API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 25th, 2017
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 142.77 KB | None | 0 0
raw download clone embed print report
  1. root@fs2:/var/log/samba# cat log.wb-FS2
  2. [2017/04/25 22:48:13.733639, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  3. Deregistering messaging pointer for type 33 - private_data=(nil)
  4. [2017/04/25 22:48:13.733705, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  5. Deregistering messaging pointer for type 13 - private_data=(nil)
  6. [2017/04/25 22:48:13.733723, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  7. Deregistering messaging pointer for type 1028 - private_data=(nil)
  8. [2017/04/25 22:48:13.733741, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  9. Deregistering messaging pointer for type 1027 - private_data=(nil)
  10. [2017/04/25 22:48:13.733757, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  11. Deregistering messaging pointer for type 1029 - private_data=(nil)
  12. [2017/04/25 22:48:13.733774, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  13. Deregistering messaging pointer for type 1280 - private_data=(nil)
  14. [2017/04/25 22:48:13.733790, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  15. Deregistering messaging pointer for type 1033 - private_data=(nil)
  16. [2017/04/25 22:48:13.733807, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  17. Deregistering messaging pointer for type 1 - private_data=(nil)
  18. [2017/04/25 22:48:13.733823, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  19. Deregistering messaging pointer for type 1036 - private_data=(nil)
  20. [2017/04/25 22:48:13.733841, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:431(messaging_deregister)
  21. Deregistering messaging pointer for type 1035 - private_data=(nil)
  22. [2017/04/25 22:48:13.734002, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
  23. Registering messaging pointer for type 1028 - private_data=(nil)
  24. [2017/04/25 22:48:13.734029, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
  25. Registering messaging pointer for type 1027 - private_data=(nil)
  26. [2017/04/25 22:48:13.734046, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
  27. Registering messaging pointer for type 1280 - private_data=(nil)
  28. [2017/04/25 22:48:13.734063, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
  29. Registering messaging pointer for type 1 - private_data=(nil)
  30. [2017/04/25 22:48:13.734080, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:384(messaging_register)
  31. Registering messaging pointer for type 1034 - private_data=(nil)
  32. [2017/04/25 22:48:13.734097, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:399(messaging_register)
  33. Overriding messaging pointer for type 1034 - private_data=(nil)
  34. [2017/04/25 22:48:13.734157, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  35. Need to read 40 extra bytes
  36. [2017/04/25 22:48:13.734191, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  37. child daemon request 59
  38. [2017/04/25 22:48:13.734212, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  39. child_process_request: request fn NDRCMD
  40. [2017/04/25 22:48:13.734236, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  41. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPNAME (FS2)
  42. [2017/04/25 22:48:13.734290, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  43. wbint_LookupName: struct wbint_LookupName
  44. in: struct wbint_LookupName
  45. domain : *
  46. domain : 'FS2'
  47. name : *
  48. name : 'NOBODY'
  49. flags : 0x00000008 (8)
  50. [2017/04/25 22:48:13.734420, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2374(set_dc_type_and_flags)
  51. set_dc_type_and_flags: setting up flags for primary or internal domain
  52. [2017/04/25 22:48:13.734451, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2186(set_dc_type_and_flags_connect)
  53. set_dc_type_and_flags_connect: domain FS2
  54. [2017/04/25 22:48:13.734641, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  55. Create pipe requested lsarpc
  56. [2017/04/25 22:48:13.734685, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  57. init_pipe_handle_list: created handle list for pipe dssetup
  58. [2017/04/25 22:48:13.734706, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  59. init_pipe_handle_list: pipe_handles ref count = 1 for pipe dssetup
  60. [2017/04/25 22:48:13.734808, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  61. Created internal pipe lsarpc
  62. [2017/04/25 22:48:13.734883, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  63. Deleted handle list for RPC connection dssetup
  64. [2017/04/25 22:48:13.734905, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2222(set_dc_type_and_flags_connect)
  65. set_dc_type_and_flags_connect: rpccli_ds_getprimarydominfo on domain FS2 failed: (NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)
  66. [2017/04/25 22:48:13.734944, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  67. Create pipe requested lsarpc
  68. [2017/04/25 22:48:13.734966, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  69. init_pipe_handle_list: created handle list for pipe lsarpc
  70. [2017/04/25 22:48:13.734985, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  71. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  72. [2017/04/25 22:48:13.735020, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  73. Created internal pipe lsarpc
  74. [2017/04/25 22:48:13.735078, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  75. lsa_OpenPolicy2: struct lsa_OpenPolicy2
  76. in: struct lsa_OpenPolicy2
  77. system_name : NULL
  78. attr : *
  79. attr: struct lsa_ObjectAttribute
  80. len : 0x00000018 (24)
  81. root_dir : NULL
  82. object_name : NULL
  83. attributes : 0x00000000 (0)
  84. sec_desc : NULL
  85. sec_qos : *
  86. sec_qos: struct lsa_QosInfo
  87. len : 0x0000000c (12)
  88. impersonation_level : 0x0002 (2)
  89. context_mode : 0x01 (1)
  90. effective_only : 0x00 (0)
  91. access_mask : 0x02000000 (33554432)
  92. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  93. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  94. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  95. 0: LSA_POLICY_TRUST_ADMIN
  96. 0: LSA_POLICY_CREATE_ACCOUNT
  97. 0: LSA_POLICY_CREATE_SECRET
  98. 0: LSA_POLICY_CREATE_PRIVILEGE
  99. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  100. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  101. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  102. 0: LSA_POLICY_SERVER_ADMIN
  103. 0: LSA_POLICY_LOOKUP_NAMES
  104. 0: LSA_POLICY_NOTIFICATION
  105. [2017/04/25 22:48:13.735336, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  106. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  107. [2017/04/25 22:48:13.735375, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  108. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  109. but overritten by euid == initial uid
  110. [2017/04/25 22:48:13.735403, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  111. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  112. [2017/04/25 22:48:13.735431, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  113. Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  114. [0010] 78 0E 00 00 x...
  115. [2017/04/25 22:48:13.735486, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  116. lsa_OpenPolicy2: struct lsa_OpenPolicy2
  117. out: struct lsa_OpenPolicy2
  118. handle : *
  119. handle: struct policy_handle
  120. handle_type : 0x00000000 (0)
  121. uuid : 00000001-0000-0000-ff58-0db6780e0000
  122. result : NT_STATUS_OK
  123. [2017/04/25 22:48:13.735593, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  124. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
  125. in: struct lsa_QueryInfoPolicy2
  126. handle : *
  127. handle: struct policy_handle
  128. handle_type : 0x00000000 (0)
  129. uuid : 00000001-0000-0000-ff58-0db6780e0000
  130. level : LSA_POLICY_INFO_DNS (12)
  131. [2017/04/25 22:48:13.735687, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  132. Attempting to register passdb backend smbpasswd
  133. [2017/04/25 22:48:13.735725, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  134. Successfully added passdb backend 'smbpasswd'
  135. [2017/04/25 22:48:13.735744, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  136. Attempting to register passdb backend tdbsam
  137. [2017/04/25 22:48:13.735771, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  138. Successfully added passdb backend 'tdbsam'
  139. [2017/04/25 22:48:13.735789, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  140. Attempting to register passdb backend wbc_sam
  141. [2017/04/25 22:48:13.735808, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  142. Successfully added passdb backend 'wbc_sam'
  143. [2017/04/25 22:48:13.735824, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  144. Attempting to register passdb backend samba_dsdb
  145. [2017/04/25 22:48:13.735843, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  146. Successfully added passdb backend 'samba_dsdb'
  147. [2017/04/25 22:48:13.735859, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  148. Attempting to register passdb backend samba4
  149. [2017/04/25 22:48:13.735875, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  150. Successfully added passdb backend 'samba4'
  151. [2017/04/25 22:48:13.735907, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  152. Attempting to register passdb backend ldapsam
  153. [2017/04/25 22:48:13.735927, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  154. Successfully added passdb backend 'ldapsam'
  155. [2017/04/25 22:48:13.735945, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  156. Attempting to register passdb backend NDS_ldapsam
  157. [2017/04/25 22:48:13.735964, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  158. Successfully added passdb backend 'NDS_ldapsam'
  159. [2017/04/25 22:48:13.735982, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:78(smb_register_passdb)
  160. Attempting to register passdb backend IPA_ldapsam
  161. [2017/04/25 22:48:13.735999, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
  162. Successfully added passdb backend 'IPA_ldapsam'
  163. [2017/04/25 22:48:13.736016, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:154(make_pdb_method_name)
  164. Attempting to find a passdb backend to match tdbsam (tdbsam)
  165. [2017/04/25 22:48:13.736035, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:175(make_pdb_method_name)
  166. Found pdb backend tdbsam
  167. [2017/04/25 22:48:13.736062, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:186(make_pdb_method_name)
  168. pdb backend tdbsam has a valid init
  169. [2017/04/25 22:48:13.736103, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  170. lsa_OpenPolicy: struct lsa_OpenPolicy
  171. in: struct lsa_OpenPolicy
  172. system_name : *
  173. system_name : 0x005c (92)
  174. attr : *
  175. attr: struct lsa_ObjectAttribute
  176. len : 0x00000018 (24)
  177. root_dir : NULL
  178. object_name : NULL
  179. attributes : 0x00000000 (0)
  180. sec_desc : NULL
  181. sec_qos : *
  182. sec_qos: struct lsa_QosInfo
  183. len : 0x0000000c (12)
  184. impersonation_level : 0x0002 (2)
  185. context_mode : 0x01 (1)
  186. effective_only : 0x00 (0)
  187. access_mask : 0x02000000 (33554432)
  188. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  189. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  190. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  191. 0: LSA_POLICY_TRUST_ADMIN
  192. 0: LSA_POLICY_CREATE_ACCOUNT
  193. 0: LSA_POLICY_CREATE_SECRET
  194. 0: LSA_POLICY_CREATE_PRIVILEGE
  195. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  196. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  197. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  198. 0: LSA_POLICY_SERVER_ADMIN
  199. 0: LSA_POLICY_LOOKUP_NAMES
  200. 0: LSA_POLICY_NOTIFICATION
  201. [2017/04/25 22:48:13.736325, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  202. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  203. [2017/04/25 22:48:13.736347, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  204. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  205. but overritten by euid == initial uid
  206. [2017/04/25 22:48:13.736381, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  207. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  208. [2017/04/25 22:48:13.736403, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  209. Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  210. [0010] 78 0E 00 00 x...
  211. [2017/04/25 22:48:13.736450, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  212. lsa_OpenPolicy: struct lsa_OpenPolicy
  213. out: struct lsa_OpenPolicy
  214. handle : *
  215. handle: struct policy_handle
  216. handle_type : 0x00000000 (0)
  217. uuid : 00000002-0000-0000-ff58-0db6780e0000
  218. result : NT_STATUS_OK
  219. [2017/04/25 22:48:13.736555, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  220. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
  221. in: struct lsa_QueryInfoPolicy
  222. handle : *
  223. handle: struct policy_handle
  224. handle_type : 0x00000000 (0)
  225. uuid : 00000002-0000-0000-ff58-0db6780e0000
  226. level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5)
  227. [2017/04/25 22:48:13.736618, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  228. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  229. [0010] 78 0E 00 00 x...
  230. [2017/04/25 22:48:13.736813, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  231. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy
  232. out: struct lsa_QueryInfoPolicy
  233. info : *
  234. info : *
  235. info : union lsa_PolicyInformation(case 5)
  236. account_domain: struct lsa_DomainInfo
  237. name: struct lsa_StringLarge
  238. length : 0x0006 (6)
  239. size : 0x0008 (8)
  240. string : *
  241. string : 'FS2'
  242. sid : *
  243. sid : S-1-5-21-2215787217-3459875347-284659480
  244. result : NT_STATUS_OK
  245. [2017/04/25 22:48:13.736970, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2350(set_dc_type_and_flags_connect)
  246. set_dc_type_and_flags_connect: domain FS2 is NOT in native mode.
  247. [2017/04/25 22:48:13.736990, 5, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:2353(set_dc_type_and_flags_connect)
  248. set_dc_type_and_flags_connect: domain FS2 is NOT running active directory.
  249. [2017/04/25 22:48:13.737008, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  250. Deleted handle list for RPC connection lsarpc
  251. [2017/04/25 22:48:13.737044, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1873(name_to_sid)
  252. name_to_sid: [Cached] - doing backend query for name for domain FS2
  253. [2017/04/25 22:48:13.737068, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:548(sam_name_to_sid)
  254. sam_name_to_sid
  255. [2017/04/25 22:48:13.737099, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  256. Create pipe requested lsarpc
  257. [2017/04/25 22:48:13.737133, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  258. init_pipe_handle_list: created handle list for pipe lsarpc
  259. [2017/04/25 22:48:13.737152, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  260. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  261. [2017/04/25 22:48:13.737186, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  262. Created internal pipe lsarpc
  263. [2017/04/25 22:48:13.737213, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  264. lsa_OpenPolicy: struct lsa_OpenPolicy
  265. in: struct lsa_OpenPolicy
  266. system_name : *
  267. system_name : 0x005c (92)
  268. attr : *
  269. attr: struct lsa_ObjectAttribute
  270. len : 0x00000018 (24)
  271. root_dir : NULL
  272. object_name : NULL
  273. attributes : 0x00000000 (0)
  274. sec_desc : NULL
  275. sec_qos : *
  276. sec_qos: struct lsa_QosInfo
  277. len : 0x0000000c (12)
  278. impersonation_level : 0x0002 (2)
  279. context_mode : 0x01 (1)
  280. effective_only : 0x00 (0)
  281. access_mask : 0x02000000 (33554432)
  282. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  283. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  284. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  285. 0: LSA_POLICY_TRUST_ADMIN
  286. 0: LSA_POLICY_CREATE_ACCOUNT
  287. 0: LSA_POLICY_CREATE_SECRET
  288. 0: LSA_POLICY_CREATE_PRIVILEGE
  289. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  290. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  291. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  292. 0: LSA_POLICY_SERVER_ADMIN
  293. 0: LSA_POLICY_LOOKUP_NAMES
  294. 0: LSA_POLICY_NOTIFICATION
  295. [2017/04/25 22:48:13.737425, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  296. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  297. [2017/04/25 22:48:13.737447, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  298. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  299. but overritten by euid == initial uid
  300. [2017/04/25 22:48:13.737470, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  301. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  302. [2017/04/25 22:48:13.737490, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  303. Opened policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  304. [0010] 78 0E 00 00 x...
  305. [2017/04/25 22:48:13.737542, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  306. lsa_OpenPolicy: struct lsa_OpenPolicy
  307. out: struct lsa_OpenPolicy
  308. handle : *
  309. handle: struct policy_handle
  310. handle_type : 0x00000000 (0)
  311. uuid : 00000003-0000-0000-ff58-0db6780e0000
  312. result : NT_STATUS_OK
  313. [2017/04/25 22:48:13.737622, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_rpc.c:303(rpc_name_to_sid)
  314. name_to_sid: FS2\NOBODY for domain FS2
  315. [2017/04/25 22:48:13.737685, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  316. lsa_LookupNames: struct lsa_LookupNames
  317. in: struct lsa_LookupNames
  318. handle : *
  319. handle: struct policy_handle
  320. handle_type : 0x00000000 (0)
  321. uuid : 00000003-0000-0000-ff58-0db6780e0000
  322. num_names : 0x00000001 (1)
  323. names: ARRAY(1)
  324. names: struct lsa_String
  325. length : 0x0014 (20)
  326. size : 0x0014 (20)
  327. string : *
  328. string : 'FS2\NOBODY'
  329. sids : *
  330. sids: struct lsa_TransSidArray
  331. count : 0x00000000 (0)
  332. sids : NULL
  333. level : LSA_LOOKUP_NAMES_ALL (1)
  334. count : *
  335. count : 0x00000000 (0)
  336. [2017/04/25 22:48:13.737855, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  337. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  338. [0010] 78 0E 00 00 x...
  339. [2017/04/25 22:48:13.737904, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:163(lookup_lsa_rids)
  340. lookup_lsa_rids: looking up name FS2\NOBODY
  341. [2017/04/25 22:48:13.737974, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:77(lookup_name)
  342. lookup_name: FS2\NOBODY => domain=[FS2], name=[NOBODY]
  343. [2017/04/25 22:48:13.737997, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:78(lookup_name)
  344. lookup_name: flags = 0x073
  345. [2017/04/25 22:48:13.738231, 4, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:558(tdbsam_open)
  346. tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb
  347. [2017/04/25 22:48:13.738287, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
  348. pdb_set_username: setting username nobody, was
  349. [2017/04/25 22:48:13.738308, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
  350. pdb_set_domain: setting domain FS2, was
  351. [2017/04/25 22:48:13.738326, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username)
  352. pdb_set_nt_username: setting nt username , was
  353. [2017/04/25 22:48:13.738344, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
  354. pdb_set_full_name: setting full name nobody, was
  355. [2017/04/25 22:48:13.738366, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
  356. Home server: fs2
  357. [2017/04/25 22:48:13.738396, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir)
  358. pdb_set_homedir: setting home dir \\fs2\nobody, was
  359. [2017/04/25 22:48:13.738415, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive)
  360. pdb_set_dir_drive: setting dir drive , was NULL
  361. [2017/04/25 22:48:13.738434, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script)
  362. pdb_set_logon_script: setting logon script , was
  363. [2017/04/25 22:48:13.738451, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
  364. Home server: fs2
  365. [2017/04/25 22:48:13.738471, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path)
  366. pdb_set_profile_path: setting profile path \\fs2\nobody\profile, was
  367. [2017/04/25 22:48:13.738490, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations)
  368. pdb_set_workstations: setting workstations , was
  369. [2017/04/25 22:48:13.738583, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
  370. account_policy_get: name: password history, val: 0
  371. [2017/04/25 22:48:13.738606, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
  372. pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
  373. [2017/04/25 22:48:13.738629, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
  374. pdb_set_user_sid_from_rid:
  375. setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
  376. [2017/04/25 22:48:13.738680, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
  377. account_policy_get: name: maximum password age, val: -1
  378. [2017/04/25 22:48:13.738706, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
  379. Finding user nobody
  380. [2017/04/25 22:48:13.738724, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
  381. Trying _Get_Pwnam(), username as lowercase is nobody
  382. [2017/04/25 22:48:13.740094, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
  383. Get_Pwnam_internals did find user [nobody]!
  384. [2017/04/25 22:48:13.740195, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1278(gid_to_sid)
  385. gid_to_sid: winbind failed to find a sid for gid 65534
  386. [2017/04/25 22:48:13.740321, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  387. failed to unpack map
  388. [2017/04/25 22:48:13.740353, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  389. failed to unpack map
  390. [2017/04/25 22:48:13.740411, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1141(legacy_gid_to_sid)
  391. LEGACY: gid 65534 -> sid S-1-22-2-65534
  392. [2017/04/25 22:48:13.740448, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  393. failed to unpack map
  394. [2017/04/25 22:48:13.740477, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  395. failed to unpack map
  396. [2017/04/25 22:48:13.740529, 3, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1631(get_primary_group_sid)
  397. Forcing Primary Group to 'Domain Users' for nobody
  398. [2017/04/25 22:48:13.740561, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
  399. account_policy_get: name: password history, val: 0
  400. [2017/04/25 22:48:13.740597, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
  401. pdb_set_username: setting username nobody, was
  402. [2017/04/25 22:48:13.740624, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
  403. pdb_set_domain: setting domain FS2, was
  404. [2017/04/25 22:48:13.740641, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:616(pdb_set_nt_username)
  405. pdb_set_nt_username: setting nt username , was
  406. [2017/04/25 22:48:13.740679, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
  407. pdb_set_full_name: setting full name nobody, was
  408. [2017/04/25 22:48:13.740699, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
  409. Home server: fs2
  410. [2017/04/25 22:48:13.740723, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:732(pdb_set_homedir)
  411. pdb_set_homedir: setting home dir \\fs2\nobody, was
  412. [2017/04/25 22:48:13.740741, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:708(pdb_set_dir_drive)
  413. pdb_set_dir_drive: setting dir drive , was NULL
  414. [2017/04/25 22:48:13.740759, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:662(pdb_set_logon_script)
  415. pdb_set_logon_script: setting logon script , was
  416. [2017/04/25 22:48:13.740812, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/substitute.c:435(automount_server)
  417. Home server: fs2
  418. [2017/04/25 22:48:13.740833, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:685(pdb_set_profile_path)
  419. pdb_set_profile_path: setting profile path \\fs2\nobody\profile, was
  420. [2017/04/25 22:48:13.740851, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:775(pdb_set_workstations)
  421. pdb_set_workstations: setting workstations , was
  422. [2017/04/25 22:48:13.740876, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/account_pol.c:362(account_policy_get)
  423. account_policy_get: name: password history, val: 0
  424. [2017/04/25 22:48:13.740895, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
  425. pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
  426. [2017/04/25 22:48:13.740915, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
  427. pdb_set_user_sid_from_rid:
  428. setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
  429. [2017/04/25 22:48:13.740944, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:557(pdb_set_group_sid)
  430. pdb_set_group_sid: setting group sid S-1-5-21-2215787217-3459875347-284659480-513
  431. [2017/04/25 22:48:13.741121, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:176(lookup_lsa_rids)
  432. init_lsa_rids: FS2\NOBODY found
  433. [2017/04/25 22:48:13.741150, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  434. lsa_LookupNames: struct lsa_LookupNames
  435. out: struct lsa_LookupNames
  436. domains : *
  437. domains : *
  438. domains: struct lsa_RefDomainList
  439. count : 0x00000001 (1)
  440. domains : *
  441. domains: ARRAY(1)
  442. domains: struct lsa_DomainInfo
  443. name: struct lsa_StringLarge
  444. length : 0x0006 (6)
  445. size : 0x0008 (8)
  446. string : *
  447. string : 'FS2'
  448. sid : *
  449. sid : S-1-5-21-2215787217-3459875347-284659480
  450. max_size : 0x00000020 (32)
  451. sids : *
  452. sids: struct lsa_TransSidArray
  453. count : 0x00000001 (1)
  454. sids : *
  455. sids: ARRAY(1)
  456. sids: struct lsa_TranslatedSid
  457. sid_type : SID_NAME_USER (1)
  458. rid : 0x000001f5 (501)
  459. sid_index : 0x00000000 (0)
  460. count : *
  461. count : 0x00000001 (1)
  462. result : NT_STATUS_OK
  463. [2017/04/25 22:48:13.741530, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  464. lsa_Close: struct lsa_Close
  465. in: struct lsa_Close
  466. handle : *
  467. handle: struct policy_handle
  468. handle_type : 0x00000000 (0)
  469. uuid : 00000003-0000-0000-ff58-0db6780e0000
  470. [2017/04/25 22:48:13.741604, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  471. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  472. [0010] 78 0E 00 00 x...
  473. [2017/04/25 22:48:13.741664, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  474. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  475. [0010] 78 0E 00 00 x...
  476. [2017/04/25 22:48:13.741709, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  477. Closed policy
  478. [2017/04/25 22:48:13.741728, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  479. lsa_Close: struct lsa_Close
  480. out: struct lsa_Close
  481. handle : *
  482. handle: struct policy_handle
  483. handle_type : 0x00000000 (0)
  484. uuid : 00000000-0000-0000-0000-000000000000
  485. result : NT_STATUS_OK
  486. [2017/04/25 22:48:13.741803, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  487. Deleted handle list for RPC connection lsarpc
  488. [2017/04/25 22:48:13.741860, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:423(wcache_fetch_seqnum)
  489. wcache_fetch_seqnum: FS2 not found
  490. [2017/04/25 22:48:13.741885, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4736(wcache_tdc_fetch_domain)
  491. wcache_tdc_fetch_domain: Searching for domain FS2
  492. [2017/04/25 22:48:13.741925, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4751(wcache_tdc_fetch_domain)
  493. wcache_tdc_fetch_domain: Found domain FS2
  494. [2017/04/25 22:48:13.742016, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:991(sam_sequence_number)
  495. samr: sequence number
  496. [2017/04/25 22:48:13.742062, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  497. Create pipe requested samr
  498. [2017/04/25 22:48:13.742085, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  499. init_pipe_handle_list: created handle list for pipe samr
  500. [2017/04/25 22:48:13.742102, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  501. init_pipe_handle_list: pipe_handles ref count = 1 for pipe samr
  502. [2017/04/25 22:48:13.742157, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  503. Created internal pipe samr
  504. [2017/04/25 22:48:13.742195, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  505. samr_Connect2: struct samr_Connect2
  506. in: struct samr_Connect2
  507. system_name : NULL
  508. access_mask : 0x02000000 (33554432)
  509. 0: SAMR_ACCESS_CONNECT_TO_SERVER
  510. 0: SAMR_ACCESS_SHUTDOWN_SERVER
  511. 0: SAMR_ACCESS_INITIALIZE_SERVER
  512. 0: SAMR_ACCESS_CREATE_DOMAIN
  513. 0: SAMR_ACCESS_ENUM_DOMAINS
  514. 0: SAMR_ACCESS_LOOKUP_DOMAIN
  515. [2017/04/25 22:48:13.742282, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3866(_samr_Connect2)
  516. _samr_Connect2: 3866
  517. [2017/04/25 22:48:13.742315, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  518. se_map_generic(): mapped mask 0xb0000000 to 0x000f003f
  519. [2017/04/25 22:48:13.742337, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  520. _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f)
  521. but overritten by euid == initial uid
  522. [2017/04/25 22:48:13.742372, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  523. _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f)
  524. [2017/04/25 22:48:13.742393, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  525. Opened policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  526. [0010] 78 0E 00 00 x...
  527. [2017/04/25 22:48:13.742562, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3895(_samr_Connect2)
  528. _samr_Connect2: 3895
  529. [2017/04/25 22:48:13.742581, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  530. samr_Connect2: struct samr_Connect2
  531. out: struct samr_Connect2
  532. connect_handle : *
  533. connect_handle: struct policy_handle
  534. handle_type : 0x00000000 (0)
  535. uuid : 00000004-0000-0000-ff58-0db6780e0000
  536. result : NT_STATUS_OK
  537. [2017/04/25 22:48:13.742687, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  538. samr_OpenDomain: struct samr_OpenDomain
  539. in: struct samr_OpenDomain
  540. connect_handle : *
  541. connect_handle: struct policy_handle
  542. handle_type : 0x00000000 (0)
  543. uuid : 00000004-0000-0000-ff58-0db6780e0000
  544. access_mask : 0x02000000 (33554432)
  545. 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
  546. 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
  547. 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
  548. 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
  549. 0: SAMR_DOMAIN_ACCESS_CREATE_USER
  550. 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
  551. 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
  552. 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
  553. 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
  554. 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
  555. 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
  556. sid : *
  557. sid : S-1-5-21-2215787217-3459875347-284659480
  558. [2017/04/25 22:48:13.742845, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  559. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  560. [0010] 78 0E 00 00 x...
  561. [2017/04/25 22:48:13.742894, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
  562. found handle of type struct samr_connect_info
  563. [2017/04/25 22:48:13.742914, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  564. se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
  565. [2017/04/25 22:48:13.743003, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
  566. access_check_object: user rights access mask [0x3f0]
  567. [2017/04/25 22:48:13.743021, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  568. _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f040f)
  569. but overritten by euid == initial uid
  570. [2017/04/25 22:48:13.743043, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  571. _samr_OpenDomain: access GRANTED (requested: 0x000f040f, granted: 0x000f07ff)
  572. [2017/04/25 22:48:13.743063, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  573. Opened policy hnd[2] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  574. [0010] 78 0E 00 00 x...
  575. [2017/04/25 22:48:13.743126, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain)
  576. _samr_OpenDomain: 500
  577. [2017/04/25 22:48:13.743146, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  578. samr_OpenDomain: struct samr_OpenDomain
  579. out: struct samr_OpenDomain
  580. domain_handle : *
  581. domain_handle: struct policy_handle
  582. handle_type : 0x00000000 (0)
  583. uuid : 00000005-0000-0000-ff58-0db6780e0000
  584. result : NT_STATUS_OK
  585. [2017/04/25 22:48:13.743231, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  586. samr_QueryDomainInfo: struct samr_QueryDomainInfo
  587. in: struct samr_QueryDomainInfo
  588. domain_handle : *
  589. domain_handle: struct policy_handle
  590. handle_type : 0x00000000 (0)
  591. uuid : 00000005-0000-0000-ff58-0db6780e0000
  592. level : DomainModifiedInformation (8)
  593. [2017/04/25 22:48:13.743300, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3499(_samr_QueryDomainInfo)
  594. _samr_QueryDomainInfo: 3499
  595. [2017/04/25 22:48:13.743318, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  596. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  597. [0010] 78 0E 00 00 x...
  598. [2017/04/25 22:48:13.743363, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
  599. found handle of type struct samr_domain_info
  600. [2017/04/25 22:48:13.743383, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3589(_samr_QueryDomainInfo)
  601. _samr_QueryDomainInfo: 3589
  602. [2017/04/25 22:48:13.743400, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  603. samr_QueryDomainInfo: struct samr_QueryDomainInfo
  604. out: struct samr_QueryDomainInfo
  605. info : *
  606. info : *
  607. info : union samr_DomainInfo(case 8)
  608. info8: struct samr_DomInfo8
  609. sequence_num : 0x0000000058ffb60d (1493153293)
  610. domain_create_time : NTTIME(0)
  611. result : NT_STATUS_OK
  612. [2017/04/25 22:48:13.743498, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_rpc.c:955(rpc_sequence_number)
  613. domain_sequence_number: for domain FS2 is 1493153293
  614. [2017/04/25 22:48:13.743535, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  615. samr_Close: struct samr_Close
  616. in: struct samr_Close
  617. handle : *
  618. handle: struct policy_handle
  619. handle_type : 0x00000000 (0)
  620. uuid : 00000005-0000-0000-ff58-0db6780e0000
  621. [2017/04/25 22:48:13.743591, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  622. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  623. [0010] 78 0E 00 00 x...
  624. [2017/04/25 22:48:13.743636, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  625. Closed policy
  626. [2017/04/25 22:48:13.743722, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  627. samr_Close: struct samr_Close
  628. out: struct samr_Close
  629. handle : *
  630. handle: struct policy_handle
  631. handle_type : 0x00000000 (0)
  632. uuid : 00000000-0000-0000-0000-000000000000
  633. result : NT_STATUS_OK
  634. [2017/04/25 22:48:13.743820, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  635. Deleted handle list for RPC connection samr
  636. [2017/04/25 22:48:13.743897, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:499(wcache_store_seqnum)
  637. wcache_store_seqnum: success [FS2][1493153293 @ 1493153293]
  638. [2017/04/25 22:48:13.743917, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  639. refresh_sequence_number: FS2 seq number is now 1493153293
  640. [2017/04/25 22:48:13.743970, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:965(wcache_save_name_to_sid)
  641. wcache_save_name_to_sid: FS2\NOBODY -> S-1-5-21-2215787217-3459875347-284659480-501 (NT_STATUS_OK)
  642. [2017/04/25 22:48:13.744014, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  643. wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-501 -> FS2\nobody (NT_STATUS_OK)
  644. [2017/04/25 22:48:13.744034, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  645. wbint_LookupName: struct wbint_LookupName
  646. out: struct wbint_LookupName
  647. type : *
  648. type : SID_NAME_USER (1)
  649. sid : *
  650. sid : S-1-5-21-2215787217-3459875347-284659480-501
  651. result : NT_STATUS_OK
  652. [2017/04/25 22:48:13.744105, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  653. Finished processing child request 59
  654. [2017/04/25 22:48:13.744124, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  655. Writing 3532 bytes to parent
  656. [2017/04/25 22:48:13.744485, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  657. Need to read 28 extra bytes
  658. [2017/04/25 22:48:13.744516, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  659. child daemon request 59
  660. [2017/04/25 22:48:13.744536, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  661. child_process_request: request fn NDRCMD
  662. [2017/04/25 22:48:13.744553, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  663. winbindd_dual_ndrcmd: Running command WBINT_QUERYUSER (FS2)
  664. [2017/04/25 22:48:13.744578, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  665. wbint_QueryUser: struct wbint_QueryUser
  666. in: struct wbint_QueryUser
  667. sid : *
  668. sid : S-1-5-21-2215787217-3459875347-284659480-501
  669. [2017/04/25 22:48:13.744627, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2374(query_user)
  670. query_user: [Cached] - doing backend query for info for domain FS2
  671. [2017/04/25 22:48:13.744665, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:239(sam_query_user)
  672. sam_query_user
  673. [2017/04/25 22:48:13.744703, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  674. Create pipe requested samr
  675. [2017/04/25 22:48:13.744740, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  676. init_pipe_handle_list: created handle list for pipe samr
  677. [2017/04/25 22:48:13.744759, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  678. init_pipe_handle_list: pipe_handles ref count = 1 for pipe samr
  679. [2017/04/25 22:48:13.744803, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  680. Created internal pipe samr
  681. [2017/04/25 22:48:13.744831, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  682. samr_Connect2: struct samr_Connect2
  683. in: struct samr_Connect2
  684. system_name : NULL
  685. access_mask : 0x02000000 (33554432)
  686. 0: SAMR_ACCESS_CONNECT_TO_SERVER
  687. 0: SAMR_ACCESS_SHUTDOWN_SERVER
  688. 0: SAMR_ACCESS_INITIALIZE_SERVER
  689. 0: SAMR_ACCESS_CREATE_DOMAIN
  690. 0: SAMR_ACCESS_ENUM_DOMAINS
  691. 0: SAMR_ACCESS_LOOKUP_DOMAIN
  692. [2017/04/25 22:48:13.744909, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3866(_samr_Connect2)
  693. _samr_Connect2: 3866
  694. [2017/04/25 22:48:13.744930, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  695. se_map_generic(): mapped mask 0xb0000000 to 0x000f003f
  696. [2017/04/25 22:48:13.744950, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  697. _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f)
  698. but overritten by euid == initial uid
  699. [2017/04/25 22:48:13.744971, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  700. _samr_Connect2: access GRANTED (requested: 0x000f003f, granted: 0x000f003f)
  701. [2017/04/25 22:48:13.744991, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  702. Opened policy hnd[1] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  703. [0010] 78 0E 00 00 x...
  704. [2017/04/25 22:48:13.745039, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3895(_samr_Connect2)
  705. _samr_Connect2: 3895
  706. [2017/04/25 22:48:13.745056, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  707. samr_Connect2: struct samr_Connect2
  708. out: struct samr_Connect2
  709. connect_handle : *
  710. connect_handle: struct policy_handle
  711. handle_type : 0x00000000 (0)
  712. uuid : 00000006-0000-0000-ff58-0db6780e0000
  713. result : NT_STATUS_OK
  714. [2017/04/25 22:48:13.745133, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  715. samr_OpenDomain: struct samr_OpenDomain
  716. in: struct samr_OpenDomain
  717. connect_handle : *
  718. connect_handle: struct policy_handle
  719. handle_type : 0x00000000 (0)
  720. uuid : 00000006-0000-0000-ff58-0db6780e0000
  721. access_mask : 0x02000000 (33554432)
  722. 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
  723. 0: SAMR_DOMAIN_ACCESS_SET_INFO_1
  724. 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2
  725. 0: SAMR_DOMAIN_ACCESS_SET_INFO_2
  726. 0: SAMR_DOMAIN_ACCESS_CREATE_USER
  727. 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP
  728. 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS
  729. 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS
  730. 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS
  731. 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT
  732. 0: SAMR_DOMAIN_ACCESS_SET_INFO_3
  733. sid : *
  734. sid : S-1-5-21-2215787217-3459875347-284659480
  735. [2017/04/25 22:48:13.745291, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  736. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  737. [0010] 78 0E 00 00 x...
  738. [2017/04/25 22:48:13.745336, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
  739. found handle of type struct samr_connect_info
  740. [2017/04/25 22:48:13.745355, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  741. se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
  742. [2017/04/25 22:48:13.745372, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
  743. access_check_object: user rights access mask [0x3f0]
  744. [2017/04/25 22:48:13.745389, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  745. _samr_OpenDomain: ACCESS should be DENIED (requested: 0x000f040f)
  746. but overritten by euid == initial uid
  747. [2017/04/25 22:48:13.745410, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  748. _samr_OpenDomain: access GRANTED (requested: 0x000f040f, granted: 0x000f07ff)
  749. [2017/04/25 22:48:13.745430, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  750. Opened policy hnd[2] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  751. [0010] 78 0E 00 00 x...
  752. [2017/04/25 22:48:13.745479, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:500(_samr_OpenDomain)
  753. _samr_OpenDomain: 500
  754. [2017/04/25 22:48:13.745497, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  755. samr_OpenDomain: struct samr_OpenDomain
  756. out: struct samr_OpenDomain
  757. domain_handle : *
  758. domain_handle: struct policy_handle
  759. handle_type : 0x00000000 (0)
  760. uuid : 00000007-0000-0000-ff58-0db6780e0000
  761. result : NT_STATUS_OK
  762. [2017/04/25 22:48:13.745587, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  763. samr_OpenUser: struct samr_OpenUser
  764. in: struct samr_OpenUser
  765. domain_handle : *
  766. domain_handle: struct policy_handle
  767. handle_type : 0x00000000 (0)
  768. uuid : 00000007-0000-0000-ff58-0db6780e0000
  769. access_mask : 0x02000000 (33554432)
  770. 0: SAMR_USER_ACCESS_GET_NAME_ETC
  771. 0: SAMR_USER_ACCESS_GET_LOCALE
  772. 0: SAMR_USER_ACCESS_SET_LOC_COM
  773. 0: SAMR_USER_ACCESS_GET_LOGONINFO
  774. 0: SAMR_USER_ACCESS_GET_ATTRIBUTES
  775. 0: SAMR_USER_ACCESS_SET_ATTRIBUTES
  776. 0: SAMR_USER_ACCESS_CHANGE_PASSWORD
  777. 0: SAMR_USER_ACCESS_SET_PASSWORD
  778. 0: SAMR_USER_ACCESS_GET_GROUPS
  779. 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP
  780. 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP
  781. rid : 0x000001f5 (501)
  782. [2017/04/25 22:48:13.745742, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  783. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  784. [0010] 78 0E 00 00 x...
  785. [2017/04/25 22:48:13.745790, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
  786. found handle of type struct samr_domain_info
  787. [2017/04/25 22:48:13.745824, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  788. se_map_generic(): mapped mask 0xb0000000 to 0x000f07ff
  789. [2017/04/25 22:48:13.745843, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
  790. pdb_getsampwsid: Building guest account
  791. [2017/04/25 22:48:13.745863, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
  792. Finding user nobody
  793. [2017/04/25 22:48:13.745881, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
  794. Trying _Get_Pwnam(), username as lowercase is nobody
  795. [2017/04/25 22:48:13.745974, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
  796. Get_Pwnam_internals did find user [nobody]!
  797. [2017/04/25 22:48:13.745995, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
  798. pdb_set_username: setting username nobody, was
  799. [2017/04/25 22:48:13.746015, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
  800. pdb_set_full_name: setting full name nobody, was
  801. [2017/04/25 22:48:13.746033, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
  802. pdb_set_domain: setting domain FS2, was
  803. [2017/04/25 22:48:13.746053, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
  804. pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
  805. [2017/04/25 22:48:13.746074, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
  806. pdb_set_user_sid_from_rid:
  807. setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
  808. [2017/04/25 22:48:13.746102, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:84(access_check_object)
  809. access_check_object: user rights access mask [0xd04e4]
  810. [2017/04/25 22:48:13.746119, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  811. _samr_OpenUser: ACCESS should be DENIED (requested: 0x0002031b)
  812. but overritten by euid == initial uid
  813. [2017/04/25 22:48:13.746140, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  814. _samr_OpenUser: access GRANTED (requested: 0x0002031b, granted: 0x000f07ff)
  815. [2017/04/25 22:48:13.746159, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  816. Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  817. [0010] 78 0E 00 00 x...
  818. [2017/04/25 22:48:13.746208, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  819. samr_OpenUser: struct samr_OpenUser
  820. out: struct samr_OpenUser
  821. user_handle : *
  822. user_handle: struct policy_handle
  823. handle_type : 0x00000000 (0)
  824. uuid : 00000008-0000-0000-ff58-0db6780e0000
  825. result : NT_STATUS_OK
  826. [2017/04/25 22:48:13.746294, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  827. samr_QueryUserInfo: struct samr_QueryUserInfo
  828. in: struct samr_QueryUserInfo
  829. user_handle : *
  830. user_handle: struct policy_handle
  831. handle_type : 0x00000000 (0)
  832. uuid : 00000008-0000-0000-ff58-0db6780e0000
  833. level : UserAllInformation (21)
  834. [2017/04/25 22:48:13.746362, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  835. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  836. [0010] 78 0E 00 00 x...
  837. [2017/04/25 22:48:13.746422, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:523(_policy_handle_find)
  838. found handle of type struct samr_user_info
  839. [2017/04/25 22:48:13.746443, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2924(_samr_QueryUserInfo)
  840. _samr_QueryUserInfo: sid:S-1-5-21-2215787217-3459875347-284659480-501
  841. [2017/04/25 22:48:13.746466, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2931(_samr_QueryUserInfo)
  842. _samr_QueryUserInfo: user info level: 21
  843. [2017/04/25 22:48:13.746484, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
  844. pdb_getsampwsid: Building guest account
  845. [2017/04/25 22:48:13.746501, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
  846. Finding user nobody
  847. [2017/04/25 22:48:13.746518, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
  848. Trying _Get_Pwnam(), username as lowercase is nobody
  849. [2017/04/25 22:48:13.746560, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
  850. Get_Pwnam_internals did find user [nobody]!
  851. [2017/04/25 22:48:13.746579, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
  852. pdb_set_username: setting username nobody, was
  853. [2017/04/25 22:48:13.746597, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
  854. pdb_set_full_name: setting full name nobody, was
  855. [2017/04/25 22:48:13.746614, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
  856. pdb_set_domain: setting domain FS2, was
  857. [2017/04/25 22:48:13.746632, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
  858. pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
  859. [2017/04/25 22:48:13.746662, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
  860. pdb_set_user_sid_from_rid:
  861. setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
  862. [2017/04/25 22:48:13.746688, 3, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:2947(_samr_QueryUserInfo)
  863. User:[nobody]
  864. [2017/04/25 22:48:13.746732, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1278(gid_to_sid)
  865. gid_to_sid: winbind failed to find a sid for gid 65534
  866. [2017/04/25 22:48:13.746771, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  867. failed to unpack map
  868. [2017/04/25 22:48:13.746802, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  869. failed to unpack map
  870. [2017/04/25 22:48:13.746859, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1141(legacy_gid_to_sid)
  871. LEGACY: gid 65534 -> sid S-1-22-2-65534
  872. [2017/04/25 22:48:13.746894, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  873. failed to unpack map
  874. [2017/04/25 22:48:13.746924, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/groupdb/mapping_tdb.c:270(find_map)
  875. failed to unpack map
  876. [2017/04/25 22:48:13.746975, 3, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:1631(get_primary_group_sid)
  877. Forcing Primary Group to 'Domain Users' for nobody
  878. [2017/04/25 22:48:13.747021, 5, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/samr/srv_samr_nt.c:3025(_samr_QueryUserInfo)
  879. _samr_QueryUserInfo: 3025
  880. [2017/04/25 22:48:13.747039, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  881. samr_QueryUserInfo: struct samr_QueryUserInfo
  882. out: struct samr_QueryUserInfo
  883. info : *
  884. info : *
  885. info : union samr_UserInfo(case 21)
  886. info21: struct samr_UserInfo21
  887. last_logon : NTTIME(0)
  888. last_logoff : Di Jan 19 04:14:07 2038 CET
  889. last_password_change : NTTIME(0)
  890. acct_expiry : Di Jan 19 04:14:07 2038 CET
  891. allow_password_change : NTTIME(0)
  892. force_password_change : NTTIME(0)
  893. account_name: struct lsa_String
  894. length : 0x000c (12)
  895. size : 0x000c (12)
  896. string : *
  897. string : 'nobody'
  898. full_name: struct lsa_String
  899. length : 0x000c (12)
  900. size : 0x000c (12)
  901. string : *
  902. string : 'nobody'
  903. home_directory: struct lsa_String
  904. length : 0x0000 (0)
  905. size : 0x0000 (0)
  906. string : *
  907. string : ''
  908. home_drive: struct lsa_String
  909. length : 0x0000 (0)
  910. size : 0x0000 (0)
  911. string : NULL
  912. logon_script: struct lsa_String
  913. length : 0x0000 (0)
  914. size : 0x0000 (0)
  915. string : *
  916. string : ''
  917. profile_path: struct lsa_String
  918. length : 0x0000 (0)
  919. size : 0x0000 (0)
  920. string : *
  921. string : ''
  922. description: struct lsa_String
  923. length : 0x0000 (0)
  924. size : 0x0000 (0)
  925. string : *
  926. string : ''
  927. workstations: struct lsa_String
  928. length : 0x0000 (0)
  929. size : 0x0000 (0)
  930. string : *
  931. string : ''
  932. comment: struct lsa_String
  933. length : 0x0000 (0)
  934. size : 0x0000 (0)
  935. string : *
  936. string : ''
  937. parameters: struct lsa_BinaryString
  938. length : 0x0000 (0)
  939. size : 0x0000 (0)
  940. array : *
  941. array: ARRAY(0)
  942. lm_owf_password: struct lsa_BinaryString
  943. length : 0x0000 (0)
  944. size : 0x0000 (0)
  945. array : NULL
  946. nt_owf_password: struct lsa_BinaryString
  947. length : 0x0000 (0)
  948. size : 0x0000 (0)
  949. array : NULL
  950. private_data: struct lsa_String
  951. length : 0x0000 (0)
  952. size : 0x0000 (0)
  953. string : NULL
  954. buf_count : 0x00000000 (0)
  955. buffer : NULL
  956. rid : 0x000001f5 (501)
  957. primary_gid : 0x00000201 (513)
  958. acct_flags : 0x00000010 (16)
  959. 0: ACB_DISABLED
  960. 0: ACB_HOMDIRREQ
  961. 0: ACB_PWNOTREQ
  962. 0: ACB_TEMPDUP
  963. 1: ACB_NORMAL
  964. 0: ACB_MNS
  965. 0: ACB_DOMTRUST
  966. 0: ACB_WSTRUST
  967. 0: ACB_SVRTRUST
  968. 0: ACB_PWNOEXP
  969. 0: ACB_AUTOLOCK
  970. 0: ACB_ENC_TXT_PWD_ALLOWED
  971. 0: ACB_SMARTCARD_REQUIRED
  972. 0: ACB_TRUSTED_FOR_DELEGATION
  973. 0: ACB_NOT_DELEGATED
  974. 0: ACB_USE_DES_KEY_ONLY
  975. 0: ACB_DONT_REQUIRE_PREAUTH
  976. 0: ACB_PW_EXPIRED
  977. 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
  978. 0: ACB_NO_AUTH_DATA_REQD
  979. 0: ACB_PARTIAL_SECRETS_ACCOUNT
  980. 0: ACB_USE_AES_KEYS
  981. fields_present : 0x00ffffff (16777215)
  982. 1: SAMR_FIELD_ACCOUNT_NAME
  983. 1: SAMR_FIELD_FULL_NAME
  984. 1: SAMR_FIELD_RID
  985. 1: SAMR_FIELD_PRIMARY_GID
  986. 1: SAMR_FIELD_DESCRIPTION
  987. 1: SAMR_FIELD_COMMENT
  988. 1: SAMR_FIELD_HOME_DIRECTORY
  989. 1: SAMR_FIELD_HOME_DRIVE
  990. 1: SAMR_FIELD_LOGON_SCRIPT
  991. 1: SAMR_FIELD_PROFILE_PATH
  992. 1: SAMR_FIELD_WORKSTATIONS
  993. 1: SAMR_FIELD_LAST_LOGON
  994. 1: SAMR_FIELD_LAST_LOGOFF
  995. 1: SAMR_FIELD_LOGON_HOURS
  996. 1: SAMR_FIELD_BAD_PWD_COUNT
  997. 1: SAMR_FIELD_NUM_LOGONS
  998. 1: SAMR_FIELD_ALLOW_PWD_CHANGE
  999. 1: SAMR_FIELD_FORCE_PWD_CHANGE
  1000. 1: SAMR_FIELD_LAST_PWD_CHANGE
  1001. 1: SAMR_FIELD_ACCT_EXPIRY
  1002. 1: SAMR_FIELD_ACCT_FLAGS
  1003. 1: SAMR_FIELD_PARAMETERS
  1004. 1: SAMR_FIELD_COUNTRY_CODE
  1005. 1: SAMR_FIELD_CODE_PAGE
  1006. 0: SAMR_FIELD_NT_PASSWORD_PRESENT
  1007. 0: SAMR_FIELD_LM_PASSWORD_PRESENT
  1008. 0: SAMR_FIELD_PRIVATE_DATA
  1009. 0: SAMR_FIELD_EXPIRED_FLAG
  1010. 0: SAMR_FIELD_SEC_DESC
  1011. 0: SAMR_FIELD_OWF_PWD
  1012. logon_hours: struct samr_LogonHours
  1013. units_per_week : 0x00a8 (168)
  1014. bits : *
  1015. bits : ffffffffffffffffffffffffffffffffffffffffff
  1016. bad_password_count : 0x0000 (0)
  1017. logon_count : 0x0000 (0)
  1018. country_code : 0x0000 (0)
  1019. code_page : 0x0000 (0)
  1020. lm_password_set : 0x00 (0)
  1021. nt_password_set : 0x00 (0)
  1022. password_expired : 0x01 (1)
  1023. private_data_sensitive : 0x00 (0)
  1024. result : NT_STATUS_OK
  1025. [2017/04/25 22:48:13.748492, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1026. samr_Close: struct samr_Close
  1027. in: struct samr_Close
  1028. handle : *
  1029. handle: struct policy_handle
  1030. handle_type : 0x00000000 (0)
  1031. uuid : 00000008-0000-0000-ff58-0db6780e0000
  1032. [2017/04/25 22:48:13.748548, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1033. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1034. [0010] 78 0E 00 00 x...
  1035. [2017/04/25 22:48:13.748597, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1036. Closed policy
  1037. [2017/04/25 22:48:13.748615, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1038. samr_Close: struct samr_Close
  1039. out: struct samr_Close
  1040. handle : *
  1041. handle: struct policy_handle
  1042. handle_type : 0x00000000 (0)
  1043. uuid : 00000000-0000-0000-0000-000000000000
  1044. result : NT_STATUS_OK
  1045. [2017/04/25 22:48:13.748713, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1046. samr_Close: struct samr_Close
  1047. in: struct samr_Close
  1048. handle : *
  1049. handle: struct policy_handle
  1050. handle_type : 0x00000000 (0)
  1051. uuid : 00000007-0000-0000-ff58-0db6780e0000
  1052. [2017/04/25 22:48:13.748773, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1053. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1054. [0010] 78 0E 00 00 x...
  1055. [2017/04/25 22:48:13.748816, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1056. Closed policy
  1057. [2017/04/25 22:48:13.748833, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1058. samr_Close: struct samr_Close
  1059. out: struct samr_Close
  1060. handle : *
  1061. handle: struct policy_handle
  1062. handle_type : 0x00000000 (0)
  1063. uuid : 00000000-0000-0000-0000-000000000000
  1064. result : NT_STATUS_OK
  1065. [2017/04/25 22:48:13.748902, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  1066. Deleted handle list for RPC connection samr
  1067. [2017/04/25 22:48:13.748933, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1068. refresh_sequence_number: FS2 time ok
  1069. [2017/04/25 22:48:13.748962, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1070. refresh_sequence_number: FS2 seq number is now 1493153293
  1071. [2017/04/25 22:48:13.749007, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1022(wcache_save_user)
  1072. wcache_save_user: S-1-5-21-2215787217-3459875347-284659480-501 (acct_name nobody)
  1073. [2017/04/25 22:48:13.749025, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1074. wbint_QueryUser: struct wbint_QueryUser
  1075. out: struct wbint_QueryUser
  1076. info : *
  1077. info: struct wbint_userinfo
  1078. acct_name : *
  1079. acct_name : 'nobody'
  1080. full_name : *
  1081. full_name : 'nobody'
  1082. homedir : NULL
  1083. shell : NULL
  1084. primary_gid : 0x00000000ffffffff (4294967295)
  1085. user_sid : S-1-5-21-2215787217-3459875347-284659480-501
  1086. group_sid : S-1-5-21-2215787217-3459875347-284659480-513
  1087. result : NT_STATUS_OK
  1088. [2017/04/25 22:48:13.749149, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1089. Finished processing child request 59
  1090. [2017/04/25 22:48:13.749168, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1091. Writing 3620 bytes to parent
  1092. [2017/04/25 22:48:13.752100, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1093. Need to read 36 extra bytes
  1094. [2017/04/25 22:48:13.752133, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1095. child daemon request 59
  1096. [2017/04/25 22:48:13.752154, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1097. child_process_request: request fn NDRCMD
  1098. [2017/04/25 22:48:13.752172, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1099. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
  1100. [2017/04/25 22:48:13.752204, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1101. wbint_LookupRids: struct wbint_LookupRids
  1102. in: struct wbint_LookupRids
  1103. domain_sid : *
  1104. domain_sid : S-1-5-21-2215787217-3459875347-284659480
  1105. rids : *
  1106. rids: struct wbint_RidArray
  1107. num_rids : 0x00000001 (1)
  1108. rids: ARRAY(1)
  1109. rids : 0x000001f5 (501)
  1110. [2017/04/25 22:48:13.752297, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
  1111. sam_rids_to_names for FS2
  1112. [2017/04/25 22:48:13.752334, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  1113. Create pipe requested lsarpc
  1114. [2017/04/25 22:48:13.752354, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  1115. init_pipe_handle_list: created handle list for pipe lsarpc
  1116. [2017/04/25 22:48:13.752372, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  1117. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  1118. [2017/04/25 22:48:13.752409, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  1119. Created internal pipe lsarpc
  1120. [2017/04/25 22:48:13.752452, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1121. lsa_OpenPolicy: struct lsa_OpenPolicy
  1122. in: struct lsa_OpenPolicy
  1123. system_name : *
  1124. system_name : 0x005c (92)
  1125. attr : *
  1126. attr: struct lsa_ObjectAttribute
  1127. len : 0x00000018 (24)
  1128. root_dir : NULL
  1129. object_name : NULL
  1130. attributes : 0x00000000 (0)
  1131. sec_desc : NULL
  1132. sec_qos : *
  1133. sec_qos: struct lsa_QosInfo
  1134. len : 0x0000000c (12)
  1135. impersonation_level : 0x0002 (2)
  1136. context_mode : 0x01 (1)
  1137. effective_only : 0x00 (0)
  1138. access_mask : 0x02000000 (33554432)
  1139. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  1140. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  1141. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  1142. 0: LSA_POLICY_TRUST_ADMIN
  1143. 0: LSA_POLICY_CREATE_ACCOUNT
  1144. 0: LSA_POLICY_CREATE_SECRET
  1145. 0: LSA_POLICY_CREATE_PRIVILEGE
  1146. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  1147. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  1148. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  1149. 0: LSA_POLICY_SERVER_ADMIN
  1150. 0: LSA_POLICY_LOOKUP_NAMES
  1151. 0: LSA_POLICY_NOTIFICATION
  1152. [2017/04/25 22:48:13.752744, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  1153. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  1154. [2017/04/25 22:48:13.752766, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  1155. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  1156. but overritten by euid == initial uid
  1157. [2017/04/25 22:48:13.752788, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  1158. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  1159. [2017/04/25 22:48:13.752808, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  1160. Opened policy hnd[1] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1161. [0010] 78 0E 00 00 x...
  1162. [2017/04/25 22:48:13.752855, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1163. lsa_OpenPolicy: struct lsa_OpenPolicy
  1164. out: struct lsa_OpenPolicy
  1165. handle : *
  1166. handle: struct policy_handle
  1167. handle_type : 0x00000000 (0)
  1168. uuid : 00000009-0000-0000-ff58-0db6780e0000
  1169. result : NT_STATUS_OK
  1170. [2017/04/25 22:48:13.752928, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
  1171. rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
  1172. [2017/04/25 22:48:13.752978, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1173. lsa_LookupSids: struct lsa_LookupSids
  1174. in: struct lsa_LookupSids
  1175. handle : *
  1176. handle: struct policy_handle
  1177. handle_type : 0x00000000 (0)
  1178. uuid : 00000009-0000-0000-ff58-0db6780e0000
  1179. sids : *
  1180. sids: struct lsa_SidArray
  1181. num_sids : 0x00000001 (1)
  1182. sids : *
  1183. sids: ARRAY(1)
  1184. sids: struct lsa_SidPtr
  1185. sid : *
  1186. sid : S-1-5-21-2215787217-3459875347-284659480-501
  1187. names : *
  1188. names: struct lsa_TransNameArray
  1189. count : 0x00000000 (0)
  1190. names : NULL
  1191. level : LSA_LOOKUP_NAMES_ALL (1)
  1192. count : *
  1193. count : 0x00000000 (0)
  1194. [2017/04/25 22:48:13.753153, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1195. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1196. [0010] 78 0E 00 00 x...
  1197. [2017/04/25 22:48:13.754901, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
  1198. Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
  1199. [2017/04/25 22:48:13.755638, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
  1200. lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
  1201. [2017/04/25 22:48:13.755679, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
  1202. lookup_global_sam_rid: looking up RID 501.
  1203. [2017/04/25 22:48:13.755702, 6, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:414(pdb_getsampwsid)
  1204. pdb_getsampwsid: Building guest account
  1205. [2017/04/25 22:48:13.755720, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
  1206. Finding user nobody
  1207. [2017/04/25 22:48:13.755738, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
  1208. Trying _Get_Pwnam(), username as lowercase is nobody
  1209. [2017/04/25 22:48:13.755806, 5, pid=3704, effective(0, 0), real(0, 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
  1210. Get_Pwnam_internals did find user [nobody]!
  1211. [2017/04/25 22:48:13.755825, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:570(pdb_set_username)
  1212. pdb_set_username: setting username nobody, was
  1213. [2017/04/25 22:48:13.755845, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:639(pdb_set_fullname)
  1214. pdb_set_full_name: setting full name nobody, was
  1215. [2017/04/25 22:48:13.755864, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:593(pdb_set_domain)
  1216. pdb_set_domain: setting domain FS2, was
  1217. [2017/04/25 22:48:13.755884, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_get_set.c:495(pdb_set_user_sid)
  1218. pdb_set_user_sid: setting user sid S-1-5-21-2215787217-3459875347-284659480-501
  1219. [2017/04/25 22:48:13.755905, 10, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid)
  1220. pdb_set_user_sid_from_rid:
  1221. setting user sid S-1-5-21-2215787217-3459875347-284659480-501 from rid 501
  1222. [2017/04/25 22:48:13.755934, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
  1223. lookup_rids: nobody:1
  1224. [2017/04/25 22:48:13.755955, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
  1225. num_sids 1, mapped_count 1, status NT_STATUS_OK
  1226. [2017/04/25 22:48:13.755975, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1227. lsa_LookupSids: struct lsa_LookupSids
  1228. out: struct lsa_LookupSids
  1229. domains : *
  1230. domains : *
  1231. domains: struct lsa_RefDomainList
  1232. count : 0x00000001 (1)
  1233. domains : *
  1234. domains: ARRAY(1)
  1235. domains: struct lsa_DomainInfo
  1236. name: struct lsa_StringLarge
  1237. length : 0x0006 (6)
  1238. size : 0x0008 (8)
  1239. string : *
  1240. string : 'FS2'
  1241. sid : *
  1242. sid : S-1-5-21-2215787217-3459875347-284659480
  1243. max_size : 0x00000020 (32)
  1244. names : *
  1245. names: struct lsa_TransNameArray
  1246. count : 0x00000001 (1)
  1247. names : *
  1248. names: ARRAY(1)
  1249. names: struct lsa_TranslatedName
  1250. sid_type : SID_NAME_USER (1)
  1251. name: struct lsa_String
  1252. length : 0x000c (12)
  1253. size : 0x000c (12)
  1254. string : *
  1255. string : 'nobody'
  1256. sid_index : 0x00000000 (0)
  1257. count : *
  1258. count : 0x00000001 (1)
  1259. result : NT_STATUS_OK
  1260. [2017/04/25 22:48:13.757623, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
  1261. LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
  1262. [2017/04/25 22:48:13.757676, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1263. lsa_Close: struct lsa_Close
  1264. in: struct lsa_Close
  1265. handle : *
  1266. handle: struct policy_handle
  1267. handle_type : 0x00000000 (0)
  1268. uuid : 00000009-0000-0000-ff58-0db6780e0000
  1269. [2017/04/25 22:48:13.757733, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1270. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1271. [0010] 78 0E 00 00 x...
  1272. [2017/04/25 22:48:13.757779, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1273. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1274. [0010] 78 0E 00 00 x...
  1275. [2017/04/25 22:48:13.757821, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1276. Closed policy
  1277. [2017/04/25 22:48:13.757838, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1278. lsa_Close: struct lsa_Close
  1279. out: struct lsa_Close
  1280. handle : *
  1281. handle: struct policy_handle
  1282. handle_type : 0x00000000 (0)
  1283. uuid : 00000000-0000-0000-0000-000000000000
  1284. result : NT_STATUS_OK
  1285. [2017/04/25 22:48:13.757909, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  1286. Deleted handle list for RPC connection lsarpc
  1287. [2017/04/25 22:48:13.757944, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1288. refresh_sequence_number: FS2 time ok
  1289. [2017/04/25 22:48:13.757975, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1290. refresh_sequence_number: FS2 seq number is now 1493153293
  1291. [2017/04/25 22:48:13.758026, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  1292. wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-501 -> FS2\nobody (NT_STATUS_OK)
  1293. [2017/04/25 22:48:13.758047, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1294. wbint_LookupRids: struct wbint_LookupRids
  1295. out: struct wbint_LookupRids
  1296. domain_name : *
  1297. domain_name : *
  1298. domain_name : 'FS2'
  1299. names : *
  1300. names: struct wbint_Principals
  1301. num_principals : 1
  1302. principals: ARRAY(1)
  1303. principals: struct wbint_Principal
  1304. sid : S-1-5-21-2215787217-3459875347-284659480-501
  1305. type : SID_NAME_USER (1)
  1306. name : *
  1307. name : 'nobody'
  1308. result : NT_STATUS_OK
  1309. [2017/04/25 22:48:13.758176, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1310. Finished processing child request 59
  1311. [2017/04/25 22:48:13.758195, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1312. Writing 3584 bytes to parent
  1313. [2017/04/25 22:48:13.759986, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1314. Need to read 28 extra bytes
  1315. [2017/04/25 22:48:13.760021, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1316. child daemon request 59
  1317. [2017/04/25 22:48:13.760041, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1318. child_process_request: request fn NDRCMD
  1319. [2017/04/25 22:48:13.760058, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1320. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPSID (FS2)
  1321. [2017/04/25 22:48:13.760080, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1322. wbint_LookupSid: struct wbint_LookupSid
  1323. in: struct wbint_LookupSid
  1324. sid : *
  1325. sid : S-1-5-21-2215787217-3459875347-284659480-513
  1326. [2017/04/25 22:48:13.760129, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1987(sid_to_name)
  1327. sid_to_name: [Cached] - doing backend query for name for domain FS2
  1328. [2017/04/25 22:48:13.760148, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:609(sam_sid_to_name)
  1329. sam_sid_to_name
  1330. [2017/04/25 22:48:13.760199, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  1331. Create pipe requested lsarpc
  1332. [2017/04/25 22:48:13.760222, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  1333. init_pipe_handle_list: created handle list for pipe lsarpc
  1334. [2017/04/25 22:48:13.760240, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  1335. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  1336. [2017/04/25 22:48:13.760293, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  1337. Created internal pipe lsarpc
  1338. [2017/04/25 22:48:13.760350, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1339. lsa_OpenPolicy: struct lsa_OpenPolicy
  1340. in: struct lsa_OpenPolicy
  1341. system_name : *
  1342. system_name : 0x005c (92)
  1343. attr : *
  1344. attr: struct lsa_ObjectAttribute
  1345. len : 0x00000018 (24)
  1346. root_dir : NULL
  1347. object_name : NULL
  1348. attributes : 0x00000000 (0)
  1349. sec_desc : NULL
  1350. sec_qos : *
  1351. sec_qos: struct lsa_QosInfo
  1352. len : 0x0000000c (12)
  1353. impersonation_level : 0x0002 (2)
  1354. context_mode : 0x01 (1)
  1355. effective_only : 0x00 (0)
  1356. access_mask : 0x02000000 (33554432)
  1357. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  1358. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  1359. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  1360. 0: LSA_POLICY_TRUST_ADMIN
  1361. 0: LSA_POLICY_CREATE_ACCOUNT
  1362. 0: LSA_POLICY_CREATE_SECRET
  1363. 0: LSA_POLICY_CREATE_PRIVILEGE
  1364. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  1365. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  1366. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  1367. 0: LSA_POLICY_SERVER_ADMIN
  1368. 0: LSA_POLICY_LOOKUP_NAMES
  1369. 0: LSA_POLICY_NOTIFICATION
  1370. [2017/04/25 22:48:13.760570, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  1371. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  1372. [2017/04/25 22:48:13.760599, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  1373. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  1374. but overritten by euid == initial uid
  1375. [2017/04/25 22:48:13.760624, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  1376. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  1377. [2017/04/25 22:48:13.760646, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  1378. Opened policy hnd[1] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1379. [0010] 78 0E 00 00 x...
  1380. [2017/04/25 22:48:13.760708, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1381. lsa_OpenPolicy: struct lsa_OpenPolicy
  1382. out: struct lsa_OpenPolicy
  1383. handle : *
  1384. handle: struct policy_handle
  1385. handle_type : 0x00000000 (0)
  1386. uuid : 0000000a-0000-0000-ff58-0db6780e0000
  1387. result : NT_STATUS_OK
  1388. [2017/04/25 22:48:13.760786, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
  1389. rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
  1390. [2017/04/25 22:48:13.760823, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1391. lsa_LookupSids: struct lsa_LookupSids
  1392. in: struct lsa_LookupSids
  1393. handle : *
  1394. handle: struct policy_handle
  1395. handle_type : 0x00000000 (0)
  1396. uuid : 0000000a-0000-0000-ff58-0db6780e0000
  1397. sids : *
  1398. sids: struct lsa_SidArray
  1399. num_sids : 0x00000001 (1)
  1400. sids : *
  1401. sids: ARRAY(1)
  1402. sids: struct lsa_SidPtr
  1403. sid : *
  1404. sid : S-1-5-21-2215787217-3459875347-284659480-513
  1405. names : *
  1406. names: struct lsa_TransNameArray
  1407. count : 0x00000000 (0)
  1408. names : NULL
  1409. level : LSA_LOOKUP_NAMES_ALL (1)
  1410. count : *
  1411. count : 0x00000000 (0)
  1412. [2017/04/25 22:48:13.760993, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1413. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1414. [0010] 78 0E 00 00 x...
  1415. [2017/04/25 22:48:13.761043, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
  1416. Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
  1417. [2017/04/25 22:48:13.761064, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
  1418. lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
  1419. [2017/04/25 22:48:13.761087, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
  1420. lookup_global_sam_rid: looking up RID 513.
  1421. [2017/04/25 22:48:13.761129, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  1422. pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
  1423. [2017/04/25 22:48:13.761162, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
  1424. lookup_rids: None:2
  1425. [2017/04/25 22:48:13.761182, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
  1426. num_sids 1, mapped_count 1, status NT_STATUS_OK
  1427. [2017/04/25 22:48:13.761200, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1428. lsa_LookupSids: struct lsa_LookupSids
  1429. out: struct lsa_LookupSids
  1430. domains : *
  1431. domains : *
  1432. domains: struct lsa_RefDomainList
  1433. count : 0x00000001 (1)
  1434. domains : *
  1435. domains: ARRAY(1)
  1436. domains: struct lsa_DomainInfo
  1437. name: struct lsa_StringLarge
  1438. length : 0x0006 (6)
  1439. size : 0x0008 (8)
  1440. string : *
  1441. string : 'FS2'
  1442. sid : *
  1443. sid : S-1-5-21-2215787217-3459875347-284659480
  1444. max_size : 0x00000020 (32)
  1445. names : *
  1446. names: struct lsa_TransNameArray
  1447. count : 0x00000001 (1)
  1448. names : *
  1449. names: ARRAY(1)
  1450. names: struct lsa_TranslatedName
  1451. sid_type : SID_NAME_DOM_GRP (2)
  1452. name: struct lsa_String
  1453. length : 0x0008 (8)
  1454. size : 0x0008 (8)
  1455. string : *
  1456. string : 'None'
  1457. sid_index : 0x00000000 (0)
  1458. count : *
  1459. count : 0x00000001 (1)
  1460. result : NT_STATUS_OK
  1461. [2017/04/25 22:48:13.761494, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
  1462. LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
  1463. [2017/04/25 22:48:13.761523, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1464. lsa_Close: struct lsa_Close
  1465. in: struct lsa_Close
  1466. handle : *
  1467. handle: struct policy_handle
  1468. handle_type : 0x00000000 (0)
  1469. uuid : 0000000a-0000-0000-ff58-0db6780e0000
  1470. [2017/04/25 22:48:13.761577, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1471. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1472. [0010] 78 0E 00 00 x...
  1473. [2017/04/25 22:48:13.761623, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1474. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1475. [0010] 78 0E 00 00 x...
  1476. [2017/04/25 22:48:13.761682, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1477. Closed policy
  1478. [2017/04/25 22:48:13.761699, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1479. lsa_Close: struct lsa_Close
  1480. out: struct lsa_Close
  1481. handle : *
  1482. handle: struct policy_handle
  1483. handle_type : 0x00000000 (0)
  1484. uuid : 00000000-0000-0000-0000-000000000000
  1485. result : NT_STATUS_OK
  1486. [2017/04/25 22:48:13.761768, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  1487. Deleted handle list for RPC connection lsarpc
  1488. [2017/04/25 22:48:13.761792, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1489. refresh_sequence_number: FS2 time ok
  1490. [2017/04/25 22:48:13.761810, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1491. refresh_sequence_number: FS2 seq number is now 1493153293
  1492. [2017/04/25 22:48:13.761858, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  1493. wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-513 -> FS2\None (NT_STATUS_OK)
  1494. [2017/04/25 22:48:13.761876, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1495. wbint_LookupSid: struct wbint_LookupSid
  1496. out: struct wbint_LookupSid
  1497. type : *
  1498. type : SID_NAME_DOM_GRP (2)
  1499. domain : *
  1500. domain : *
  1501. domain : 'FS2'
  1502. name : *
  1503. name : *
  1504. name : 'None'
  1505. result : NT_STATUS_OK
  1506. [2017/04/25 22:48:13.761967, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1507. Finished processing child request 59
  1508. [2017/04/25 22:48:13.761984, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1509. Writing 3548 bytes to parent
  1510. [2017/04/25 22:48:13.762416, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1511. Need to read 36 extra bytes
  1512. [2017/04/25 22:48:13.762445, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1513. child daemon request 59
  1514. [2017/04/25 22:48:13.762464, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1515. child_process_request: request fn NDRCMD
  1516. [2017/04/25 22:48:13.762481, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1517. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
  1518. [2017/04/25 22:48:13.762502, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1519. wbint_LookupRids: struct wbint_LookupRids
  1520. in: struct wbint_LookupRids
  1521. domain_sid : *
  1522. domain_sid : S-1-5-21-2215787217-3459875347-284659480
  1523. rids : *
  1524. rids: struct wbint_RidArray
  1525. num_rids : 0x00000001 (1)
  1526. rids: ARRAY(1)
  1527. rids : 0x00000201 (513)
  1528. [2017/04/25 22:48:13.762581, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
  1529. sam_rids_to_names for FS2
  1530. [2017/04/25 22:48:13.762612, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  1531. Create pipe requested lsarpc
  1532. [2017/04/25 22:48:13.762632, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  1533. init_pipe_handle_list: created handle list for pipe lsarpc
  1534. [2017/04/25 22:48:13.762661, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  1535. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  1536. [2017/04/25 22:48:13.762698, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  1537. Created internal pipe lsarpc
  1538. [2017/04/25 22:48:13.762728, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1539. lsa_OpenPolicy: struct lsa_OpenPolicy
  1540. in: struct lsa_OpenPolicy
  1541. system_name : *
  1542. system_name : 0x005c (92)
  1543. attr : *
  1544. attr: struct lsa_ObjectAttribute
  1545. len : 0x00000018 (24)
  1546. root_dir : NULL
  1547. object_name : NULL
  1548. attributes : 0x00000000 (0)
  1549. sec_desc : NULL
  1550. sec_qos : *
  1551. sec_qos: struct lsa_QosInfo
  1552. len : 0x0000000c (12)
  1553. impersonation_level : 0x0002 (2)
  1554. context_mode : 0x01 (1)
  1555. effective_only : 0x00 (0)
  1556. access_mask : 0x02000000 (33554432)
  1557. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  1558. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  1559. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  1560. 0: LSA_POLICY_TRUST_ADMIN
  1561. 0: LSA_POLICY_CREATE_ACCOUNT
  1562. 0: LSA_POLICY_CREATE_SECRET
  1563. 0: LSA_POLICY_CREATE_PRIVILEGE
  1564. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  1565. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  1566. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  1567. 0: LSA_POLICY_SERVER_ADMIN
  1568. 0: LSA_POLICY_LOOKUP_NAMES
  1569. 0: LSA_POLICY_NOTIFICATION
  1570. [2017/04/25 22:48:13.762955, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  1571. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  1572. [2017/04/25 22:48:13.762977, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  1573. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  1574. but overritten by euid == initial uid
  1575. [2017/04/25 22:48:13.763000, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  1576. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  1577. [2017/04/25 22:48:13.763020, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  1578. Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1579. [0010] 78 0E 00 00 x...
  1580. [2017/04/25 22:48:13.763068, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1581. lsa_OpenPolicy: struct lsa_OpenPolicy
  1582. out: struct lsa_OpenPolicy
  1583. handle : *
  1584. handle: struct policy_handle
  1585. handle_type : 0x00000000 (0)
  1586. uuid : 0000000b-0000-0000-ff58-0db6780e0000
  1587. result : NT_STATUS_OK
  1588. [2017/04/25 22:48:13.763139, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
  1589. rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
  1590. [2017/04/25 22:48:13.763169, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1591. lsa_LookupSids: struct lsa_LookupSids
  1592. in: struct lsa_LookupSids
  1593. handle : *
  1594. handle: struct policy_handle
  1595. handle_type : 0x00000000 (0)
  1596. uuid : 0000000b-0000-0000-ff58-0db6780e0000
  1597. sids : *
  1598. sids: struct lsa_SidArray
  1599. num_sids : 0x00000001 (1)
  1600. sids : *
  1601. sids: ARRAY(1)
  1602. sids: struct lsa_SidPtr
  1603. sid : *
  1604. sid : S-1-5-21-2215787217-3459875347-284659480-513
  1605. names : *
  1606. names: struct lsa_TransNameArray
  1607. count : 0x00000000 (0)
  1608. names : NULL
  1609. level : LSA_LOOKUP_NAMES_ALL (1)
  1610. count : *
  1611. count : 0x00000000 (0)
  1612. [2017/04/25 22:48:13.763326, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1613. Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1614. [0010] 78 0E 00 00 x...
  1615. [2017/04/25 22:48:13.763374, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
  1616. Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
  1617. [2017/04/25 22:48:13.763395, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
  1618. lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
  1619. [2017/04/25 22:48:13.763417, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
  1620. lookup_global_sam_rid: looking up RID 513.
  1621. [2017/04/25 22:48:13.763443, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  1622. pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
  1623. [2017/04/25 22:48:13.763487, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1883(pdb_default_lookup_rids)
  1624. lookup_rids: None:2
  1625. [2017/04/25 22:48:13.763508, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
  1626. num_sids 1, mapped_count 1, status NT_STATUS_OK
  1627. [2017/04/25 22:48:13.763529, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1628. lsa_LookupSids: struct lsa_LookupSids
  1629. out: struct lsa_LookupSids
  1630. domains : *
  1631. domains : *
  1632. domains: struct lsa_RefDomainList
  1633. count : 0x00000001 (1)
  1634. domains : *
  1635. domains: ARRAY(1)
  1636. domains: struct lsa_DomainInfo
  1637. name: struct lsa_StringLarge
  1638. length : 0x0006 (6)
  1639. size : 0x0008 (8)
  1640. string : *
  1641. string : 'FS2'
  1642. sid : *
  1643. sid : S-1-5-21-2215787217-3459875347-284659480
  1644. max_size : 0x00000020 (32)
  1645. names : *
  1646. names: struct lsa_TransNameArray
  1647. count : 0x00000001 (1)
  1648. names : *
  1649. names: ARRAY(1)
  1650. names: struct lsa_TranslatedName
  1651. sid_type : SID_NAME_DOM_GRP (2)
  1652. name: struct lsa_String
  1653. length : 0x0008 (8)
  1654. size : 0x0008 (8)
  1655. string : *
  1656. string : 'None'
  1657. sid_index : 0x00000000 (0)
  1658. count : *
  1659. count : 0x00000001 (1)
  1660. result : NT_STATUS_OK
  1661. [2017/04/25 22:48:13.763819, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
  1662. LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_OK', mapped count = 1'
  1663. [2017/04/25 22:48:13.763849, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1664. lsa_Close: struct lsa_Close
  1665. in: struct lsa_Close
  1666. handle : *
  1667. handle: struct policy_handle
  1668. handle_type : 0x00000000 (0)
  1669. uuid : 0000000b-0000-0000-ff58-0db6780e0000
  1670. [2017/04/25 22:48:13.763903, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1671. Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1672. [0010] 78 0E 00 00 x...
  1673. [2017/04/25 22:48:13.763949, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1674. Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1675. [0010] 78 0E 00 00 x...
  1676. [2017/04/25 22:48:13.763994, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1677. Closed policy
  1678. [2017/04/25 22:48:13.764022, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1679. lsa_Close: struct lsa_Close
  1680. out: struct lsa_Close
  1681. handle : *
  1682. handle: struct policy_handle
  1683. handle_type : 0x00000000 (0)
  1684. uuid : 00000000-0000-0000-0000-000000000000
  1685. result : NT_STATUS_OK
  1686. [2017/04/25 22:48:13.764091, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  1687. Deleted handle list for RPC connection lsarpc
  1688. [2017/04/25 22:48:13.764115, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1689. refresh_sequence_number: FS2 time ok
  1690. [2017/04/25 22:48:13.764133, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1691. refresh_sequence_number: FS2 seq number is now 1493153293
  1692. [2017/04/25 22:48:13.764163, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  1693. wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-513 -> FS2\None (NT_STATUS_OK)
  1694. [2017/04/25 22:48:13.764194, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1695. wbint_LookupRids: struct wbint_LookupRids
  1696. out: struct wbint_LookupRids
  1697. domain_name : *
  1698. domain_name : *
  1699. domain_name : 'FS2'
  1700. names : *
  1701. names: struct wbint_Principals
  1702. num_principals : 1
  1703. principals: ARRAY(1)
  1704. principals: struct wbint_Principal
  1705. sid : S-1-5-21-2215787217-3459875347-284659480-513
  1706. type : SID_NAME_DOM_GRP (2)
  1707. name : *
  1708. name : 'None'
  1709. result : NT_STATUS_OK
  1710. [2017/04/25 22:48:13.764315, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1711. Finished processing child request 59
  1712. [2017/04/25 22:48:13.764334, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1713. Writing 3584 bytes to parent
  1714. [2017/04/25 22:48:13.774354, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:68(child_read_request)
  1715. Need to read 36 extra bytes
  1716. [2017/04/25 22:48:13.774391, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1387(child_handler)
  1717. child daemon request 59
  1718. [2017/04/25 22:48:13.774412, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:510(child_process_request)
  1719. child_process_request: request fn NDRCMD
  1720. [2017/04/25 22:48:13.774431, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_ndr.c:315(winbindd_dual_ndrcmd)
  1721. winbindd_dual_ndrcmd: Running command WBINT_LOOKUPRIDS (FS2)
  1722. [2017/04/25 22:48:13.774461, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1723. wbint_LookupRids: struct wbint_LookupRids
  1724. in: struct wbint_LookupRids
  1725. domain_sid : *
  1726. domain_sid : S-1-5-21-2215787217-3459875347-284659480
  1727. rids : *
  1728. rids: struct wbint_RidArray
  1729. num_rids : 0x00000001 (1)
  1730. rids: ARRAY(1)
  1731. rids : 0x00000202 (514)
  1732. [2017/04/25 22:48:13.774551, 3, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:688(sam_rids_to_names)
  1733. sam_rids_to_names for FS2
  1734. [2017/04/25 22:48:13.774628, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
  1735. Create pipe requested lsarpc
  1736. [2017/04/25 22:48:13.774651, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:223(init_pipe_handles)
  1737. init_pipe_handle_list: created handle list for pipe lsarpc
  1738. [2017/04/25 22:48:13.774671, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:240(init_pipe_handles)
  1739. init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
  1740. [2017/04/25 22:48:13.774733, 4, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
  1741. Created internal pipe lsarpc
  1742. [2017/04/25 22:48:13.774782, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1743. lsa_OpenPolicy: struct lsa_OpenPolicy
  1744. in: struct lsa_OpenPolicy
  1745. system_name : *
  1746. system_name : 0x005c (92)
  1747. attr : *
  1748. attr: struct lsa_ObjectAttribute
  1749. len : 0x00000018 (24)
  1750. root_dir : NULL
  1751. object_name : NULL
  1752. attributes : 0x00000000 (0)
  1753. sec_desc : NULL
  1754. sec_qos : *
  1755. sec_qos: struct lsa_QosInfo
  1756. len : 0x0000000c (12)
  1757. impersonation_level : 0x0002 (2)
  1758. context_mode : 0x01 (1)
  1759. effective_only : 0x00 (0)
  1760. access_mask : 0x02000000 (33554432)
  1761. 0: LSA_POLICY_VIEW_LOCAL_INFORMATION
  1762. 0: LSA_POLICY_VIEW_AUDIT_INFORMATION
  1763. 0: LSA_POLICY_GET_PRIVATE_INFORMATION
  1764. 0: LSA_POLICY_TRUST_ADMIN
  1765. 0: LSA_POLICY_CREATE_ACCOUNT
  1766. 0: LSA_POLICY_CREATE_SECRET
  1767. 0: LSA_POLICY_CREATE_PRIVILEGE
  1768. 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
  1769. 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
  1770. 0: LSA_POLICY_AUDIT_LOG_ADMIN
  1771. 0: LSA_POLICY_SERVER_ADMIN
  1772. 0: LSA_POLICY_LOOKUP_NAMES
  1773. 0: LSA_POLICY_NOTIFICATION
  1774. [2017/04/25 22:48:13.775024, 10, pid=3704, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
  1775. se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff
  1776. [2017/04/25 22:48:13.775053, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
  1777. _lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f0fff)
  1778. but overritten by euid == initial uid
  1779. [2017/04/25 22:48:13.775076, 4, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
  1780. _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff)
  1781. [2017/04/25 22:48:13.775098, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:304(create_rpc_handle_internal)
  1782. Opened policy hnd[1] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1783. [0010] 78 0E 00 00 x...
  1784. [2017/04/25 22:48:13.775147, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1785. lsa_OpenPolicy: struct lsa_OpenPolicy
  1786. out: struct lsa_OpenPolicy
  1787. handle : *
  1788. handle: struct policy_handle
  1789. handle_type : 0x00000000 (0)
  1790. uuid : 0000000c-0000-0000-ff58-0db6780e0000
  1791. result : NT_STATUS_OK
  1792. [2017/04/25 22:48:13.775249, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:410(dcerpc_lsa_lookup_sids_generic)
  1793. rpccli_lsa_lookup_sids: processing items 0 -- 0 of 1.
  1794. [2017/04/25 22:48:13.775290, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1795. lsa_LookupSids: struct lsa_LookupSids
  1796. in: struct lsa_LookupSids
  1797. handle : *
  1798. handle: struct policy_handle
  1799. handle_type : 0x00000000 (0)
  1800. uuid : 0000000c-0000-0000-ff58-0db6780e0000
  1801. sids : *
  1802. sids: struct lsa_SidArray
  1803. num_sids : 0x00000001 (1)
  1804. sids : *
  1805. sids: ARRAY(1)
  1806. sids: struct lsa_SidPtr
  1807. sid : *
  1808. sid : S-1-5-21-2215787217-3459875347-284659480-514
  1809. names : *
  1810. names: struct lsa_TransNameArray
  1811. count : 0x00000000 (0)
  1812. names : NULL
  1813. level : LSA_LOOKUP_NAMES_ALL (1)
  1814. count : *
  1815. count : 0x00000000 (0)
  1816. [2017/04/25 22:48:13.775453, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1817. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1818. [0010] 78 0E 00 00 x...
  1819. [2017/04/25 22:48:13.775506, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:778(check_dom_sid_to_level)
  1820. Accepting SID S-1-5-21-2215787217-3459875347-284659480 in level 1
  1821. [2017/04/25 22:48:13.775529, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/passdb/lookup_sid.c:539(lookup_rids)
  1822. lookup_rids called for domain sid 'S-1-5-21-2215787217-3459875347-284659480'
  1823. [2017/04/25 22:48:13.775552, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:1748(lookup_global_sam_rid)
  1824. lookup_global_sam_rid: looking up RID 514.
  1825. [2017/04/25 22:48:13.775585, 5, pid=3704, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
  1826. pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202.
  1827. [2017/04/25 22:48:13.775621, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/lsa/srv_lsa_nt.c:896(_lsa_lookup_sids_internal)
  1828. num_sids 1, mapped_count 0, status NT_STATUS_NONE_MAPPED
  1829. [2017/04/25 22:48:13.775648, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1830. lsa_LookupSids: struct lsa_LookupSids
  1831. out: struct lsa_LookupSids
  1832. domains : *
  1833. domains : *
  1834. domains: struct lsa_RefDomainList
  1835. count : 0x00000001 (1)
  1836. domains : *
  1837. domains: ARRAY(1)
  1838. domains: struct lsa_DomainInfo
  1839. name: struct lsa_StringLarge
  1840. length : 0x0006 (6)
  1841. size : 0x0008 (8)
  1842. string : *
  1843. string : 'FS2'
  1844. sid : *
  1845. sid : S-1-5-21-2215787217-3459875347-284659480
  1846. max_size : 0x00000020 (32)
  1847. names : *
  1848. names: struct lsa_TransNameArray
  1849. count : 0x00000001 (1)
  1850. names : *
  1851. names: ARRAY(1)
  1852. names: struct lsa_TranslatedName
  1853. sid_type : SID_NAME_UNKNOWN (8)
  1854. name: struct lsa_String
  1855. length : 0x0058 (88)
  1856. size : 0x0058 (88)
  1857. string : *
  1858. string : 'S-1-5-21-2215787217-3459875347-284659480-514'
  1859. sid_index : 0xffffffff (4294967295)
  1860. count : *
  1861. count : 0x00000000 (0)
  1862. result : NT_STATUS_NONE_MAPPED
  1863. [2017/04/25 22:48:13.775963, 10, pid=3704, effective(0, 0), real(0, 0)] ../source3/rpc_client/cli_lsarpc.c:253(dcerpc_lsa_lookup_sids_noalloc)
  1864. LSA_LOOKUPSIDS returned status: 'NT_STATUS_OK', result: 'NT_STATUS_NONE_MAPPED', mapped count = 0'
  1865. [2017/04/25 22:48:13.775995, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1866. lsa_Close: struct lsa_Close
  1867. in: struct lsa_Close
  1868. handle : *
  1869. handle: struct policy_handle
  1870. handle_type : 0x00000000 (0)
  1871. uuid : 0000000c-0000-0000-ff58-0db6780e0000
  1872. [2017/04/25 22:48:13.776049, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1873. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1874. [0010] 78 0E 00 00 x...
  1875. [2017/04/25 22:48:13.776093, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  1876. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 FF 58 0D B6 ........ .....X..
  1877. [0010] 78 0E 00 00 x...
  1878. [2017/04/25 22:48:13.776179, 6, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:388(close_policy_hnd)
  1879. Closed policy
  1880. [2017/04/25 22:48:13.776199, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1881. lsa_Close: struct lsa_Close
  1882. out: struct lsa_Close
  1883. handle : *
  1884. handle: struct policy_handle
  1885. handle_type : 0x00000000 (0)
  1886. uuid : 00000000-0000-0000-0000-000000000000
  1887. result : NT_STATUS_OK
  1888. [2017/04/25 22:48:13.776270, 10, pid=3704, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:418(close_policy_by_pipe)
  1889. Deleted handle list for RPC connection lsarpc
  1890. [2017/04/25 22:48:13.776297, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:541(refresh_sequence_number)
  1891. refresh_sequence_number: FS2 time ok
  1892. [2017/04/25 22:48:13.776315, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:586(refresh_sequence_number)
  1893. refresh_sequence_number: FS2 seq number is now 1493153293
  1894. [2017/04/25 22:48:13.776362, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:995(wcache_save_sid_to_name)
  1895. wcache_save_sid_to_name: S-1-5-21-2215787217-3459875347-284659480-514 -> FS2\(null) (NT_STATUS_NONE_MAPPED)
  1896. [2017/04/25 22:48:13.776384, 1, pid=3704, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
  1897. wbint_LookupRids: struct wbint_LookupRids
  1898. out: struct wbint_LookupRids
  1899. domain_name : *
  1900. domain_name : NULL
  1901. names : *
  1902. names: struct wbint_Principals
  1903. num_principals : 1
  1904. principals: ARRAY(1)
  1905. principals: struct wbint_Principal
  1906. sid : S-1-5-21-2215787217-3459875347-284659480-514
  1907. type : SID_NAME_UNKNOWN (8)
  1908. name : NULL
  1909. result : NT_STATUS_OK
  1910. [2017/04/25 22:48:13.776508, 4, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1395(child_handler)
  1911. Finished processing child request 59
  1912. [2017/04/25 22:48:13.776528, 10, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:102(child_write_response)
  1913. Writing 3548 bytes to parent
  1914. [2017/04/25 22:48:23.020712, 0, pid=3704, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:266(winbindd_sig_term_handler)
  1915. Got sig[15] terminate (is_parent=0)
  1916. root@fs2:/var/log/samba#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!