Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@fs2:/var/log/samba# cat log.wb-FS2
- [2017/04/25 22:48:13.733639, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 33 - private_data=(nil)
- [2017/04/25 22:48:13.733705, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 13 - private_data=(nil)
- [2017/04/25 22:48:13.733723, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1028 - private_data=(nil)
- [2017/04/25 22:48:13.733741, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1027 - private_data=(nil)
- [2017/04/25 22:48:13.733757, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1029 - private_data=(nil)
- [2017/04/25 22:48:13.733774, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1280 - private_data=(nil)
- [2017/04/25 22:48:13.733790, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1033 - private_data=(nil)
- [2017/04/25 22:48:13.733807, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1 - private_data=(nil)
- [2017/04/25 22:48:13.733823, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1036 - private_data=(nil)
- [2017/04/25 22:48:13.733841, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
- Deregistering messaging pointer for type 1035 - private_data=(nil)
- [2017/04/25 22:48:13.734002, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
- Registering messaging pointer for type 1028 - private_data=(nil)
- [2017/04/25 22:48:13.734029, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
- Registering messaging pointer for type 1027 - private_data=(nil)
- [2017/04/25 22:48:13.734046, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
- Registering messaging pointer for type 1280 - private_data=(nil)
- [2017/04/25 22:48:13.734063, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
- Registering messaging pointer for type 1 - private_data=(nil)
- [2017/04/25 22:48:13.734080, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
- Registering messaging pointer for type 1034 - private_data=(nil)
- [2017/04/25 22:48:13.734097, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:399(messaging_register)
- Overriding messaging pointer for type 1034 - private_data=(nil)
- [2017/04/25 22:48:13.734157, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 40 extra bytes
- [2017/04/25 22:48:13.734191, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.734212, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.734236, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (FS2)
- [2017/04/25 22:48:13.734290, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupName: struct wbint_LookupName
- in: struct wbint_LookupName
- domain : *
- domain : 'FS2'
- name : *
- name : 'NOBODY'
- flags : 0x00000008 (8)
- [2017/04/25 22:48:13.734420, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2374(set_dc_type_and_flags)
- set_dc_type_and_flags: setting up flags for primary or internal domain
- [2017/04/25 22:48:13.734451, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2186(set_dc_type_and_flags_connect)
- set_dc_type_and_flags_connect: domain FS2
- [2017/04/25 22:48:13.734641, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.734685, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe dssetup
- [2017/04/25 22:48:13.734706, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe dssetup
- [2017/04/25 22:48:13.734808, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.734883, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection dssetup
- [2017/04/25 22:48:13.734905, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2222(set_dc_type_and_flags_connect)
- set_dc_type_and_flags_connect: rpccli_ds_getprimarydominfo on domain FS2 failed: (NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)
- [2017/04/25 22:48:13.734944, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.734966, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.734985, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.735020, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.735078, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy2: struct lsa_OpenPolicy2
- in: struct lsa_OpenPolicy2
- system_name : NULL
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.735336, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.735375, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.735403, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.735431, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.735486, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy2: struct lsa_OpenPolicy2
- out: struct lsa_OpenPolicy2
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.735593, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
- in: struct lsa_QueryInfoPolicy2
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000001-0000-0000-ff58-0db6780e0000
- level : LSA_POLICY_INFO_DNS (12)
- [2017/04/25 22:48:13.735687, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend smbpasswd
- [2017/04/25 22:48:13.735725, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'smbpasswd'
- [2017/04/25 22:48:13.735744, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend tdbsam
- [2017/04/25 22:48:13.735771, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'tdbsam'
- [2017/04/25 22:48:13.735789, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend wbc_sam
- [2017/04/25 22:48:13.735808, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'wbc_sam'
- [2017/04/25 22:48:13.735824, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend samba_dsdb
- [2017/04/25 22:48:13.735843, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'samba_dsdb'
- [2017/04/25 22:48:13.735859, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend samba4
- [2017/04/25 22:48:13.735875, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'samba4'
- [2017/04/25 22:48:13.735907, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend ldapsam
- [2017/04/25 22:48:13.735927, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'ldapsam'
- [2017/04/25 22:48:13.735945, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend NDS_ldapsam
- [2017/04/25 22:48:13.735964, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'NDS_ldapsam'
- [2017/04/25 22:48:13.735982, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
- Attempting to register passdb backend IPA_ldapsam
- [2017/04/25 22:48:13.735999, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
- Successfully added passdb backend 'IPA_ldapsam'
- [2017/04/25 22:48:13.736016, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:154(make_pdb_method_name)
- Attempting to find a passdb backend to match tdbsam (tdbsam)
- [2017/04/25 22:48:13.736035, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:175(make_pdb_method_name)
- Found pdb backend tdbsam
- [2017/04/25 22:48:13.736062, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:186(make_pdb_method_name)
- pdb backend tdbsam has a valid init
- [2017/04/25 22:48:13.736103, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.736325, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.736347, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.736381, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.736403, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.736450, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.736555, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
- in: struct lsa_QueryInfoPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000002-0000-0000-ff58-0db6780e0000
- level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5)
- [2017/04/25 22:48:13.736618, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.736813, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
- out: struct lsa_QueryInfoPolicy
- info : *
- info : *
- info : union lsa_PolicyInformation(case 5)
- account_domain: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.736970, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2350(set_dc_type_and_flags_connect)
- set_dc_type_and_flags_connect: domain FS2 is NOT in native mode.
- [2017/04/25 22:48:13.736990, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2353(set_dc_type_and_flags_connect)
- set_dc_type_and_flags_connect: domain FS2 is NOT running active directory.
- [2017/04/25 22:48:13.737008, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.737044, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1873(name_to_sid)
- name_to_sid: [Cached] - doing backend query for name for domain FS2
- [2017/04/25 22:48:13.737068, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:548(sam_name_to_sid)
- sam_name_to_sid
- [2017/04/25 22:48:13.737099, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.737133, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.737152, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.737186, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.737213, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.737425, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.737447, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.737470, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.737490, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.737542, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.737622, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_rpc.c:303(rpc_name_to_sid)
- name_to_sid: FS2\NOBODY for domain FS2
- [2017/04/25 22:48:13.737685, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupNames: struct lsa_LookupNames
- in: struct lsa_LookupNames
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-ff58-0db6780e0000
- num_names : 0x00000001 (1)
- names: ARRAY(1)
- names: struct lsa_String
- length : 0x0014 (20)
- size : 0x0014 (20)
- string : *
- string : 'FS2\NOBODY'
- sids : *
- sids: struct lsa_TransSidArray
- count : 0x00000000 (0)
- sids : NULL
- level : LSA_LOOKUP_NAMES_ALL (1)
- count : *
- count : 0x00000000 (0)
- [2017/04/25 22:48:13.737855, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.737904, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:163(lookup_lsa_rids)
- lookup_lsa_rids: looking up name FS2\NOBODY
- [2017/04/25 22:48:13.737974, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name)
- lookup_name: FS2\NOBODY => domain=[FS2], name=[NOBODY]
- [2017/04/25 22:48:13.737997, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name)
- lookup_name: flags = 0x073
- [2017/04/25 22:48:13.738231, 4, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:558(tdbsam_open)
- tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb
- [2017/04/25 22:48:13.738287, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2017/04/25 22:48:13.738308, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
- pdb_set_domain: setting domain FS2, was
- [2017/04/25 22:48:13.738326, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username)
- pdb_set_nt_username: setting nt username , was
- [2017/04/25 22:48:13.738344, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2017/04/25 22:48:13.738366, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
- Home server: fs2
- [2017/04/25 22:48:13.738396, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir)
- pdb_set_homedir: setting home dir \\fs2\nobody, was
- [2017/04/25 22:48:13.738415, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive)
- pdb_set_dir_drive: setting dir drive , was NULL
- [2017/04/25 22:48:13.738434, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script)
- pdb_set_logon_script: setting logon script , was
- [2017/04/25 22:48:13.738451, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
- Home server: fs2
- [2017/04/25 22:48:13.738471, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path)
- pdb_set_profile_path: setting profile path \\fs2\nobody\profile, was
- [2017/04/25 22:48:13.738490, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations)
- pdb_set_workstations: setting workstations , was
- [2017/04/25 22:48:13.738583, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
- account_policy_get: name: password history, val: 0
- [2017/04/25 22:48:13.738606, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.738629, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
- [2017/04/25 22:48:13.738680, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
- account_policy_get: name: maximum password age, val: -1
- [2017/04/25 22:48:13.738706, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
- Finding user nobody
- [2017/04/25 22:48:13.738724, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2017/04/25 22:48:13.740094, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2017/04/25 22:48:13.740195, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1278(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 65534
- [2017/04/25 22:48:13.740321, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.740353, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.740411, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1141(legacy_gid_to_sid)
- LEGACY: gid 65534 -> sid S-1-22-2-65534
- [2017/04/25 22:48:13.740448, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.740477, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.740529, 3, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1631(get_primary_group_sid)
- Forcing Primary Group to 'Domain Users' for nobody
- [2017/04/25 22:48:13.740561, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
- account_policy_get: name: password history, val: 0
- [2017/04/25 22:48:13.740597, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2017/04/25 22:48:13.740624, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
- pdb_set_domain: setting domain FS2, was
- [2017/04/25 22:48:13.740641, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username)
- pdb_set_nt_username: setting nt username , was
- [2017/04/25 22:48:13.740679, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2017/04/25 22:48:13.740699, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
- Home server: fs2
- [2017/04/25 22:48:13.740723, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir)
- pdb_set_homedir: setting home dir \\fs2\nobody, was
- [2017/04/25 22:48:13.740741, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive)
- pdb_set_dir_drive: setting dir drive , was NULL
- [2017/04/25 22:48:13.740759, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script)
- pdb_set_logon_script: setting logon script , was
- [2017/04/25 22:48:13.740812, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
- Home server: fs2
- [2017/04/25 22:48:13.740833, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path)
- pdb_set_profile_path: setting profile path \\fs2\nobody\profile, was
- [2017/04/25 22:48:13.740851, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations)
- pdb_set_workstations: setting workstations , was
- [2017/04/25 22:48:13.740876, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
- account_policy_get: name: password history, val: 0
- [2017/04/25 22:48:13.740895, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.740915, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
- [2017/04/25 22:48:13.740944, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:557(pdb_set_group_sid)
- pdb_set_group_sid: setting group sid S-1-5-21-2215787217-3459875347-284659480-513
- [2017/04/25 22:48:13.741121, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:176(lookup_lsa_rids)
- init_lsa_rids: FS2\NOBODY found
- [2017/04/25 22:48:13.741150, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupNames: struct lsa_LookupNames
- out: struct lsa_LookupNames
- domains : *
- domains : *
- domains: struct lsa_RefDomainList
- count : 0x00000001 (1)
- domains : *
- domains: ARRAY(1)
- domains: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- max_size : 0x00000020 (32)
- sids : *
- sids: struct lsa_TransSidArray
- count : 0x00000001 (1)
- sids : *
- sids: ARRAY(1)
- sids: struct lsa_TranslatedSid
- sid_type : SID_NAME_USER (1)
- rid : 0x000001f5 (501)
- sid_index : 0x00000000 (0)
- count : *
- count : 0x00000001 (1)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.741530, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000003-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.741604, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.741664, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.741709, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.741728, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.741803, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.741860, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:423(wcache_fetch_seqnum)
- wcache_fetch_seqnum: FS2 not found
- [2017/04/25 22:48:13.741885, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4736(wcache_tdc_fetch_domain)
- wcache_tdc_fetch_domain: Searching for domain FS2
- [2017/04/25 22:48:13.741925, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4751(wcache_tdc_fetch_domain)
- wcache_tdc_fetch_domain: Found domain FS2
- [2017/04/25 22:48:13.742016, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:991(sam_sequence_number)
- samr: sequence number
- [2017/04/25 22:48:13.742062, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested samr
- [2017/04/25 22:48:13.742085, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe samr
- [2017/04/25 22:48:13.742102, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe samr
- [2017/04/25 22:48:13.742157, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe samr
- [2017/04/25 22:48:13.742195, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Connect2: struct samr_Connect2
- in: struct samr_Connect2
- system_name : NULL
- access_mask : 0x02000000 (33554432)
- 0: SAMR_ACCESS_CONNECT_TO_SERVER
- 0: SAMR_ACCESS_SHUTDOWN_SERVER
- 0: SAMR_ACCESS_INITIALIZE_SERVER
- 0: SAMR_ACCESS_CREATE_DOMAIN
- 0: SAMR_ACCESS_ENUM_DOMAINS
- 0: SAMR_ACCESS_LOOKUP_DOMAIN
- [2017/04/25 22:48:13.742282, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3866(_samr_Connect2)
- _samr_Connect2: 3866
- [2017/04/25 22:48:13.742315, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f003f
- [2017/04/25 22:48:13.742337, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.742372, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f)
- [2017/04/25 22:48:13.742393, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.742562, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3895(_samr_Connect2)
- _samr_Connect2: 3895
- [2017/04/25 22:48:13.742581, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Connect2: struct samr_Connect2
- out: struct samr_Connect2
- connect_handle : *
- connect_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000004-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.742687, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenDomain: struct samr_OpenDomain
- in: struct samr_OpenDomain
- connect_handle : *
- connect_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000004-0000-0000-ff58-0db6780e0000
- access_mask : 0x02000000 (33554432)
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
- 0: SAMR_DOMAIN_ACCESS_CREATE_USER
- 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
- 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
- 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
- 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- [2017/04/25 22:48:13.742845, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.742894, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
- found handle of type struct samr_connect_info
- [2017/04/25 22:48:13.742914, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
- [2017/04/25 22:48:13.743003, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
- access_check_object: user rights access mask [0x3f0]
- [2017/04/25 22:48:13.743021, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f040f)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.743043, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _samr_OpenDomain: access GRANTED (requested: 0x000f040f, granted: 0x000f07ff)
- [2017/04/25 22:48:13.743063, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[2] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.743126, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain)
- _samr_OpenDomain: 500
- [2017/04/25 22:48:13.743146, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenDomain: struct samr_OpenDomain
- out: struct samr_OpenDomain
- domain_handle : *
- domain_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.743231, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_QueryDomainInfo: struct samr_QueryDomainInfo
- in: struct samr_QueryDomainInfo
- domain_handle : *
- domain_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-ff58-0db6780e0000
- level : DomainModifiedInformation (8)
- [2017/04/25 22:48:13.743300, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3499(_samr_QueryDomainInfo)
- _samr_QueryDomainInfo: 3499
- [2017/04/25 22:48:13.743318, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.743363, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
- found handle of type struct samr_domain_info
- [2017/04/25 22:48:13.743383, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3589(_samr_QueryDomainInfo)
- _samr_QueryDomainInfo: 3589
- [2017/04/25 22:48:13.743400, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_QueryDomainInfo: struct samr_QueryDomainInfo
- out: struct samr_QueryDomainInfo
- info : *
- info : *
- info : union samr_DomainInfo(case 8)
- info8: struct samr_DomInfo8
- sequence_num : 0x0000000058ffb60d (1493153293)
- domain_create_time : NTTIME(0)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.743498, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_rpc.c:955(rpc_sequence_number)
- domain_sequence_number: for domain FS2 is 1493153293
- [2017/04/25 22:48:13.743535, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- in: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000005-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.743591, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.743636, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.743722, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- out: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.743820, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection samr
- [2017/04/25 22:48:13.743897, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:499(wcache_store_seqnum)
- wcache_store_seqnum: success [FS2][1493153293 @ 1493153293]
- [2017/04/25 22:48:13.743917, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.743970, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:965(wcache_save_name_to_sid)
- wcache_save_name_to_sid: FS2\NOBODY -> S-1-5-21-2215787217-3459875347-284659480-501 (NT_STATUS_OK)
- [2017/04/25 22:48:13.744014, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
- wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-501 -> FS2\nobody (NT_STATUS_OK)
- [2017/04/25 22:48:13.744034, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupName: struct wbint_LookupName
- out: struct wbint_LookupName
- type : *
- type : SID_NAME_USER (1)
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-501
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.744105, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.744124, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3532 bytes to parent
- [2017/04/25 22:48:13.744485, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 28 extra bytes
- [2017/04/25 22:48:13.744516, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.744536, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.744553, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (FS2)
- [2017/04/25 22:48:13.744578, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_QueryUser: struct wbint_QueryUser
- in: struct wbint_QueryUser
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.744627, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
- query_user: [Cached] - doing backend query for info for domain FS2
- [2017/04/25 22:48:13.744665, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
- sam_query_user
- [2017/04/25 22:48:13.744703, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested samr
- [2017/04/25 22:48:13.744740, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe samr
- [2017/04/25 22:48:13.744759, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe samr
- [2017/04/25 22:48:13.744803, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe samr
- [2017/04/25 22:48:13.744831, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Connect2: struct samr_Connect2
- in: struct samr_Connect2
- system_name : NULL
- access_mask : 0x02000000 (33554432)
- 0: SAMR_ACCESS_CONNECT_TO_SERVER
- 0: SAMR_ACCESS_SHUTDOWN_SERVER
- 0: SAMR_ACCESS_INITIALIZE_SERVER
- 0: SAMR_ACCESS_CREATE_DOMAIN
- 0: SAMR_ACCESS_ENUM_DOMAINS
- 0: SAMR_ACCESS_LOOKUP_DOMAIN
- [2017/04/25 22:48:13.744909, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3866(_samr_Connect2)
- _samr_Connect2: 3866
- [2017/04/25 22:48:13.744930, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f003f
- [2017/04/25 22:48:13.744950, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.744971, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f)
- [2017/04/25 22:48:13.744991, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.745039, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3895(_samr_Connect2)
- _samr_Connect2: 3895
- [2017/04/25 22:48:13.745056, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Connect2: struct samr_Connect2
- out: struct samr_Connect2
- connect_handle : *
- connect_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000006-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.745133, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenDomain: struct samr_OpenDomain
- in: struct samr_OpenDomain
- connect_handle : *
- connect_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000006-0000-0000-ff58-0db6780e0000
- access_mask : 0x02000000 (33554432)
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
- 0: SAMR_DOMAIN_ACCESS_CREATE_USER
- 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
- 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
- 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
- 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
- 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
- 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- [2017/04/25 22:48:13.745291, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.745336, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
- found handle of type struct samr_connect_info
- [2017/04/25 22:48:13.745355, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
- [2017/04/25 22:48:13.745372, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
- access_check_object: user rights access mask [0x3f0]
- [2017/04/25 22:48:13.745389, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f040f)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.745410, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _samr_OpenDomain: access GRANTED (requested: 0x000f040f, granted: 0x000f07ff)
- [2017/04/25 22:48:13.745430, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[2] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.745479, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain)
- _samr_OpenDomain: 500
- [2017/04/25 22:48:13.745497, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenDomain: struct samr_OpenDomain
- out: struct samr_OpenDomain
- domain_handle : *
- domain_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.745587, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenUser: struct samr_OpenUser
- in: struct samr_OpenUser
- domain_handle : *
- domain_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-ff58-0db6780e0000
- access_mask : 0x02000000 (33554432)
- 0: SAMR_USER_ACCESS_GET_NAME_ETC
- 0: SAMR_USER_ACCESS_GET_LOCALE
- 0: SAMR_USER_ACCESS_SET_LOC_COM
- 0: SAMR_USER_ACCESS_GET_LOGONINFO
- 0: SAMR_USER_ACCESS_GET_ATTRIBUTES
- 0: SAMR_USER_ACCESS_SET_ATTRIBUTES
- 0: SAMR_USER_ACCESS_CHANGE_PASSWORD
- 0: SAMR_USER_ACCESS_SET_PASSWORD
- 0: SAMR_USER_ACCESS_GET_GROUPS
- 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
- 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
- rid : 0x000001f5 (501)
- [2017/04/25 22:48:13.745742, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.745790, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
- found handle of type struct samr_domain_info
- [2017/04/25 22:48:13.745824, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
- [2017/04/25 22:48:13.745843, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
- pdb_getsampwsid: Building guest account
- [2017/04/25 22:48:13.745863, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
- Finding user nobody
- [2017/04/25 22:48:13.745881, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2017/04/25 22:48:13.745974, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2017/04/25 22:48:13.745995, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2017/04/25 22:48:13.746015, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2017/04/25 22:48:13.746033, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
- pdb_set_domain: setting domain FS2, was
- [2017/04/25 22:48:13.746053, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.746074, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
- [2017/04/25 22:48:13.746102, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
- access_check_object: user rights access mask [0xd04e4]
- [2017/04/25 22:48:13.746119, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _samr_OpenUser: ACCESS should be DENIED (requested: 0x0002031b)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.746140, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _samr_OpenUser: access GRANTED (requested: 0x0002031b, granted: 0x000f07ff)
- [2017/04/25 22:48:13.746159, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.746208, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_OpenUser: struct samr_OpenUser
- out: struct samr_OpenUser
- user_handle : *
- user_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.746294, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_QueryUserInfo: struct samr_QueryUserInfo
- in: struct samr_QueryUserInfo
- user_handle : *
- user_handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-ff58-0db6780e0000
- level : UserAllInformation (21)
- [2017/04/25 22:48:13.746362, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.746422, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
- found handle of type struct samr_user_info
- [2017/04/25 22:48:13.746443, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2924(_samr_QueryUserInfo)
- _samr_QueryUserInfo: sid:S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.746466, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2931(_samr_QueryUserInfo)
- _samr_QueryUserInfo: user info level: 21
- [2017/04/25 22:48:13.746484, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
- pdb_getsampwsid: Building guest account
- [2017/04/25 22:48:13.746501, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
- Finding user nobody
- [2017/04/25 22:48:13.746518, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2017/04/25 22:48:13.746560, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2017/04/25 22:48:13.746579, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2017/04/25 22:48:13.746597, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2017/04/25 22:48:13.746614, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
- pdb_set_domain: setting domain FS2, was
- [2017/04/25 22:48:13.746632, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.746662, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
- [2017/04/25 22:48:13.746688, 3, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2947(_samr_QueryUserInfo)
- User:[nobody]
- [2017/04/25 22:48:13.746732, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1278(gid_to_sid)
- gid_to_sid: winbind failed to find a sid for gid 65534
- [2017/04/25 22:48:13.746771, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.746802, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.746859, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1141(legacy_gid_to_sid)
- LEGACY: gid 65534 -> sid S-1-22-2-65534
- [2017/04/25 22:48:13.746894, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.746924, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
- failed to unpack map
- [2017/04/25 22:48:13.746975, 3, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1631(get_primary_group_sid)
- Forcing Primary Group to 'Domain Users' for nobody
- [2017/04/25 22:48:13.747021, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3025(_samr_QueryUserInfo)
- _samr_QueryUserInfo: 3025
- [2017/04/25 22:48:13.747039, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_QueryUserInfo: struct samr_QueryUserInfo
- out: struct samr_QueryUserInfo
- info : *
- info : *
- info : union samr_UserInfo(case 21)
- info21: struct samr_UserInfo21
- last_logon : NTTIME(0)
- last_logoff : Di Jan 19 04:14:07 2038 CET
- last_password_change : NTTIME(0)
- acct_expiry : Di Jan 19 04:14:07 2038 CET
- allow_password_change : NTTIME(0)
- force_password_change : NTTIME(0)
- account_name: struct lsa_String
- length : 0x000c (12)
- size : 0x000c (12)
- string : *
- string : 'nobody'
- full_name: struct lsa_String
- length : 0x000c (12)
- size : 0x000c (12)
- string : *
- string : 'nobody'
- home_directory: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- home_drive: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : NULL
- logon_script: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- profile_path: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- description: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- workstations: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- comment: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : *
- string : ''
- parameters: struct lsa_BinaryString
- length : 0x0000 (0)
- size : 0x0000 (0)
- array : *
- array: ARRAY(0)
- lm_owf_password: struct lsa_BinaryString
- length : 0x0000 (0)
- size : 0x0000 (0)
- array : NULL
- nt_owf_password: struct lsa_BinaryString
- length : 0x0000 (0)
- size : 0x0000 (0)
- array : NULL
- private_data: struct lsa_String
- length : 0x0000 (0)
- size : 0x0000 (0)
- string : NULL
- buf_count : 0x00000000 (0)
- buffer : NULL
- rid : 0x000001f5 (501)
- primary_gid : 0x00000201 (513)
- acct_flags : 0x00000010 (16)
- 0: ACB_DISABLED
- 0: ACB_HOMDIRREQ
- 0: ACB_PWNOTREQ
- 0: ACB_TEMPDUP
- 1: ACB_NORMAL
- 0: ACB_MNS
- 0: ACB_DOMTRUST
- 0: ACB_WSTRUST
- 0: ACB_SVRTRUST
- 0: ACB_PWNOEXP
- 0: ACB_AUTOLOCK
- 0: ACB_ENC_TXT_PWD_ALLOWED
- 0: ACB_SMARTCARD_REQUIRED
- 0: ACB_TRUSTED_FOR_DELEGATION
- 0: ACB_NOT_DELEGATED
- 0: ACB_USE_DES_KEY_ONLY
- 0: ACB_DONT_REQUIRE_PREAUTH
- 0: ACB_PW_EXPIRED
- 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
- 0: ACB_NO_AUTH_DATA_REQD
- 0: ACB_PARTIAL_SECRETS_ACCOUNT
- 0: ACB_USE_AES_KEYS
- fields_present : 0x00ffffff (16777215)
- 1: SAMR_FIELD_ACCOUNT_NAME
- 1: SAMR_FIELD_FULL_NAME
- 1: SAMR_FIELD_RID
- 1: SAMR_FIELD_PRIMARY_GID
- 1: SAMR_FIELD_DESCRIPTION
- 1: SAMR_FIELD_COMMENT
- 1: SAMR_FIELD_HOME_DIRECTORY
- 1: SAMR_FIELD_HOME_DRIVE
- 1: SAMR_FIELD_LOGON_SCRIPT
- 1: SAMR_FIELD_PROFILE_PATH
- 1: SAMR_FIELD_WORKSTATIONS
- 1: SAMR_FIELD_LAST_LOGON
- 1: SAMR_FIELD_LAST_LOGOFF
- 1: SAMR_FIELD_LOGON_HOURS
- 1: SAMR_FIELD_BAD_PWD_COUNT
- 1: SAMR_FIELD_NUM_LOGONS
- 1: SAMR_FIELD_ALLOW_PWD_CHANGE
- 1: SAMR_FIELD_FORCE_PWD_CHANGE
- 1: SAMR_FIELD_LAST_PWD_CHANGE
- 1: SAMR_FIELD_ACCT_EXPIRY
- 1: SAMR_FIELD_ACCT_FLAGS
- 1: SAMR_FIELD_PARAMETERS
- 1: SAMR_FIELD_COUNTRY_CODE
- 1: SAMR_FIELD_CODE_PAGE
- 0: SAMR_FIELD_NT_PASSWORD_PRESENT
- 0: SAMR_FIELD_LM_PASSWORD_PRESENT
- 0: SAMR_FIELD_PRIVATE_DATA
- 0: SAMR_FIELD_EXPIRED_FLAG
- 0: SAMR_FIELD_SEC_DESC
- 0: SAMR_FIELD_OWF_PWD
- logon_hours: struct samr_LogonHours
- units_per_week : 0x00a8 (168)
- bits : *
- bits : ffffffffffffffffffffffffffffffffffffffffff
- bad_password_count : 0x0000 (0)
- logon_count : 0x0000 (0)
- country_code : 0x0000 (0)
- code_page : 0x0000 (0)
- lm_password_set : 0x00 (0)
- nt_password_set : 0x00 (0)
- password_expired : 0x01 (1)
- private_data_sensitive : 0x00 (0)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.748492, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- in: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000008-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.748548, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.748597, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.748615, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- out: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.748713, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- in: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000007-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.748773, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.748816, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.748833, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- samr_Close: struct samr_Close
- out: struct samr_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.748902, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection samr
- [2017/04/25 22:48:13.748933, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
- refresh_sequence_number: FS2 time ok
- [2017/04/25 22:48:13.748962, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.749007, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
- wcache_save_user: S-1-5-21-2215787217-3459875347-284659480-501 (acct_name nobody)
- [2017/04/25 22:48:13.749025, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_QueryUser: struct wbint_QueryUser
- out: struct wbint_QueryUser
- info : *
- info: struct wbint_userinfo
- acct_name : *
- acct_name : 'nobody'
- full_name : *
- full_name : 'nobody'
- homedir : NULL
- shell : NULL
- primary_gid : 0x00000000ffffffff (4294967295)
- user_sid : S-1-5-21-2215787217-3459875347-284659480-501
- group_sid : S-1-5-21-2215787217-3459875347-284659480-513
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.749149, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.749168, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3620 bytes to parent
- [2017/04/25 22:48:13.752100, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 36 extra bytes
- [2017/04/25 22:48:13.752133, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.752154, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.752172, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
- [2017/04/25 22:48:13.752204, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- in: struct wbint_LookupRids
- domain_sid : *
- domain_sid : S-1-5-21-2215787217-3459875347-284659480
- rids : *
- rids: struct wbint_RidArray
- num_rids : 0x00000001 (1)
- rids: ARRAY(1)
- rids : 0x000001f5 (501)
- [2017/04/25 22:48:13.752297, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
- sam_rids_to_names for FS2
- [2017/04/25 22:48:13.752334, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.752354, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.752372, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.752409, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.752452, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.752744, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.752766, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.752788, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.752808, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.752855, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.752928, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
- rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
- [2017/04/25 22:48:13.752978, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- in: struct lsa_LookupSids
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-ff58-0db6780e0000
- sids : *
- sids: struct lsa_SidArray
- num_sids : 0x00000001 (1)
- sids : *
- sids: ARRAY(1)
- sids: struct lsa_SidPtr
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-501
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000000 (0)
- names : NULL
- level : LSA_LOOKUP_NAMES_ALL (1)
- count : *
- count : 0x00000000 (0)
- [2017/04/25 22:48:13.753153, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.754901, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
- Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
- [2017/04/25 22:48:13.755638, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
- lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
- [2017/04/25 22:48:13.755679, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 501.
- [2017/04/25 22:48:13.755702, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
- pdb_getsampwsid: Building guest account
- [2017/04/25 22:48:13.755720, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
- Finding user nobody
- [2017/04/25 22:48:13.755738, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
- Trying _Get_Pwnam(), username as lowercase is nobody
- [2017/04/25 22:48:13.755806, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
- Get_Pwnam_internals did find user [nobody]!
- [2017/04/25 22:48:13.755825, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
- pdb_set_username: setting username nobody, was
- [2017/04/25 22:48:13.755845, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
- pdb_set_full_name: setting full name nobody, was
- [2017/04/25 22:48:13.755864, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
- pdb_set_domain: setting domain FS2, was
- [2017/04/25 22:48:13.755884, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
- pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
- [2017/04/25 22:48:13.755905, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
- pdb_set_user_sid_from_rid:
- setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
- [2017/04/25 22:48:13.755934, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
- lookup_rids: nobody:1
- [2017/04/25 22:48:13.755955, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
- num_sids 1, mapped_count 1, status NT_STATUS_OK
- [2017/04/25 22:48:13.755975, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- out: struct lsa_LookupSids
- domains : *
- domains : *
- domains: struct lsa_RefDomainList
- count : 0x00000001 (1)
- domains : *
- domains: ARRAY(1)
- domains: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- max_size : 0x00000020 (32)
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000001 (1)
- names : *
- names: ARRAY(1)
- names: struct lsa_TranslatedName
- sid_type : SID_NAME_USER (1)
- name: struct lsa_String
- length : 0x000c (12)
- size : 0x000c (12)
- string : *
- string : 'nobody'
- sid_index : 0x00000000 (0)
- count : *
- count : 0x00000001 (1)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.757623, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
- LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
- [2017/04/25 22:48:13.757676, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000009-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.757733, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.757779, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.757821, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.757838, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.757909, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.757944, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
- refresh_sequence_number: FS2 time ok
- [2017/04/25 22:48:13.757975, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.758026, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
- wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-501 -> FS2\nobody (NT_STATUS_OK)
- [2017/04/25 22:48:13.758047, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- out: struct wbint_LookupRids
- domain_name : *
- domain_name : *
- domain_name : 'FS2'
- names : *
- names: struct wbint_Principals
- num_principals : 1
- principals: ARRAY(1)
- principals: struct wbint_Principal
- sid : S-1-5-21-2215787217-3459875347-284659480-501
- type : SID_NAME_USER (1)
- name : *
- name : 'nobody'
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.758176, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.758195, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3584 bytes to parent
- [2017/04/25 22:48:13.759986, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 28 extra bytes
- [2017/04/25 22:48:13.760021, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.760041, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.760058, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (FS2)
- [2017/04/25 22:48:13.760080, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupSid: struct wbint_LookupSid
- in: struct wbint_LookupSid
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-513
- [2017/04/25 22:48:13.760129, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
- sid_to_name: [Cached] - doing backend query for name for domain FS2
- [2017/04/25 22:48:13.760148, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
- sam_sid_to_name
- [2017/04/25 22:48:13.760199, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.760222, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.760240, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.760293, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.760350, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.760570, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.760599, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.760624, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.760646, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.760708, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.760786, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
- rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
- [2017/04/25 22:48:13.760823, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- in: struct lsa_LookupSids
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-ff58-0db6780e0000
- sids : *
- sids: struct lsa_SidArray
- num_sids : 0x00000001 (1)
- sids : *
- sids: ARRAY(1)
- sids: struct lsa_SidPtr
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-513
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000000 (0)
- names : NULL
- level : LSA_LOOKUP_NAMES_ALL (1)
- count : *
- count : 0x00000000 (0)
- [2017/04/25 22:48:13.760993, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.761043, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
- Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
- [2017/04/25 22:48:13.761064, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
- lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
- [2017/04/25 22:48:13.761087, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 513.
- [2017/04/25 22:48:13.761129, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
- pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
- [2017/04/25 22:48:13.761162, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
- lookup_rids: None:2
- [2017/04/25 22:48:13.761182, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
- num_sids 1, mapped_count 1, status NT_STATUS_OK
- [2017/04/25 22:48:13.761200, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- out: struct lsa_LookupSids
- domains : *
- domains : *
- domains: struct lsa_RefDomainList
- count : 0x00000001 (1)
- domains : *
- domains: ARRAY(1)
- domains: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- max_size : 0x00000020 (32)
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000001 (1)
- names : *
- names: ARRAY(1)
- names: struct lsa_TranslatedName
- sid_type : SID_NAME_DOM_GRP (2)
- name: struct lsa_String
- length : 0x0008 (8)
- size : 0x0008 (8)
- string : *
- string : 'None'
- sid_index : 0x00000000 (0)
- count : *
- count : 0x00000001 (1)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.761494, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
- LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
- [2017/04/25 22:48:13.761523, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000a-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.761577, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.761623, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.761682, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.761699, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.761768, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.761792, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
- refresh_sequence_number: FS2 time ok
- [2017/04/25 22:48:13.761810, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.761858, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
- wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-513 -> FS2\None (NT_STATUS_OK)
- [2017/04/25 22:48:13.761876, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupSid: struct wbint_LookupSid
- out: struct wbint_LookupSid
- type : *
- type : SID_NAME_DOM_GRP (2)
- domain : *
- domain : *
- domain : 'FS2'
- name : *
- name : *
- name : 'None'
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.761967, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.761984, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3548 bytes to parent
- [2017/04/25 22:48:13.762416, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 36 extra bytes
- [2017/04/25 22:48:13.762445, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.762464, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.762481, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
- [2017/04/25 22:48:13.762502, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- in: struct wbint_LookupRids
- domain_sid : *
- domain_sid : S-1-5-21-2215787217-3459875347-284659480
- rids : *
- rids: struct wbint_RidArray
- num_rids : 0x00000001 (1)
- rids: ARRAY(1)
- rids : 0x00000201 (513)
- [2017/04/25 22:48:13.762581, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
- sam_rids_to_names for FS2
- [2017/04/25 22:48:13.762612, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.762632, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.762661, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.762698, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.762728, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.762955, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.762977, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.763000, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.763020, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.763068, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000b-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.763139, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
- rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
- [2017/04/25 22:48:13.763169, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- in: struct lsa_LookupSids
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000b-0000-0000-ff58-0db6780e0000
- sids : *
- sids: struct lsa_SidArray
- num_sids : 0x00000001 (1)
- sids : *
- sids: ARRAY(1)
- sids: struct lsa_SidPtr
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-513
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000000 (0)
- names : NULL
- level : LSA_LOOKUP_NAMES_ALL (1)
- count : *
- count : 0x00000000 (0)
- [2017/04/25 22:48:13.763326, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.763374, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
- Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
- [2017/04/25 22:48:13.763395, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
- lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
- [2017/04/25 22:48:13.763417, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 513.
- [2017/04/25 22:48:13.763443, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
- pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
- [2017/04/25 22:48:13.763487, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
- lookup_rids: None:2
- [2017/04/25 22:48:13.763508, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
- num_sids 1, mapped_count 1, status NT_STATUS_OK
- [2017/04/25 22:48:13.763529, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- out: struct lsa_LookupSids
- domains : *
- domains : *
- domains: struct lsa_RefDomainList
- count : 0x00000001 (1)
- domains : *
- domains: ARRAY(1)
- domains: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- max_size : 0x00000020 (32)
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000001 (1)
- names : *
- names: ARRAY(1)
- names: struct lsa_TranslatedName
- sid_type : SID_NAME_DOM_GRP (2)
- name: struct lsa_String
- length : 0x0008 (8)
- size : 0x0008 (8)
- string : *
- string : 'None'
- sid_index : 0x00000000 (0)
- count : *
- count : 0x00000001 (1)
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.763819, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
- LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
- [2017/04/25 22:48:13.763849, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000b-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.763903, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.763949, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.763994, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.764022, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.764091, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.764115, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
- refresh_sequence_number: FS2 time ok
- [2017/04/25 22:48:13.764133, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.764163, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
- wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-513 -> FS2\None (NT_STATUS_OK)
- [2017/04/25 22:48:13.764194, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- out: struct wbint_LookupRids
- domain_name : *
- domain_name : *
- domain_name : 'FS2'
- names : *
- names: struct wbint_Principals
- num_principals : 1
- principals: ARRAY(1)
- principals: struct wbint_Principal
- sid : S-1-5-21-2215787217-3459875347-284659480-513
- type : SID_NAME_DOM_GRP (2)
- name : *
- name : 'None'
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.764315, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.764334, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3584 bytes to parent
- [2017/04/25 22:48:13.774354, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
- Need to read 36 extra bytes
- [2017/04/25 22:48:13.774391, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
- child daemon request 59
- [2017/04/25 22:48:13.774412, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
- child_process_request: request fn NDRCMD
- [2017/04/25 22:48:13.774431, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
- winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
- [2017/04/25 22:48:13.774461, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- in: struct wbint_LookupRids
- domain_sid : *
- domain_sid : S-1-5-21-2215787217-3459875347-284659480
- rids : *
- rids: struct wbint_RidArray
- num_rids : 0x00000001 (1)
- rids: ARRAY(1)
- rids : 0x00000202 (514)
- [2017/04/25 22:48:13.774551, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
- sam_rids_to_names for FS2
- [2017/04/25 22:48:13.774628, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
- Create pipe requested lsarpc
- [2017/04/25 22:48:13.774651, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
- init_pipe_handle_list: created handle list for pipe lsarpc
- [2017/04/25 22:48:13.774671, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
- init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
- [2017/04/25 22:48:13.774733, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
- Created internal pipe lsarpc
- [2017/04/25 22:48:13.774782, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- in: struct lsa_OpenPolicy
- system_name : *
- system_name : 0x005c (92)
- attr : *
- attr: struct lsa_ObjectAttribute
- len : 0x00000018 (24)
- root_dir : NULL
- object_name : NULL
- attributes : 0x00000000 (0)
- sec_desc : NULL
- sec_qos : *
- sec_qos: struct lsa_QosInfo
- len : 0x0000000c (12)
- impersonation_level : 0x0002 (2)
- context_mode : 0x01 (1)
- effective_only : 0x00 (0)
- access_mask : 0x02000000 (33554432)
- 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
- 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
- 0: LSA_POLICY_GET_PRIVATE_INFORMATION
- 0: LSA_POLICY_TRUST_ADMIN
- 0: LSA_POLICY_CREATE_ACCOUNT
- 0: LSA_POLICY_CREATE_SECRET
- 0: LSA_POLICY_CREATE_PRIVILEGE
- 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
- 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
- 0: LSA_POLICY_AUDIT_LOG_ADMIN
- 0: LSA_POLICY_SERVER_ADMIN
- 0: LSA_POLICY_LOOKUP_NAMES
- 0: LSA_POLICY_NOTIFICATION
- [2017/04/25 22:48:13.775024, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
- se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
- [2017/04/25 22:48:13.775053, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
- _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
- but overritten by euid == initial uid
- [2017/04/25 22:48:13.775076, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
- _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
- [2017/04/25 22:48:13.775098, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
- Opened policy hnd[1] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.775147, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_OpenPolicy: struct lsa_OpenPolicy
- out: struct lsa_OpenPolicy
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-ff58-0db6780e0000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.775249, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
- rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
- [2017/04/25 22:48:13.775290, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- in: struct lsa_LookupSids
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-ff58-0db6780e0000
- sids : *
- sids: struct lsa_SidArray
- num_sids : 0x00000001 (1)
- sids : *
- sids: ARRAY(1)
- sids: struct lsa_SidPtr
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480-514
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000000 (0)
- names : NULL
- level : LSA_LOOKUP_NAMES_ALL (1)
- count : *
- count : 0x00000000 (0)
- [2017/04/25 22:48:13.775453, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.775506, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
- Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
- [2017/04/25 22:48:13.775529, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
- lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
- [2017/04/25 22:48:13.775552, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
- lookup_global_sam_rid: looking up RID 514.
- [2017/04/25 22:48:13.775585, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
- pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
- [2017/04/25 22:48:13.775621, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
- num_sids 1, mapped_count 0, status NT_STATUS_NONE_MAPPED
- [2017/04/25 22:48:13.775648, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_LookupSids: struct lsa_LookupSids
- out: struct lsa_LookupSids
- domains : *
- domains : *
- domains: struct lsa_RefDomainList
- count : 0x00000001 (1)
- domains : *
- domains: ARRAY(1)
- domains: struct lsa_DomainInfo
- name: struct lsa_StringLarge
- length : 0x0006 (6)
- size : 0x0008 (8)
- string : *
- string : 'FS2'
- sid : *
- sid : S-1-5-21-2215787217-3459875347-284659480
- max_size : 0x00000020 (32)
- names : *
- names: struct lsa_TransNameArray
- count : 0x00000001 (1)
- names : *
- names: ARRAY(1)
- names: struct lsa_TranslatedName
- sid_type : SID_NAME_UNKNOWN (8)
- name: struct lsa_String
- length : 0x0058 (88)
- size : 0x0058 (88)
- string : *
- string : 'S-1-5-21-2215787217-3459875347-284659480-514'
- sid_index : 0xffffffff (4294967295)
- count : *
- count : 0x00000000 (0)
- result : NT_STATUS_NONE_MAPPED
- [2017/04/25 22:48:13.775963, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
- LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_NONE_MAPPED', mapped count = 0'
- [2017/04/25 22:48:13.775995, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- in: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 0000000c-0000-0000-ff58-0db6780e0000
- [2017/04/25 22:48:13.776049, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.776093, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
- Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
- [0010] 78 0E 00 00 x...
- [2017/04/25 22:48:13.776179, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
- Closed policy
- [2017/04/25 22:48:13.776199, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- lsa_Close: struct lsa_Close
- out: struct lsa_Close
- handle : *
- handle: struct policy_handle
- handle_type : 0x00000000 (0)
- uuid : 00000000-0000-0000-0000-000000000000
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.776270, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
- Deleted handle list for RPC connection lsarpc
- [2017/04/25 22:48:13.776297, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
- refresh_sequence_number: FS2 time ok
- [2017/04/25 22:48:13.776315, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
- refresh_sequence_number: FS2 seq number is now 1493153293
- [2017/04/25 22:48:13.776362, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
- wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-514 -> FS2\(null) (NT_STATUS_NONE_MAPPED)
- [2017/04/25 22:48:13.776384, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
- wbint_LookupRids: struct wbint_LookupRids
- out: struct wbint_LookupRids
- domain_name : *
- domain_name : NULL
- names : *
- names: struct wbint_Principals
- num_principals : 1
- principals: ARRAY(1)
- principals: struct wbint_Principal
- sid : S-1-5-21-2215787217-3459875347-284659480-514
- type : SID_NAME_UNKNOWN (8)
- name : NULL
- result : NT_STATUS_OK
- [2017/04/25 22:48:13.776508, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
- Finished processing child request 59
- [2017/04/25 22:48:13.776528, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
- Writing 3548 bytes to parent
- [2017/04/25 22:48:23.020712, 0, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:266(winbindd_sig_term_handler)
- Got sig[15] terminate (is_parent=0)
- root@fs2:/var/log/samba#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement