7230. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7231.   UNIX token of user 0
  7232.   Primary group is 0 and contains 0 supplementary groups
  7233. [2010/02/14 20:52:57,  5] auth/auth_util.c:is_trusted_domain(2055)
  7234.   is_trusted_domain: Checking for domain trust with [SEMARKIT]
  7235. [2010/02/14 20:52:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823)
  7236.   ldapsam_get_trusteddom_pw called for domain SEMARKIT
  7237. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  7238.   smbldap_search_ext: base => [sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SEMARKIT))], scope => [2]
  7239. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_close(1110)
  7240.   The connection to the LDAP server was closed
  7241. [2010/02/14 20:52:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616)
  7242.   smb_ldap_setup_connection: ldap://127.0.0.1:389
  7243. [2010/02/14 20:52:57,  2] lib/smbldap.c:smbldap_open_connection(796)
  7244.   smbldap_open_connection: connection opened
  7245. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_connect_system(961)
  7246.   ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389 as "cn=admin,dc=semarkit,dc=dk"
  7247. [2010/02/14 20:52:57,  3] lib/smbldap.c:smbldap_connect_system(1007)
  7248.   ldap_connect_system: successful connection to the LDAP server
  7249.   ldap_connect_system: LDAP server does support paged results
  7250. [2010/02/14 20:52:57, 10] lib/events.c:event_add_timed(128)
  7251.   Added timed event "smbldap_idle_fn": 1032a60
  7252. [2010/02/14 20:52:57,  4] lib/smbldap.c:smbldap_open(1090)
  7253.   The LDAP server is successfully connected
  7254. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_search_ext(1271)
  7255.   Failed search for base: sambaDomainName=SEMARKIT,sambaDomainName=SEMARKIT,dc=semarkit,dc=dk, error: 32 (No such object) (unknown)
  7256. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7257.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  7258. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(194)
  7259.   Cache entry with key = TDOM/SEMARKIT couldn't be found
  7260. [2010/02/14 20:52:57,  5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183)
  7261.   no entry for trusted domain SEMARKIT found.
  7262. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(120)
  7263.   attempting to make a user_info for Admin (Admin)
  7264. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(130)
  7265.   making strings for Admin's user_info struct
  7266. [2010/02/14 20:52:57,  5] auth/auth_util.c:make_user_info(162)
  7267.   making blobs for Admin's user_info struct
  7268. [2010/02/14 20:52:57, 10] auth/auth_util.c:make_user_info(180)
  7269.   made an encrypted user_info for Admin (Admin)
  7270. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(220)
  7271.   check_ntlm_password:  Checking password for unmapped user [SEMARKIT]\[Admin]@[HDS-VIRTBOX1] with the new password interface
  7272. [2010/02/14 20:52:57,  3] auth/auth.c:check_ntlm_password(223)
  7273.   check_ntlm_password:  mapped user is: [SEMARKIT]\[Admin]@[HDS-VIRTBOX1]
  7274. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(232)
  7275.   check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
  7276. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(234)
  7277.   challenge is:
  7278. [2010/02/14 20:52:57,  5] lib/util.c:dump_data(2223)
  7279.   [000] AC 05 48 7F D1 94 0E FD                           ..H.....
  7280. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
  7281.   check_ntlm_password: guest had nothing to say
  7282. [2010/02/14 20:52:57,  8] lib/util.c:is_myname(2098)
  7283.   is_myname("SEMARKIT") returns 0
  7284. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7285.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  7286. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7287.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  7288. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7289.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  7290. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7291.   NT user token: (NULL)
  7292. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7293.   UNIX token of user 0
  7294.   Primary group is 0 and contains 0 supplementary groups
  7295. [2010/02/14 20:52:57,  5] lib/smbldap.c:smbldap_search_ext(1207)
  7296.   smbldap_search_ext: base => [dc=semarkit,dc=dk], filter => [(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
  7297. [2010/02/14 20:52:57, 11] lib/smbldap.c:smbldap_open(1063)
  7298.   smbldap_open: already connected to the LDAP server
  7299. [2010/02/14 20:52:57,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
  7300.   init_sam_from_ldap: Entry found for user: Admin
  7301. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
  7302.   pdb_set_username: setting username Admin, was
  7303. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7304.   element 12 -> now SET
  7305. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
  7306.   pdb_set_domain: setting domain SEMARKIT, was
  7307. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7308.   element 14 -> now DEFAULT
  7309. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
  7310.   pdb_set_nt_username: setting nt username Admin, was
  7311. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7312.   element 15 -> now SET
  7313. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522)
  7314.   pdb_set_user_sid_from_string: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  7315. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
  7316.   pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  7317. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7318.   element 18 -> now SET
  7319. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(263)
  7320.   element 18: SET
  7321. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7322.   element 21 -> now SET
  7323. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7324.   element 5 -> now SET
  7325. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7326.   element 6 -> now SET
  7327. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7328.   element 7 -> now SET
  7329. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7330.   element 9 -> now SET
  7331. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7332.   element 10 -> now SET
  7333. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7334.   attribute displayName does not exist
  7335. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
  7336.   pdb_set_full_name: setting full name Admin, was
  7337. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7338.   element 13 -> now SET
  7339. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7340.   attribute sambaHomeDrive does not exist
  7341. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
  7342.   pdb_set_dir_drive: setting dir drive H:, was NULL
  7343. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7344.   element 3 -> now DEFAULT
  7345. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7346.   attribute sambaHomePath does not exist
  7347. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
  7348.   pdb_set_homedir: setting home dir \\hds-linux\admin, was
  7349. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7350.   element 1 -> now DEFAULT
  7351. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7352.   attribute sambaLogonScript does not exist
  7353. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
  7354.   pdb_set_logon_script: setting logon script scripts/logon.bat, was
  7355. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7356.   element 4 -> now DEFAULT
  7357. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7358.   attribute sambaProfilePath does not exist
  7359. [2010/02/14 20:52:57,  4] lib/substitute.c:automount_server(500)
  7360.   Home server: hds-linux
  7361. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
  7362.   pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
  7363. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7364.   element 2 -> now DEFAULT
  7365. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7366.   attribute description does not exist
  7367. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7368.   attribute sambaUserWorkstations does not exist
  7369. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7370.   attribute sambaMungedDial does not exist
  7371. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7372.   element 32 -> now SET
  7373. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7374.   element 33 -> now SET
  7375. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7376.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  7377. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7378.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  7379. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7380.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  7381. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7382.   NT user token: (NULL)
  7383. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7384.   UNIX token of user 0
  7385.   Primary group is 0 and contains 0 supplementary groups
  7386. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  7387.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  7388.   , timeout = Sun Feb 14 20:53:57 2010
  7389. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  7390.   ldapsam_get_account_policy: got valid value from cache
  7391. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7392.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  7393. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7394.   element 20 -> now SET
  7395. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7396.   element 16 -> now SET
  7397. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7398.   element 17 -> now SET
  7399. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7400.   attribute sambaBadPasswordCount does not exist
  7401. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7402.   attribute sambaBadPasswordTime does not exist
  7403. [2010/02/14 20:52:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309)
  7404.   attribute sambaLogonHours does not exist
  7405. [2010/02/14 20:52:57,  5] passdb/login_cache.c:login_cache_init(40)
  7406.   Opening cache file at /var/cache/samba/login_cache.tdb
  7407. [2010/02/14 20:52:57,  7] passdb/login_cache.c:login_cache_read(86)
  7408.   Looking up login cache for user Admin
  7409. [2010/02/14 20:52:57,  7] passdb/login_cache.c:login_cache_read(100)
  7410.   No cache entry found
  7411. [2010/02/14 20:52:57,  9] passdb/pdb_ldap.c:init_sam_from_ldap(1054)
  7412.   No cache entry, bad count = 0, bad time = 0
  7413. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(471)
  7414.   element 35 -> now CHANGED
  7415. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7416.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  7417. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7418.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  7419. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7420.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  7421. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7422.   NT user token: (NULL)
  7423. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7424.   UNIX token of user 0
  7425.   Primary group is 0 and contains 0 supplementary groups
  7426. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  7427.   Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
  7428.   , timeout = Sun Feb 14 20:53:57 2010
  7429. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  7430.   ldapsam_get_account_policy: got valid value from cache
  7431. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7432.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  7433. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_alloc(133)
  7434.   Finding user Admin
  7435. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(77)
  7436.   Trying _Get_Pwnam(), username as lowercase is admin
  7437. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(85)
  7438.   Trying _Get_Pwnam(), username as given is Admin
  7439. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(95)
  7440.   Trying _Get_Pwnam(), username as uppercase is ADMIN
  7441. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(104)
  7442.   Checking combinations of 0 uppercase letters in admin
  7443. [2010/02/14 20:52:57,  5] lib/username.c:Get_Pwnam_internals(110)
  7444.   Get_Pwnam_internals didn't find user [Admin]!
  7445. [2010/02/14 20:52:57,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
  7446.   pdb_get_group_sid: Failed to find Unix account for Admin
  7447. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  7448.   element 3: DEFAULT
  7449. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  7450.   element 1: DEFAULT
  7451. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  7452.   element 4: DEFAULT
  7453. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_get_init_flags(273)
  7454.   element 2: DEFAULT
  7455. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7456.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  7457. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7458.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  7459. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7460.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  7461. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7462.   NT user token: (NULL)
  7463. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7464.   UNIX token of user 0
  7465.   Primary group is 0 and contains 0 supplementary groups
  7466. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  7467.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  7468.   , timeout = Sun Feb 14 20:53:57 2010
  7469. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  7470.   ldapsam_get_account_policy: got valid value from cache
  7471. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7472.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  7473. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  7474.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 196
  7475. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_pack_va(501)
  7476.   tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
  7477. [2010/02/14 20:52:57, 18] lib/util_tdb.c:tdb_unpack(655)
  7478.   tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 196) -> 196
  7479. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7480.   element 5 -> now SET
  7481. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7482.   element 6 -> now SET
  7483. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7484.   element 7 -> now SET
  7485. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7486.   element 8 -> now SET
  7487. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7488.   element 9 -> now SET
  7489. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7490.   element 10 -> now SET
  7491. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7492.   element 21 -> now SET
  7493. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_username(580)
  7494.   pdb_set_username: setting username Admin, was
  7495. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7496.   element 12 -> now SET
  7497. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603)
  7498.   pdb_set_domain: setting domain SEMARKIT, was
  7499. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7500.   element 14 -> now SET
  7501. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626)
  7502.   pdb_set_nt_username: setting nt username Admin, was
  7503. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7504.   element 15 -> now SET
  7505. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649)
  7506.   pdb_set_full_name: setting full name Admin, was
  7507. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7508.   element 13 -> now SET
  7509. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742)
  7510.   pdb_set_homedir: setting home dir \\hds-linux\admin, was
  7511. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7512.   element 1 -> now DEFAULT
  7513. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718)
  7514.   pdb_set_dir_drive: setting dir drive H:, was NULL
  7515. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7516.   element 3 -> now DEFAULT
  7517. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672)
  7518.   pdb_set_logon_script: setting logon script scripts/logon.bat, was
  7519. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7520.   element 4 -> now DEFAULT
  7521. [2010/02/14 20:52:57,  4] lib/substitute.c:automount_server(500)
  7522.   Home server: hds-linux
  7523. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695)
  7524.   pdb_set_profile_path: setting profile path \\hds-linux\admin\profile, was
  7525. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(494)
  7526.   element 2 -> now DEFAULT
  7527. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7528.   element 23 -> now SET
  7529. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785)
  7530.   pdb_set_workstations: setting workstations , was
  7531. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7532.   element 24 -> now SET
  7533. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7534.   element 26 -> now SET
  7535. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7536.   element 33 -> now SET
  7537. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7538.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
  7539. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7540.   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
  7541. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7542.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
  7543. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7544.   NT user token: (NULL)
  7545. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7546.   UNIX token of user 0
  7547.   Primary group is 0 and contains 0 supplementary groups
  7548. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  7549.   Returning valid cache entry: key = ACCT_POL/password history, value = 0
  7550.   , timeout = Sun Feb 14 20:53:57 2010
  7551. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  7552.   ldapsam_get_account_policy: got valid value from cache
  7553. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7554.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
  7555. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7556.   element 34 -> now SET
  7557. [2010/02/14 20:52:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509)
  7558.   pdb_set_user_sid: setting user sid S-1-5-21-2934603361-1946261283-2740193522-500
  7559. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7560.   element 18 -> now SET
  7561. [2010/02/14 20:52:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72)
  7562.   pdb_set_user_sid_from_rid:
  7563.         setting user sid S-1-5-21-2934603361-1946261283-2740193522-500 from rid 500
  7564. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7565.   element 16 -> now SET
  7566. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7567.   element 29 -> now SET
  7568. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7569.   element 30 -> now SET
  7570. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7571.   element 31 -> now SET
  7572. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7573.   element 20 -> now SET
  7574. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7575.   element 17 -> now SET
  7576. [2010/02/14 20:52:57, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
  7577.   element 27 -> now SET
  7578. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7579.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  7580. [2010/02/14 20:52:57,  9] passdb/passdb.c:pdb_update_autolock_flag(1417)
  7581.   pdb_update_autolock_flag: Account Admin not autolocked, no check needed
  7582. [2010/02/14 20:52:57,  4] libsmb/ntlm_check.c:ntlm_password_check(328)
  7583.   ntlm_password_check: Checking NT MD4 password
  7584. [2010/02/14 20:52:57,  4] auth/auth_sam.c:sam_account_ok(137)
  7585.   sam_account_ok: Checking SMB password for user Admin
  7586. [2010/02/14 20:52:57,  5] auth/auth_sam.c:logon_hours_ok(119)
  7587.   logon_hours_ok: user Admin allowed to logon at this time (Sun Feb 14 20:52:57 2010
  7588.   )
  7589. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7590.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  7591. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7592.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  7593. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7594.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  7595. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7596.   NT user token: (NULL)
  7597. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7598.   UNIX token of user 0
  7599.   Primary group is 0 and contains 0 supplementary groups
  7600. [2010/02/14 20:52:57, 10] lib/gencache.c:gencache_get(208)
  7601.   Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295
  7602.   , timeout = Sun Feb 14 20:53:57 2010
  7603. [2010/02/14 20:52:57, 11] passdb/pdb_ldap.c:ldapsam_get_account_policy(3914)
  7604.   ldapsam_get_account_policy: got valid value from cache
  7605. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7606.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  7607. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  7608.   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
  7609. [2010/02/14 20:52:57,  3] smbd/uid.c:push_conn_ctx(357)
  7610.   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
  7611. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7612.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
  7613. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7614.   NT user token: (NULL)
  7615. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7616.   UNIX token of user 0
  7617.   Primary group is 0 and contains 0 supplementary groups
  7618. [2010/02/14 20:52:57,  1] auth/auth_util.c:make_server_info_sam(562)
  7619.   User Admin in passdb, but getpwnam() fails!
  7620. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  7621.   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
  7622. [2010/02/14 20:52:57,  0] auth/auth_sam.c:check_sam_security(355)
  7623.   check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
  7624. [2010/02/14 20:52:57,  5] auth/auth.c:check_ntlm_password(272)
  7625.   check_ntlm_password: sam authentication for user [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
  7626. [2010/02/14 20:52:57,  3] auth/auth_winbind.c:check_winbind_security(54)
  7627.   check_winbind_security: Not using winbind, requested domain [SEMARKIT] was for this SAM.
  7628. [2010/02/14 20:52:57, 10] auth/auth.c:check_ntlm_password(260)
  7629.   check_ntlm_password: winbind had nothing to say
  7630. [2010/02/14 20:52:57,  2] auth/auth.c:check_ntlm_password(318)
  7631.   check_ntlm_password:  Authentication for user [Admin] -> [Admin] FAILED with error NT_STATUS_NO_SUCH_USER
  7632. [2010/02/14 20:52:57,  5] auth/auth_util.c:free_user_info(1985)
  7633.   attempting to free (and zero) a user_info structure
  7634. [2010/02/14 20:52:57, 10] auth/auth_util.c:free_user_info(1989)
  7635.   structure was created for Admin
  7636. [2010/02/14 20:52:57,  3] smbd/error.c:error_packet_set(61)
  7637.   error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
  7638. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(642)
  7639. [2010/02/14 20:52:57,  5] lib/util.c:show_msg(652)
  7640.   size=35
  7641.   smb_com=0x73
  7642.   smb_rcls=109
  7643.   smb_reh=0
  7644.   smb_err=49152
  7645.   smb_flg=136
  7646.   smb_flg2=51201
  7647.   smb_tid=0
  7648.   smb_pid=65279
  7649.   smb_uid=100
  7650.   smb_mid=128
  7651.   smt_wct=0
  7652.   smb_bcc=0
  7653. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7654.   run_events: Nothing to do
  7655. [2010/02/14 20:52:57, 11] lib/events.c:run_events(257)
  7656.   run_events: Nothing to do
  7657. [2010/02/14 20:52:57,  5] lib/util_sock.c:read_socket_with_timeout(928)
  7658.   read_socket_with_timeout: blocking read. EOF from client.
  7659. [2010/02/14 20:52:57, 10] smbd/process.c:receive_smb_raw_talloc(276)
  7660.   receive_smb_raw: NT_STATUS_END_OF_FILE
  7661. [2010/02/14 20:52:57,  3] smbd/process.c:smbd_process(2056)
  7662.   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
  7663. [2010/02/14 20:52:57,  5] lib/gencache.c:gencache_shutdown(93)
  7664.   Closing cache file
  7665. [2010/02/14 20:52:57,  5] libsmb/namecache.c:namecache_shutdown(81)
  7666.   namecache_shutdown: netbios namecache closed successfully.
  7667. [2010/02/14 20:52:57,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  7668.   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  7669. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_nt_user_token(464)
  7670.   NT user token: (NULL)
  7671. [2010/02/14 20:52:57,  5] auth/token_util.c:debug_unix_user_token(490)
  7672.   UNIX token of user 0
  7673.   Primary group is 0 and contains 0 supplementary groups
  7674. [2010/02/14 20:52:57,  5] smbd/uid.c:change_to_root_user(287)
  7675.   change_to_root_user: now uid=(0,0) gid=(0,0)
  7676. [2010/02/14 20:52:57,  3] smbd/connection.c:yield_connection(31)
  7677.   Yielding connection to
  7678. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100)
  7679.   Locking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7680. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129)
  7681.   Allocated locked data 0x0x1108350
  7682. [2010/02/14 20:52:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42)
  7683.   Unlocking key BE550000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  7684. [2010/02/14 20:52:57,  3] smbd/server.c:exit_server_common(949)
  7685.   Server exit (normal exit)
RAW Paste Data