INFO: Current debug levels: all: 9999 tdb: 9999 printdrivers: 9999 lanman: 9999 smb: 9999 rpc_parse: 9999 rpc_srv: 9999 rpc_cli: 9999 passdb: 9999 sam: 9999 auth: 9999 winbind: 9999 vfs: 9999 idmap: 9999 quota: 9999 acls: 9999 locking: 9999 msdfs: 9999 dmapi: 9999 registry: 9999 scavenger: 9999 dns: 9999 ldb: 9999 Maximum core file size limits now 16777216(soft) -1(hard) smbd version 4.1.6-Ubuntu started. Copyright Andrew Tridgell and the Samba Team 1992-2013 uid=0 gid=0 euid=0 egid=0 Build environment: Built by: buildd@orlo Built on: Thu May 1 21:17:05 UTC 2014 Built using: /usr/bin/gcc Build host: Linux orlo 3.2.0-58-generic #88-Ubuntu SMP Tue Dec 3 17:37:58 UTC 2013 i686 i686 i686 GNU/Linux SRCDIR: /build/buildd/samba-4.1.6+dfsg/source3 BUILDDIR: /build/buildd/samba-4.1.6+dfsg/source3 Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin CONFIGFILE: /etc/samba/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /etc/samba/lmhosts LIBDIR: /usr/lib/i386-linux-gnu MODULESDIR: /usr/lib/i386-linux-gnu/samba SHLIBEXT: so LOCKDIR: /var/run/samba STATEDIR: /var/lib/samba CACHEDIR: /var/cache/samba PIDDIR: /var/run/samba SMB_PASSWD_FILE: /etc/samba/smbpasswd PRIVATE_DIR: /var/lib/samba/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_CAPABILITY_H HAVE_SYS_CDEFS_H HAVE_SYS_DIR_H HAVE_SYS_EPOLL_H HAVE_SYS_EVENTFD_H HAVE_SYS_FCNTL_H HAVE_SYS_FILE_H HAVE_SYS_INOTIFY_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_KERNEL_PROC_CORE_PATTERN HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRCTL_H HAVE_SYS_QUOTAS HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SENDFILE_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_STROPTS_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSCTL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TERMIOS_H HAVE_SYS_TIMEB_H HAVE_SYS_TIMES_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UCONTEXT_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_UTSNAME_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ACL_LIBACL_H HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_ARPA_NAMESER_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_ASN1_ERR_H HAVE_ASSERT_H HAVE_ATTR_ATTRIBUTES_H HAVE_ATTR_XATTR_H HAVE_BSD_MD5_H HAVE_BSD_STRING_H HAVE_BSD_UNISTD_H HAVE_BYTESWAP_H HAVE_COM_ERR_H HAVE_CONFIG_H HAVE_CRYPT_H HAVE_CTYPE_H HAVE_CUPS_CUPS_H HAVE_CUPS_LANGUAGE_H HAVE_CURSES_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_ENDIAN_H HAVE_ERRNO_H HAVE_ERR_H HAVE_EXECINFO_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_FORM_H HAVE_GCRYPT_H HAVE_GETOPT_H HAVE_GLOB_H HAVE_GNUTLS_GNUTLS_H HAVE_GNUTLS_X509_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_H HAVE_GSSAPI_GSSAPI_KRB5_H HAVE_GSSAPI_GSSAPI_SPNEGO_H HAVE_GSSAPI_H HAVE_HCRYPTO_MD4_H HAVE_HDB_H HAVE_HEIMBASE_H HAVE_HEIMNTLM_H HAVE_HX509_H HAVE_ICONV_H HAVE_IFADDRS_H HAVE_INTTYPES_H HAVE_KDC_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIBAIO_H HAVE_LIBINTL_H HAVE_LIMITS_H HAVE_LINUX_FALLOC_H HAVE_LINUX_FCNTL_H HAVE_LINUX_IOCTL_H HAVE_LINUX_NETLINK_H HAVE_LINUX_RTNETLINK_H HAVE_LINUX_TYPES_H HAVE_LOCALE_H HAVE_MALLOC_H HAVE_MEMORY_H HAVE_MENU_H HAVE_MNTENT_H HAVE_NCURSES_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_PANEL_H HAVE_POLL_H HAVE_POPT_H HAVE_PTHREAD_H HAVE_PTY_H HAVE_PWD_H HAVE_PYTHON_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RESOLV_H HAVE_ROKEN_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_RQUOTA_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_EXT_H HAVE_SECURITY_PAM_MODULES_H HAVE_SECURITY__PAM_MACROS_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_SIGNAL_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDDEF_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMCAP_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TERM_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_WIND_H HAVE_ZLIB_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP SIZEOF_UTMP_UT_LINE WITH_UTMP HAVE_* Defines: HAVE_ACL_GET_FILE HAVE_ADDR_TYPE_IN_KRB5_ADDRESS HAVE_AIO HAVE_AIO_CANCEL HAVE_AIO_ERROR HAVE_AIO_FSYNC HAVE_AIO_READ HAVE_AIO_RETURN HAVE_AIO_SUSPEND HAVE_AIO_WRITE HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ATEXIT HAVE_ATTRIBUTE_COLD HAVE_ATTRIBUTE_CONST HAVE_ATTRIBUTE_NORETURN HAVE_ATTRIBUTE_PRINTF HAVE_ATTRIBUTE_UNUSED HAVE_ATTRIBUTE_USED HAVE_BACKTRACE HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BER_SOCKBUF_ADD_IO HAVE_BER_TAG_T HAVE_BINDTEXTDOMAIN HAVE_BIND_TEXTDOMAIN_CODESET HAVE_BLKCNT_T HAVE_BLKSIZE_T HAVE_BOOL HAVE_BSWAP_64 HAVE_BUILTIN_CHOOSE_EXPR HAVE_BUILTIN_CLZ HAVE_BUILTIN_CLZL HAVE_BUILTIN_CLZLL HAVE_BUILTIN_CONSTANT_P HAVE_BUILTIN_EXPECT HAVE_BUILTIN_POPCOUNTL HAVE_BUILTIN_TYPES_COMPATIBLE_P HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CAP_GET_PROC HAVE_CCAN HAVE_CHARSET_CP850 HAVE_CHARSET_UTF_8 HAVE_CHECKSUM_IN_KRB5_CHECKSUM HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_CLOCK_GETTIME HAVE_CLOCK_MONOTONIC HAVE_CLOCK_PROCESS_CPUTIME_ID HAVE_CLOCK_REALTIME HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_COMPOUND_LITERALS HAVE_COM_ERR HAVE_COM_RIGHT_R HAVE_CONNECT HAVE_CRYPT HAVE_CUPS HAVE_DECL_ASPRINTF HAVE_DECL_DLOPEN HAVE_DECL_FDATASYNC HAVE_DECL_GETGRENT_R HAVE_DECL_GETPWENT_R HAVE_DECL_H_ERRNO HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER HAVE_DECL_READAHEAD HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_STRPTIME HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DECL__RES HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DGETTEXT HAVE_DIRENT_D_OFF HAVE_DIRFD HAVE_DIRFD_DECL HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DN_EXPAND HAVE_DPRINTF HAVE_DUP2 HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 HAVE_ENCTYPE_ARCFOUR_HMAC HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56 HAVE_ENDHOSTENT HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ENDNETGRENT_PROTOTYPE HAVE_ENVIRON_DECL HAVE_EPOLL HAVE_EPOLL_CREATE HAVE_ERR HAVE_ERRNO_DECL HAVE_ERRX HAVE_ETYPE_IN_ENCRYPTEDDATA HAVE_EXECL HAVE_E_DATA_POINTER_IN_KRB5_ERROR HAVE_FALLOCATE HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FDATASYNC HAVE_FDATASYNC_DECL HAVE_FDOPENDIR HAVE_FGETXATTR HAVE_FILE_OFFSET_BITS HAVE_FLAGS_IN_KRB5_CREDS HAVE_FLEXIBLE_ARRAY_MEMBER HAVE_FLISTXATTR HAVE_FLOCK HAVE_FREEADDRINFO HAVE_FREEIFADDRS HAVE_FREE_CHECKSUM HAVE_FREMOVEXATTR HAVE_FRSIZE HAVE_FSEEKO HAVE_FSETXATTR HAVE_FSID_INT HAVE_FSTATAT HAVE_FSYNC HAVE_FTRUNCATE HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR HAVE_FUNCTION_MACRO HAVE_FUTIMENS HAVE_FUTIMES HAVE_F_SETLEASE_DECL HAVE_GAI_STRERROR HAVE_GCRY_CONTROL HAVE_GETADDRINFO HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRENT_R HAVE_GETGRENT_R_DECL HAVE_GETGRGID_R HAVE_GETGRNAM HAVE_GETGRNAM_R HAVE_GETGROUPLIST HAVE_GETHOSTBYADDR HAVE_GETHOSTBYNAME HAVE_GETHOSTBYNAME_R HAVE_GETHOSTENT HAVE_GETHOSTENT_R HAVE_GETHOSTNAME HAVE_GETIFADDRS HAVE_GETMNTENT HAVE_GETNAMEINFO HAVE_GETNETGRENT HAVE_GETNETGRENT_PROTOTYPE HAVE_GETPAGESIZE HAVE_GETPEEREID HAVE_GETPGRP HAVE_GETPWENT_R HAVE_GETPWENT_R_DECL HAVE_GETPWNAM HAVE_GETPWNAM_R HAVE_GETPWUID_R HAVE_GETQUOTA_RSLT_GETQUOTA_RSLT_U HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTEXT HAVE_GETTIMEOFDAY_TZ HAVE_GETUTXENT HAVE_GETXATTR HAVE_GET_CURRENT_DIR_NAME HAVE_GLOB HAVE_GNUTLS HAVE_GNUTLS_DATUM HAVE_GNUTLS_DATUM_T HAVE_GNUTLS_GLOBAL_INIT HAVE_GNUTLS_X509_CRT_SET_SUBJECT_KEY_ID HAVE_GNUTLS_X509_CRT_SET_VERSION HAVE_GPG_ERR_CODE_FROM_ERRNO HAVE_GRANTPT HAVE_GSSAPI HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT HAVE_GSSKRB5_GET_SUBKEY HAVE_GSS_DISPLAY_STATUS HAVE_GSS_EXPORT_CRED HAVE_GSS_IMPORT_CRED HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT HAVE_GSS_KRB5_IMPORT_CRED HAVE_GSS_OID_EQUAL HAVE_GSS_OID_TO_NAME HAVE_GSS_WRAP_IOV HAVE_HDB_DB_DIR HAVE_HEIM_CMP HAVE_HEIM_NTLM_NTLMV2_KEY HAVE_HISTORY_LIST HAVE_HSTRERROR HAVE_HTTPCONNECT HAVE_HTTPCONNECTENCRYPT HAVE_HX509_BITSTRING_PRINT HAVE_H_ERRNO HAVE_ICONV HAVE_ICONV_OPEN HAVE_IFACE_GETIFADDRS HAVE_IF_NAMETOINDEX HAVE_IMMEDIATE_STRUCTURES HAVE_INET_ATON HAVE_INET_NTOA HAVE_INET_NTOP HAVE_INET_PTON HAVE_INITGROUPS HAVE_INITIALIZE_ASN1_ERROR_TABLE HAVE_INITIALIZE_KRB5_ERROR_TABLE HAVE_INITSCR HAVE_INNETGR HAVE_INOTIFY HAVE_INO_T HAVE_INT16_T HAVE_INT32_T HAVE_INT64_T HAVE_INT8_T HAVE_INTPTR_T HAVE_IO_SUBMIT HAVE_IPRINT HAVE_IPV6 HAVE_IPV6_V6ONLY HAVE_IRUSEROK HAVE_ISATTY HAVE_ISBLANK HAVE_ITEM_COUNT HAVE_KDC_LOG HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_ADDRESSES HAVE_KRB5_ANYADDR HAVE_KRB5_AUTH_CON_SETKEY HAVE_KRB5_CC_GET_LIFETIME HAVE_KRB5_CREATE_CHECKSUM HAVE_KRB5_CRYPTO HAVE_KRB5_CRYPTO_DESTROY HAVE_KRB5_CRYPTO_INIT HAVE_KRB5_C_VERIFY_CHECKSUM HAVE_KRB5_ENCTYPE_TO_STRING HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG HAVE_KRB5_FREE_ERROR_CONTENTS HAVE_KRB5_FREE_HOST_REALM HAVE_KRB5_FREE_UNPARSED_NAME HAVE_KRB5_FWD_TGT_CREDS HAVE_KRB5_GET_CREDS HAVE_KRB5_GET_CREDS_OPT_ALLOC HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES HAVE_KRB5_GET_HOST_REALM HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC HAVE_KRB5_GET_INIT_CREDS_OPT_FREE HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST HAVE_KRB5_GET_PW_SALT HAVE_KRB5_GET_RENEWED_CREDS HAVE_KRB5_KEYBLOCK_INIT HAVE_KRB5_KEYBLOCK_KEYVALUE HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK HAVE_KRB5_KRBHST_GET_ADDRINFO HAVE_KRB5_KRBHST_INIT HAVE_KRB5_KT_COMPARE HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_KU_OTHER_CKSUM HAVE_KRB5_MAKE_PRINCIPAL HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PDU_NONE_DECL HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM HAVE_KRB5_PRINCIPAL_GET_COMP_STRING HAVE_KRB5_PRINCIPAL_GET_NUM_COMP HAVE_KRB5_PRINCIPAL_GET_REALM HAVE_KRB5_REALM_TYPE HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_STRING_TO_KEY_SALT HAVE_KRB_STRUCT_WINSIZE HAVE_LARGEFILE HAVE_LBER_LOG_PRINT_FN HAVE_LCHOWN HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_INIT_FD HAVE_LDAP_OPT_SOCKBUF HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LDB HAVE_LIBACL HAVE_LIBAIO HAVE_LIBASN1 HAVE_LIBATTR HAVE_LIBBSD HAVE_LIBCAP HAVE_LIBCOM_ERR HAVE_LIBCRYPT HAVE_LIBCUPS HAVE_LIBDL HAVE_LIBFORM HAVE_LIBGCRYPT HAVE_LIBGNUTLS HAVE_LIBGPG_ERROR HAVE_LIBGSSAPI HAVE_LIBHCRYPTO HAVE_LIBHDB HAVE_LIBHEIMBASE HAVE_LIBHEIMNTLM HAVE_LIBHX509 HAVE_LIBKDC HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBMENU HAVE_LIBNCURSES HAVE_LIBNSL HAVE_LIBPAM HAVE_LIBPANEL HAVE_LIBPOPT HAVE_LIBPTHREAD HAVE_LIBREADLINE HAVE_LIBREPLACE HAVE_LIBRESOLV HAVE_LIBROKEN HAVE_LIBRT HAVE_LIBUTIL HAVE_LIBWIND HAVE_LIBZ HAVE_LINK HAVE_LINUX_FALLOCATE HAVE_LINUX_INOTIFY HAVE_LINUX_IOCTL HAVE_LINUX_KERNEL_AIO HAVE_LINUX_READAHEAD HAVE_LINUX_SPLICE HAVE_LISTXATTR HAVE_LITTLE_ENDIAN HAVE_LLSEEK HAVE_LOFF_T HAVE_LONGLONG HAVE_LONG_LONG HAVE_LSTAT HAVE_LUTIMES HAVE_MAKEDEV HAVE_MD4_INIT HAVE_MD5INIT HAVE_MEMALIGN HAVE_MEMCPY HAVE_MEMMEM HAVE_MEMMOVE HAVE_MEMSET HAVE_MKDIR_MODE HAVE_MKDTEMP HAVE_MKNOD HAVE_MKTIME HAVE_MLOCK HAVE_MLOCKALL HAVE_MMAP HAVE_MREMAP HAVE_MSGHDR_MSG_CONTROL HAVE_MUNLOCK HAVE_MUNLOCKALL HAVE_NANOSLEEP HAVE_NATIVE_ICONV HAVE_NCURSES HAVE_NEW_FIELD HAVE_NEW_FORM HAVE_NEW_LIBREADLINE HAVE_NEW_PANEL HAVE_NFS_QUOTAS HAVE_NTDB HAVE_OPENAT HAVE_OPENPTY HAVE_OPEN_O_DIRECT HAVE_PAM_GET_DATA HAVE_PAM_RADIO_TYPE HAVE_PAM_RHOST HAVE_PAM_START HAVE_PAM_TTY HAVE_PAM_VSYSLOG HAVE_PATHCONF HAVE_PEERCRED HAVE_PERL_MAKEMAKER HAVE_PIPE HAVE_POLL HAVE_POPT HAVE_POPTGETCONTEXT HAVE_POSIX_ACLS HAVE_POSIX_CAPABILITIES HAVE_POSIX_FADVISE HAVE_POSIX_FALLOCATE HAVE_POSIX_MEMALIGN HAVE_POSIX_OPENPT HAVE_PRCTL HAVE_PREAD HAVE_PREAD_DECL HAVE_PRINTF HAVE_PTHREAD HAVE_PTHREAD_ATTR_INIT HAVE_PTHREAD_CREATE HAVE_PTRDIFF_T HAVE_PUTENV HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE_DECL HAVE_PYLDB_UTIL HAVE_PYTALLOC_UTIL HAVE_QUOTACTL_LINUX HAVE_RAND HAVE_RANDOM HAVE_RCMD HAVE_READAHEAD_DECL HAVE_READLINK HAVE_READV HAVE_REALPATH HAVE_REMOVEXATTR HAVE_RENAME HAVE_RES_NSEARCH HAVE_RES_SEARCH HAVE_RK_SOCKET_SET_REUSEADDR HAVE_RL_COMPLETION_MATCHES HAVE_SA_FAMILY_T HAVE_SA_SIGINFO_DECL HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SENDFILE HAVE_SENDMSG HAVE_SETBUFFER HAVE_SETEGID HAVE_SETENV HAVE_SETENV_DECL HAVE_SETEUID HAVE_SETGID HAVE_SETGROUPS HAVE_SETHOSTENT HAVE_SETITIMER HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETMNTENT HAVE_SETNETGRENT HAVE_SETNETGRENT_PROTOTYPE HAVE_SETPGID HAVE_SETPROCTITLE HAVE_SETREGID HAVE_SETRESGID HAVE_SETRESGID_DECL HAVE_SETRESUID HAVE_SETRESUID_DECL HAVE_SETREUID HAVE_SETSID HAVE_SETUID HAVE_SETXATTR HAVE_SET_MENU_ITEMS HAVE_SHARED_MMAP HAVE_SHMGET HAVE_SHM_OPEN HAVE_SHOW_PANEL HAVE_SIGACTION HAVE_SIGBLOCK HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SIMPLE_C_PROG HAVE_SIZE_T HAVE_SNPRINTF HAVE_SOCKET HAVE_SOCKETPAIR HAVE_SOCKLEN_T HAVE_SPLICE_DECL HAVE_SRAND HAVE_SRANDOM HAVE_SSIZE_T HAVE_SS_FAMILY HAVE_STATFS_F_FSID HAVE_STATVFS HAVE_STATVFS_F_FLAG HAVE_STAT_HIRES_TIMESTAMPS HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STAT_TV_NSEC HAVE_STRCASECMP HAVE_STRCASESTR HAVE_STRCHR HAVE_STRCPY HAVE_STRDUP HAVE_STRERROR HAVE_STRERROR_R HAVE_STRFTIME HAVE_STRLCAT HAVE_STRLCPY HAVE_STRNCASECMP HAVE_STRNCPY HAVE_STRNDUP HAVE_STRNLEN HAVE_STRPBRK HAVE_STRPTIME HAVE_STRSEP HAVE_STRSIGNAL HAVE_STRTOK_R HAVE_STRTOL HAVE_STRTOLL HAVE_STRTOQ HAVE_STRTOULL HAVE_STRTOUQ HAVE_STRUCT_ADDRINFO HAVE_STRUCT_IFADDRS HAVE_STRUCT_SIGEVENT HAVE_STRUCT_SIGEVENT_SIGEV_VALUE_SIVAL_PTR HAVE_STRUCT_SOCKADDR HAVE_STRUCT_SOCKADDR_IN6 HAVE_STRUCT_SOCKADDR_STORAGE HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC HAVE_STRUCT_STAT_ST_RDEV HAVE_STRUCT_TIMESPEC HAVE_STRUCT_WINSIZE HAVE_ST_RDEV HAVE_SUBUNIT HAVE_SWAB HAVE_SYMLINK HAVE_SYSCALL HAVE_SYSCONF HAVE_SYSCTL HAVE_SYSLOG HAVE_TALLOC HAVE_TDB HAVE_TEVENT HAVE_TEXTDOMAIN HAVE_TGETENT HAVE_TIMEGM HAVE_TYPEOF HAVE_UCONTEXT_T HAVE_UINT16_T HAVE_UINT32_T HAVE_UINT64_T HAVE_UINT8_T HAVE_UINTPTR_T HAVE_UMASK HAVE_UNAME HAVE_UNIXSOCKET HAVE_UNSETENV HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMENSAT HAVE_UTIMES HAVE_U_CHAR HAVE_U_INT32_T HAVE_VASPRINTF HAVE_VA_COPY HAVE_VDPRINTF HAVE_VISIBILITY_ATTR HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSYSLOG HAVE_WAIT4 HAVE_WAITPID HAVE_WARN HAVE_WARNX HAVE_WARN_UNUSED_RESULT HAVE_WIND_STRINGPREP HAVE_WORKING_STRPTIME HAVE_WRITEV HAVE_WS_XPIXEL HAVE_WS_YPIXEL HAVE_XATTR_SUPPORT HAVE_YP_GET_DEFAULT_DOMAIN HAVE_ZLIB HAVE_ZLIBVERSION HAVE__Bool HAVE__RES HAVE__VA_ARGS__MACRO HAVE___CLOSE HAVE___DN_EXPAND HAVE___DUP2 HAVE___FCNTL HAVE___FORK HAVE___FSTAT HAVE___FXSTAT HAVE___LSEEK HAVE___LSTAT HAVE___LXSTAT HAVE___OPEN HAVE___READ HAVE___STAT HAVE___WRITE HAVE___XSTAT --with Options: WITH_ADS WITH_AUTOMOUNT WITH_DNS_UPDATES WITH_PAM WITH_PAM_MODULES WITH_PTHREADPOOL WITH_QUOTAS WITH_SENDFILE WITH_SYSLOG WITH_WINBIND Build Options: AD_DC_BUILD_IS_ENABLED BROKEN_NISPLUS_INCLUDE_FILES BUILD_SYSTEM COMPILER_SUPPORTS_LL CONFIG_H_IS_FROM_SAMBA DEFAULT_DOS_CHARSET DEFAULT_UNIX_CHARSET ENABLE_GNUTLS GETCWD_TAKES_NULL HDB_ENCTYPE2KEY_TAKES_KEYSET INLINE_MACRO KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT KRB5_PRINC_REALM_RETURNS_REALM LDAP_DEPRECATED LDAP_SET_REBIND_PROC_ARGS LIBREPLACE_NETWORK_CHECKS LINUX LINUX_SENDFILE_API REALPATH_TAKES_NULL RETSIGTYPE SAMBA4_USES_HEIMDAL SEEKDIR_RETURNS_VOID SHLIBEXT SIZEOF_BLKCNT_T_8 SIZEOF_BOOL SIZEOF_CHAR SIZEOF_DEV_T SIZEOF_INO_T SIZEOF_INT SIZEOF_INT16_T SIZEOF_INT32_T SIZEOF_INT64_T SIZEOF_INT8_T SIZEOF_LONG SIZEOF_LONG_LONG SIZEOF_OFF_T SIZEOF_SHORT SIZEOF_SIZE_T SIZEOF_SSIZE_T SIZEOF_TIME_T SIZEOF_UINT16_T SIZEOF_UINT32_T SIZEOF_UINT64_T SIZEOF_UINT8_T SIZEOF_VOID_P SMALL_OFF_T STAT_STATVFS STAT_ST_BLOCKSIZE STDC_HEADERS STRING_STATIC_MODULES SUMMARY_PASSES SYSCONF_SC_NGROUPS_MAX SYSCONF_SC_NPROCESSORS_ONLN SYSCONF_SC_PAGESIZE SYSTEM_UNAME_MACHINE SYSTEM_UNAME_RELEASE SYSTEM_UNAME_SYSNAME SYSTEM_UNAME_VERSION TIME_WITH_SYS_TIME USE_LINUX_32BIT_SYSCALLS USE_LINUX_THREAD_CREDENTIALS USING_SYSTEM_ASN1 USING_SYSTEM_ASN1_COMPILE USING_SYSTEM_COMPILE_ET USING_SYSTEM_COM_ERR USING_SYSTEM_GSSAPI USING_SYSTEM_HCRYPTO USING_SYSTEM_HDB USING_SYSTEM_HEIMBASE USING_SYSTEM_HEIMNTLM USING_SYSTEM_HX509 USING_SYSTEM_KDC USING_SYSTEM_KRB5 USING_SYSTEM_LDB USING_SYSTEM_NTDB USING_SYSTEM_POPT USING_SYSTEM_PYLDB_UTIL USING_SYSTEM_PYNTDB USING_SYSTEM_PYTALLOC_UTIL USING_SYSTEM_PYTDB USING_SYSTEM_ROKEN USING_SYSTEM_SUBUNIT USING_SYSTEM_TALLOC USING_SYSTEM_TDB USING_SYSTEM_TEVENT USING_SYSTEM_WIND VALUEOF_NSIG VALUEOF_SIGRTMAX VALUEOF_SIGRTMIN VALUEOF__NSIG VOID_RETSIGTYPE WORKING_GETCONF_LFS_CFLAGS XSLTPROC_MANPAGES _FILE_OFFSET_BITS _GNU_SOURCE _HAVE_SENDFILE _HAVE_UNBROKEN_POSIX_FALLOCATE _LARGEFILE_SOURCE _SAMBA_BUILD_ _XOPEN_SOURCE_EXTENDED auth_samba4_init auth_script_init idmap_ad_init idmap_adex_init idmap_autorid_init idmap_hash_init idmap_ldap_init idmap_rfc2307_init idmap_rid_init idmap_tdb2_init offset_t static_decl_auth static_decl_charset static_decl_gpext static_decl_idmap static_decl_nss_info static_decl_pdb static_decl_perfcount static_decl_vfs static_init_auth static_init_charset static_init_gpext static_init_idmap static_init_nss_info static_init_pdb static_init_perfcount static_init_vfs uint_t vfs_acl_tdb_init vfs_acl_xattr_init vfs_aio_fork_init vfs_aio_linux_init vfs_aio_posix_init vfs_aio_pthread_init vfs_audit_init vfs_btrfs_init vfs_cap_init vfs_catia_init vfs_commit_init vfs_crossrename_init vfs_default_quota_init vfs_dfs_samba4_init vfs_dirsort_init vfs_expand_msdfs_init vfs_extd_audit_init vfs_fake_perms_init vfs_fileid_init vfs_full_audit_init vfs_linux_xfs_sgid_init vfs_media_harmony_init vfs_netatalk_init vfs_posix_eadb_init vfs_preopen_init vfs_readahead_init vfs_readonly_init vfs_recycle_init vfs_scannedonly_init vfs_shadow_copy2_init vfs_shadow_copy_init vfs_smb_traffic_analyzer_init vfs_streams_depot_init vfs_streams_xattr_init vfs_syncops_init vfs_time_audit_init vfs_xattr_tdb_init Type sizes: sizeof(char): 1 sizeof(int): 4 sizeof(long): 4 sizeof(long long): 8 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 sizeof(size_t): 4 sizeof(off_t): 8 sizeof(ino_t): 8 sizeof(dev_t): 8 Builtin modules: vfs_posixacl pdb_smbpasswd pdb_tdbsam pdb_wbc_sam auth_sam auth_unix auth_winbind auth_wbc auth_domain auth_builtin vfs_default nss_info_template idmap_tdb idmap_passdb idmap_nss pdb_samba_dsdb pdb_ldapsam lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 9999 tdb: 9999 printdrivers: 9999 lanman: 9999 smb: 9999 rpc_parse: 9999 rpc_srv: 9999 rpc_cli: 9999 passdb: 9999 sam: 9999 auth: 9999 winbind: 9999 vfs: 9999 idmap: 9999 quota: 9999 acls: 9999 locking: 9999 msdfs: 9999 dmapi: 9999 registry: 9999 scavenger: 9999 dns: 9999 ldb: 9999 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter guest account = ckserver doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes get_current_groups: user is in 1 groups: 0 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 9999 tdb: 9999 printdrivers: 9999 lanman: 9999 smb: 9999 rpc_parse: 9999 rpc_srv: 9999 rpc_cli: 9999 passdb: 9999 sam: 9999 auth: 9999 winbind: 9999 vfs: 9999 idmap: 9999 quota: 9999 acls: 9999 locking: 9999 msdfs: 9999 dmapi: 9999 registry: 9999 scavenger: 9999 dns: 9999 ldb: 9999 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter guest account = ckserver doing parameter usershare allow guests = yes Processing section "[printers]" add_a_service: Creating snum = 0 for printers hash_a_service: creating servicehash hash_a_service: hashing index 0 for service name printers doing parameter comment = All Printers doing parameter browseable = no doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter guest ok = no doing parameter read only = yes doing parameter create mask = 0700 Processing section "[print$]" add_a_service: Creating snum = 1 for print$ hash_a_service: hashing index 1 for service name print$ doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/printers doing parameter browseable = yes doing parameter read only = yes doing parameter guest ok = no Processing section "[smbtest]" add_a_service: Creating snum = 2 for smbtest hash_a_service: hashing index 2 for service name smbtest doing parameter comment = smbtest doing parameter path = /smbtest doing parameter read only = no doing parameter guest ok = yes pm_process() returned Yes lp_servicenumber: couldn't find homes add_a_service: Creating snum = 3 for IPC$ hash_a_service: hashing index 3 for service name IPC$ adding IPC service lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue May 20 00:28:34 2014 added interface eth1 ip=2a02:810d:1940:8c0:139:8e6:ca7f:3b59 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=2a02:810d:1940:8c0:ea9a:8fff:fe2b:d31c bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=192.168.0.254 bcast=192.168.0.255 netmask=255.255.255.0 loaded services Netbios name list:- my_netbios_names[0]="CKSERVER" fcntl_lock 8 13 0 1 1 fcntl_lock: Lock call successful Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to register passdb backend samba_dsdb Successfully added passdb backend 'samba_dsdb' Attempting to register passdb backend samba4 Successfully added passdb backend 'samba4' Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend IPA_ldapsam Successfully added passdb backend 'IPA_ldapsam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init check lock order 1 for /var/run/samba/smbXsrv_version_global.tdb lock order: 1:/var/run/samba/smbXsrv_version_global.tdb 2: 3: Locking key 736D62587372765F76657273696F6E5F676C6F62616C00 Allocated locked data 0x0xb7b5ded8 Unlocking key 736D62587372765F76657273696F6E5F676C6F62616C00 release lock order 1 for /var/run/samba/smbXsrv_version_global.tdb lock order: 1: 2: 3: smbXsrv_version_global_init &global_blob: struct smbXsrv_version_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_version_globalU(case 0) info0 : * info0: struct smbXsrv_version_global0 db_rec : NULL num_nodes : 0x00000001 (1) nodes: ARRAY(1) nodes: struct smbXsrv_version_node0 server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) min_version : SMBXSRV_VERSION_0 (0) max_version : SMBXSRV_VERSION_0 (0) current_version : SMBXSRV_VERSION_0 (0) Registering messaging pointer for type 784 - private_data=0xb7b5d458 Registering messaging pointer for type 788 - private_data=0xb7b5d818 s3_tevent: Added timed event "tevent_req_timedout": 0xb7b5f538 Registering messaging pointer for type 789 - private_data=0xb7b5f668 regdb_init: registry db openend. refcount reset (1) reghook_cache_init: new tree with default ops 0xb6b9a220 for key [] tdb_unpack(d, 38) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 41) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 8) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 33) -> 4 tdb_unpack(fdB, 29) -> 29 regdb_unpack_values: value[0]: name[Samba Printer Port] len[2] regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] tdb_unpack(d, 38) -> 4 tdb_unpack(d, 104) -> 4 tdb_unpack(fdB, 100) -> 100 regdb_unpack_values: value[0]: name[DefaultSpoolDirectory] len[70] regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(fdB, 65) -> 40 regdb_unpack_values: value[0]: name[DisplayName] len[20] tdb_unpack(fdB, 25) -> 25 regdb_unpack_values: value[1]: name[ErrorControl] len[4] regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(fdB, 65) -> 40 regdb_unpack_values: value[0]: name[DisplayName] len[20] tdb_unpack(fdB, 25) -> 25 regdb_unpack_values: value[1]: name[ErrorControl] len[4] reghook_cache_add: Adding ops 0xb76a17a0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] pathtree_add: Enter pathtree_find_child: Did not find [HKLM] pathtree_birth_child: First child of node [NULL]! [HKLM] pathtree_find_child: Did not find [SYSTEM] pathtree_birth_child: First child of node [HKLM]! [SYSTEM] pathtree_find_child: Did not find [CurrentControlSet] pathtree_birth_child: First child of node [SYSTEM]! [CurrentControlSet] pathtree_find_child: Did not find [Control] pathtree_birth_child: First child of node [CurrentControlSet]! [Control] pathtree_find_child: Did not find [Print] pathtree_birth_child: First child of node [Control]! [Print] pathtree_find_child: Did not find [Printers] pathtree_birth_child: First child of node [Print]! [Printers] pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Did not find [SOFTWARE] pathtree_birth_child: Looking for crib; infant -> [SOFTWARE], child -> [SYSTEM] pathtree_birth_child: Exiting loop (i == [0]) pathtree_find_child: Did not find [Microsoft] pathtree_birth_child: First child of node [SOFTWARE]! [Microsoft] pathtree_find_child: Did not find [Windows NT] pathtree_birth_child: First child of node [Microsoft]! [Windows NT] pathtree_find_child: Did not find [CurrentVersion] pathtree_birth_child: First child of node [Windows NT]! [CurrentVersion] pathtree_find_child: Did not find [Print] pathtree_birth_child: First child of node [CurrentVersion]! [Print] pathtree_find_child: Did not find [Printers] pathtree_birth_child: First child of node [Print]! [Printers] pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find_child: child key => [Microsoft] pathtree_find_child: Found [Microsoft] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find_child: child key => [Print] pathtree_find_child: Did not find [Ports] pathtree_birth_child: Looking for crib; infant -> [Ports], child -> [Print] pathtree_birth_child: Exiting loop (i == [0]) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a17e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find_child: child key => [Control] pathtree_find_child: Did not find [Services] pathtree_birth_child: Looking for crib; infant -> [Services], child -> [Control] pathtree_birth_child: storing infant in i == [1] pathtree_birth_child: Exiting loop (i == [1]) pathtree_find_child: Did not find [LanmanServer] pathtree_birth_child: First child of node [Services]! [LanmanServer] pathtree_find_child: Did not find [Shares] pathtree_birth_child: First child of node [LanmanServer]! [Shares] pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb71e5d60 for key [\HKLM\SOFTWARE\Samba\smbconf] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find_child: child key => [Microsoft] pathtree_find_child: Did not find [Samba] pathtree_birth_child: Looking for crib; infant -> [Samba], child -> [Microsoft] pathtree_birth_child: storing infant in i == [1] pathtree_birth_child: Exiting loop (i == [1]) pathtree_find_child: Did not find [smbconf] pathtree_birth_child: First child of node [Samba]! [smbconf] pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a1820 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: Did not find [Netlogon] pathtree_birth_child: Looking for crib; infant -> [Netlogon], child -> [LanmanServer] pathtree_birth_child: storing infant in i == [1] pathtree_birth_child: Exiting loop (i == [1]) pathtree_find_child: Did not find [Parameters] pathtree_birth_child: First child of node [Netlogon]! [Parameters] pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a1860 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Control] pathtree_find_child: child key => [Print] pathtree_find_child: Did not find [ProductOptions] pathtree_birth_child: Looking for crib; infant -> [ProductOptions], child -> [Print] pathtree_birth_child: storing infant in i == [1] pathtree_birth_child: Exiting loop (i == [1]) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a18a0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: Did not find [Tcpip] pathtree_birth_child: Looking for crib; infant -> [Tcpip], child -> [Netlogon] pathtree_birth_child: storing infant in i == [2] pathtree_birth_child: Exiting loop (i == [2]) pathtree_find_child: Did not find [Parameters] pathtree_birth_child: First child of node [Tcpip]! [Parameters] pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a18e0 for key [\HKPT] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: Did not find [HKPT] pathtree_birth_child: Looking for crib; infant -> [HKPT], child -> [HKLM] pathtree_birth_child: storing infant in i == [1] pathtree_birth_child: Exiting loop (i == [1]) pathtree_add: Successfully added node [HKPT] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0xb76a1960 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] pathtree_add: Enter pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find_child: child key => [Ports] pathtree_find_child: Did not find [Perflib] pathtree_birth_child: Looking for crib; infant -> [Perflib], child -> [Print] pathtree_birth_child: Looking for crib; infant -> [Perflib], child -> [Ports] pathtree_birth_child: Exiting loop (i == [0]) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree pathtree_add: Exit reghook_dump_cache: Starting cache dump now... ROOT/: [HKLM] (NULL) ROOT/HKLM/: [SOFTWARE] (NULL) ROOT/HKLM/SOFTWARE/: [Microsoft] (NULL) ROOT/HKLM/SOFTWARE/Microsoft/: [Windows NT] (NULL) ROOT/HKLM/SOFTWARE/Microsoft/Windows NT/: [CurrentVersion] (data) ROOT/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/: [Perflib] (data) ROOT/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/: [Ports] (data) ROOT/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/: [Print] (NULL) ROOT/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/: [Printers] (data) ROOT/HKLM/SOFTWARE/: [Samba] (NULL) ROOT/HKLM/SOFTWARE/Samba/: [smbconf] (data) ROOT/HKLM/: [SYSTEM] (NULL) ROOT/HKLM/SYSTEM/: [CurrentControlSet] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/: [Control] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Control/: [Print] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Control/Print/: [Printers] (data) ROOT/HKLM/SYSTEM/CurrentControlSet/Control/: [ProductOptions] (data) ROOT/HKLM/SYSTEM/CurrentControlSet/: [Services] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/: [LanmanServer] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/: [Shares] (data) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/: [Netlogon] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/: [Parameters] (data) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/: [Tcpip] (NULL) ROOT/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/: [Parameters] (data) ROOT/: [HKPT] (data) regdb_close: decrementing refcount (1->0) Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! Finding user CKSERVER\ckserver Trying _Get_Pwnam(), username as lowercase is ckserver\ckserver Trying _Get_Pwnam(), username as given is CKSERVER\ckserver Trying _Get_Pwnam(), username as uppercase is CKSERVER\CKSERVER Checking combinations of 0 uppercase letters in ckserver\ckserver Get_Pwnam_internals didn't find user [CKSERVER\ckserver]! Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! Create local NT token for ckserver Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb Adding cache entry with key=[IDMAP/SID2XID/S-1-5-32-544] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) sid S-1-5-32-544 -> gid 4294967295 Adding cache entry with key=[IDMAP/SID2XID/S-1-5-32-545] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) sid S-1-5-32-545 -> gid 4294967295 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-776888349-2444189073-2378508477-501] get_privileges: No privileges assigned to SID [S-1-5-21-776888349-2444189073-2378508477-514] get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-776888349-2444189073-2378508477-501] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) Adding cache entry with key=[IDMAP/SID2XID/S-1-5-21-776888349-2444189073-2378508477-514] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) Adding cache entry with key=[IDMAP/SID2XID/S-1-1-0] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) Adding cache entry with key=[IDMAP/SID2XID/S-1-5-2] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) Adding cache entry with key=[IDMAP/SID2XID/S-1-5-32-546] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539960 seconds in the past) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 501. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! pdb_set_username: setting username ckserver, was element 11 -> now SET pdb_set_full_name: setting full name CK, was element 12 -> now SET pdb_set_domain: setting domain CKSERVER, was element 13 -> now DEFAULT pdb_set_user_sid: setting user sid S-1-5-21-776888349-2444189073-2378508477-501 element 17 -> now DEFAULT pdb_set_user_sid_from_rid: setting user sid S-1-5-21-776888349-2444189073-2378508477-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 501. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! pdb_set_username: setting username ckserver, was element 11 -> now SET pdb_set_full_name: setting full name CK, was element 12 -> now SET pdb_set_domain: setting domain CKSERVER, was element 13 -> now DEFAULT pdb_set_user_sid: setting user sid S-1-5-21-776888349-2444189073-2378508477-501 element 17 -> now DEFAULT pdb_set_user_sid_from_rid: setting user sid S-1-5-21-776888349-2444189073-2378508477-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user ckserver Trying _Get_Pwnam(), username as lowercase is ckserver Get_Pwnam_internals did find user [ckserver]! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 514. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Can't find a unix id for an unmapped group SID S-1-5-21-776888349-2444189073-2378508477-514 is or domain, but is unmapped pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-21-776888349-2444189073-2378508477-514 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 514. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwrid (TDB): error looking up RID 514 by key RID_00000202. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Can't find a unix id for an unmapped group SID S-1-5-21-776888349-2444189073-2378508477-514 is or domain, but is unmapped pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-21-776888349-2444189073-2378508477-514 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-546 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Could not find map for sid S-1-5-32-546 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-21-776888349-2444189073-2378508477-514 to gid, ignoring it Could not convert SID S-1-1-0 to gid, ignoring it Could not convert SID S-1-5-2 to gid, ignoring it Could not convert SID S-1-5-32-546 to gid, ignoring it Security token SIDs (6): SID[ 0]: S-1-5-21-776888349-2444189073-2378508477-501 SID[ 1]: S-1-5-21-776888349-2444189073-2378508477-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 0 supplementary groups Initialise the svcctl registry keys if needed. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: [loop] base => [HKLM], new_path => [] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM] regdb_fetch_keys: Enter key => [HKLM] tdb_unpack(d, 20) -> 4 tdb_unpack(d, 20) -> 4 tdb_unpack(f, 16) -> 9 tdb_unpack(f, 7) -> 7 regdb_fetch_keys: Exit [2] items Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651f0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651f0 winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65220 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65220 winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 result : WERR_OK winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67248 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67248 winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b660e8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b660e8 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66ce0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66ce0 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67770 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67770 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65050 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65050 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651c0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651c0 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66578 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66578 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b672a8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b672a8 winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\Spooler] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\Spooler] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [Spooler] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [Spooler], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [Spooler] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66838 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 383) -> 4 tdb_unpack(fdB, 379) -> 18 regdb_unpack_values: value[0]: name[Start] len[4] tdb_unpack(fdB, 361) -> 17 regdb_unpack_values: value[1]: name[Type] len[4] tdb_unpack(fdB, 344) -> 25 regdb_unpack_values: value[2]: name[ErrorControl] len[4] tdb_unpack(fdB, 319) -> 43 regdb_unpack_values: value[3]: name[ObjectName] len[24] tdb_unpack(fdB, 276) -> 48 regdb_unpack_values: value[4]: name[DisplayName] len[28] tdb_unpack(fdB, 228) -> 126 regdb_unpack_values: value[5]: name[Description] len[106] tdb_unpack(fdB, 102) -> 102 regdb_unpack_values: value[6]: name[ImagePath] len[84] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b657a0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b657a0 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66fd0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66fd0 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67a10 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67a10 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b675f8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b675f8 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65640 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65640 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65640 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65640 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65640 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65640 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b654c0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b654c0 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\Spooler] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\Spooler] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\Spooler] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [Spooler] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [Spooler], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [Spooler] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\Spooler\Security] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\Spooler\Security] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\Spooler\Security] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [Spooler\Security] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [Spooler], new_path => [Security] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [Spooler] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_keys: Exit [0] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65158 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65158 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 141) -> 4 tdb_unpack(fdB, 137) -> 137 regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66798 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66798 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b69720 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b69720 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\NETLOGON] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\NETLOGON] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [NETLOGON] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [NETLOGON], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Found [NETLOGON] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] tdb_unpack(d, 24) -> 4 tdb_unpack(d, 24) -> 4 tdb_unpack(f, 20) -> 11 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651c8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651c8 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] tdb_unpack(d, 24) -> 4 tdb_unpack(d, 433) -> 4 tdb_unpack(fdB, 429) -> 18 regdb_unpack_values: value[0]: name[Start] len[4] tdb_unpack(fdB, 411) -> 17 regdb_unpack_values: value[1]: name[Type] len[4] tdb_unpack(fdB, 394) -> 25 regdb_unpack_values: value[2]: name[ErrorControl] len[4] tdb_unpack(fdB, 369) -> 43 regdb_unpack_values: value[3]: name[ObjectName] len[24] tdb_unpack(fdB, 326) -> 40 regdb_unpack_values: value[4]: name[DisplayName] len[20] tdb_unpack(fdB, 286) -> 184 regdb_unpack_values: value[5]: name[Description] len[164] tdb_unpack(fdB, 102) -> 102 regdb_unpack_values: value[6]: name[ImagePath] len[84] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66920 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66920 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b657a0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b657a0 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b657a0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b657a0 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65640 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65640 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67f18 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67f18 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67f18 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67f18 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67f18 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67f18 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a780 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a780 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\NETLOGON] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\NETLOGON] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\NETLOGON] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [NETLOGON] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [NETLOGON], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Found [NETLOGON] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] tdb_unpack(d, 24) -> 4 tdb_unpack(d, 24) -> 4 tdb_unpack(f, 20) -> 11 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\NETLOGON\Security] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\NETLOGON\Security] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\NETLOGON\Security] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [NETLOGON\Security] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [NETLOGON], new_path => [Security] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Found [NETLOGON] pathtree_find: [loop] base => [Security], new_path => [] pathtree_find_child: child key => [Parameters] pathtree_find_child: Did not find [Security] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_keys: Exit [0] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651c8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651c8 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 141) -> 4 tdb_unpack(fdB, 137) -> 137 regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b68138 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b68138 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66920 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66920 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\RemoteRegistry] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\RemoteRegistry] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [RemoteRegistry] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [RemoteRegistry], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [RemoteRegistry] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67960 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67960 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 423) -> 4 tdb_unpack(fdB, 419) -> 18 regdb_unpack_values: value[0]: name[Start] len[4] tdb_unpack(fdB, 401) -> 17 regdb_unpack_values: value[1]: name[Type] len[4] tdb_unpack(fdB, 384) -> 25 regdb_unpack_values: value[2]: name[ErrorControl] len[4] tdb_unpack(fdB, 359) -> 43 regdb_unpack_values: value[3]: name[ObjectName] len[24] tdb_unpack(fdB, 316) -> 68 regdb_unpack_values: value[4]: name[DisplayName] len[48] tdb_unpack(fdB, 248) -> 146 regdb_unpack_values: value[5]: name[Description] len[126] tdb_unpack(fdB, 102) -> 102 regdb_unpack_values: value[6]: name[ImagePath] len[84] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6b8c8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6b8c8 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65268 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65268 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651f8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651f8 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a790 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a790 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a720 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a720 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651f8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651f8 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65268 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65268 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65268 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65268 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\RemoteRegistry] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\RemoteRegistry] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\RemoteRegistry] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [RemoteRegistry] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [RemoteRegistry], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [RemoteRegistry] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\RemoteRegistry\Security] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\RemoteRegistry\Security] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [RemoteRegistry\Security] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [RemoteRegistry], new_path => [Security] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [RemoteRegistry] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_keys: Exit [0] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67960 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67960 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 141) -> 4 tdb_unpack(fdB, 137) -> 137 regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65268 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65268 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66120 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66120 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\WINS] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\WINS] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\WINS] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [WINS] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [WINS], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [WINS] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\WINS] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a530 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a530 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 501) -> 4 tdb_unpack(fdB, 497) -> 18 regdb_unpack_values: value[0]: name[Start] len[4] tdb_unpack(fdB, 479) -> 17 regdb_unpack_values: value[1]: name[Type] len[4] tdb_unpack(fdB, 462) -> 25 regdb_unpack_values: value[2]: name[ErrorControl] len[4] tdb_unpack(fdB, 437) -> 43 regdb_unpack_values: value[3]: name[ObjectName] len[24] tdb_unpack(fdB, 394) -> 94 regdb_unpack_values: value[4]: name[DisplayName] len[74] tdb_unpack(fdB, 300) -> 198 regdb_unpack_values: value[5]: name[Description] len[178] tdb_unpack(fdB, 102) -> 102 regdb_unpack_values: value[6]: name[ImagePath] len[84] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b651f8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b651f8 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6e280 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6e280 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a420 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a420 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6b858 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6b858 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6e168 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6e168 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x6e (110) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x73 (115) [5] : 0x00 (0) [6] : 0x72 (114) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x6c (108) [11] : 0x00 (0) [12] : 0x69 (105) [13] : 0x00 (0) [14] : 0x62 (98) [15] : 0x00 (0) [16] : 0x2f (47) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x33 (51) [21] : 0x00 (0) [22] : 0x38 (56) [23] : 0x00 (0) [24] : 0x36 (54) [25] : 0x00 (0) [26] : 0x2d (45) [27] : 0x00 (0) [28] : 0x6c (108) [29] : 0x00 (0) [30] : 0x69 (105) [31] : 0x00 (0) [32] : 0x6e (110) [33] : 0x00 (0) [34] : 0x75 (117) [35] : 0x00 (0) [36] : 0x78 (120) [37] : 0x00 (0) [38] : 0x2d (45) [39] : 0x00 (0) [40] : 0x67 (103) [41] : 0x00 (0) [42] : 0x6e (110) [43] : 0x00 (0) [44] : 0x75 (117) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x6e (110) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6e168 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6e168 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6e168 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6e168 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b66120 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b66120 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regdb_close: decrementing refcount (5->4) tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 2 regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\WINS] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\WINS] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\WINS] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [WINS] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [WINS], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [WINS] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\WINS] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regdb_close: decrementing refcount (5->4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\WINS\Security] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\WINS\Security] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\WINS\Security] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [WINS\Security] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [WINS], new_path => [Security] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: child key => [Netlogon] pathtree_find_child: child key => [Tcpip] pathtree_find_child: Did not find [WINS] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_keys: Exit [0] items regdb_close: decrementing refcount (5->4) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67d98 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67d98 winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 141) -> 4 tdb_unpack(fdB, 137) -> 137 regdb_unpack_values: value[0]: name[Security] len[120] winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6e2b0 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6e2b0 winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (4->3) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a0c8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a0c8 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (3->2) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a508 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a508 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK regdb_close: decrementing refcount (2->1) regdb_close: decrementing refcount (1->0) Deleted handle list for RPC connection \winreg Initialise the eventlog registry keys if needed. Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: [loop] base => [HKLM], new_path => [] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM] regdb_fetch_keys: Enter key => [HKLM] tdb_unpack(d, 20) -> 4 tdb_unpack(d, 20) -> 4 tdb_unpack(f, 16) -> 9 tdb_unpack(f, 7) -> 7 regdb_fetch_keys: Exit [2] items Opened policy hnd[1] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65660 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65660 winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-7a53-388b31220000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] pathtree_find: Enter [\HKLM\SYSTEM] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM] regdb_fetch_keys: Enter key => [HKLM\SYSTEM] tdb_unpack(d, 22) -> 4 tdb_unpack(d, 22) -> 4 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet] tdb_unpack(d, 21) -> 4 tdb_unpack(d, 21) -> 4 tdb_unpack(f, 17) -> 8 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [2] items regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services] tdb_unpack(d, 69) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(f, 65) -> 13 tdb_unpack(f, 52) -> 9 tdb_unpack(f, 43) -> 6 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 8 tdb_unpack(f, 20) -> 15 tdb_unpack(f, 5) -> 5 regdb_fetch_keys: Exit [7] items regkey_open_onelevel: name = [Eventlog] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] pathtree_find: [loop] base => [HKLM], new_path => [SYSTEM\CurrentControlSet\Services\Eventlog] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SYSTEM], new_path => [CurrentControlSet\Services\Eventlog] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SYSTEM] pathtree_find: [loop] base => [CurrentControlSet], new_path => [Services\Eventlog] pathtree_find_child: child key => [CurrentControlSet] pathtree_find_child: Found [CurrentControlSet] pathtree_find: [loop] base => [Services], new_path => [Eventlog] pathtree_find_child: child key => [Control] pathtree_find_child: child key => [Services] pathtree_find_child: Found [Services] pathtree_find: [loop] base => [Eventlog], new_path => [] pathtree_find_child: child key => [LanmanServer] pathtree_find_child: Did not find [Eventlog] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] regdb_fetch_keys: Enter key => [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 4) -> 4 regdb_fetch_keys: Exit [0] items regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) regdb_close: decrementing refcount (3->2) Opened policy hnd[2] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65660 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65660 winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 result : WERR_OK winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0xb6b9a220) regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] tdb_unpack(d, 4) -> 4 tdb_unpack(d, 69) -> 4 tdb_unpack(fdB, 65) -> 40 regdb_unpack_values: value[0]: name[DisplayName] len[20] tdb_unpack(fdB, 25) -> 25 regdb_unpack_values: value[1]: name[ErrorControl] len[4] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] tdb_unpack(d, 4) -> 4 winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b65cf8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b65cf8 winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (2->1) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b64ec8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b64ec8 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK regdb_close: decrementing refcount (1->0) Deleted handle list for RPC connection \winreg Registering messaging pointer for type 515 - private_data=(nil) s3_tevent: Added timed event "smbd_idle_event_handler": 0xb7b62778 event_add_idle: idle_evt(print_queue_housekeeping) 0xb7b62778 reloading printcap cache tdb_pack_va(dd, 0) -> 8 tdb_pack_va(dd, 8) -> 8 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 Allocated locked data 0x0xb7b63810 Unlocking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: cups_pcap_load_async: asynchronously loading cups printers cups_pcap_load_async: child pid = 8754 cups_cache_reload: async read on fd 26 reload status: ok bind succeeded on port 445 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 bind succeeded on port 139 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 bind succeeded on port 445 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 bind succeeded on port 139 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 check lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2:/var/run/samba/serverid.tdb 3: Locking key 3122000000000000FFFFFFFF Allocated locked data 0x0xb7b64450 Unlocking key 3122000000000000FFFFFFFF release lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2: 3: Registering messaging pointer for type 13 - private_data=(nil) Registering messaging pointer for type 33 - private_data=0xb7b5a560 Registering messaging pointer for type 783 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) Overriding messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 519 - private_data=0xb7b5a560 Registering messaging pointer for type 785 - private_data=(nil) Registering messaging pointer for type 770 - private_data=(nil) Registering messaging pointer for type 15 - private_data=(nil) Registering messaging pointer for type 16 - private_data=(nil) reloading printcap cache tdb_pack_va(dd, 0) -> 8 tdb_pack_va(dd, 8) -> 8 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 Allocated locked data 0x0xb7b648b8 Unlocking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: cups_pcap_load_async: already waiting for a refresh event reload status: error waiting for connections successfully sent blob of len 261 cups_async_callback: callback received for printer data. fd = 26 successfully recvd blob of len 261 pcap_cache_add_specific: Adding name Brother_MFC_7320 info Brother_MFC_7320, location: ckserver pcap_cache_add_specific: Adding name PDF info PDF, location: pcap_cache_add_specific: Adding name PIXMA_iP4500 info PIXMA_iP4500, location: ckserver tdb_pack_va(dd, 0) -> 8 tdb_pack_va(dd, 8) -> 8 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 Allocated locked data 0x0xb7b66938 Unlocking key 5052494E5445524C4953542F474C4F42414C2F4C4153545F5245465245534800 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: tdb_pack_va(ddPPP, 0) -> 43 tdb_pack_va(ddPPP, 43) -> 43 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F50524E2F5049584D415F49503435303000 Allocated locked data 0x0xb7b669a8 Unlocking key 5052494E5445524C4953542F50524E2F5049584D415F49503435303000 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: tdb_pack_va(ddPPP, 0) -> 17 tdb_pack_va(ddPPP, 17) -> 17 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F50524E2F50444600 Allocated locked data 0x0xb7b650b0 Unlocking key 5052494E5445524C4953542F50524E2F50444600 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: tdb_pack_va(ddPPP, 0) -> 51 tdb_pack_va(ddPPP, 51) -> 51 check lock order 1 for /var/run/samba/printer_list.tdb lock order: 1:/var/run/samba/printer_list.tdb 2: 3: Locking key 5052494E5445524C4953542F50524E2F42524F544845525F4D46435F3733323000 Allocated locked data 0x0xb7b652c8 Unlocking key 5052494E5445524C4953542F50524E2F42524F544845525F4D46435F3733323000 release lock order 1 for /var/run/samba/printer_list.tdb lock order: 1: 2: 3: tdb_unpack(dd, 8) -> 8 tdb_unpack(ddPPP, 51) -> 51 tdb_unpack(ddPPP, 43) -> 43 tdb_unpack(ddPPP, 17) -> 17 tdb_unpack(dd, 8) -> 8 tdb_unpack(ddPPP, 51) -> 51 lp_servicenumber: couldn't find Brother_MFC_7320 add_a_service: Creating snum = 4 for Brother_MFC_7320 hash_a_service: hashing index 4 for service name Brother_MFC_7320 adding printer service Brother_MFC_7320 tdb_unpack(ddPPP, 43) -> 43 lp_servicenumber: couldn't find PIXMA_iP4500 add_a_service: Creating snum = 5 for PIXMA_iP4500 hash_a_service: hashing index 5 for service name PIXMA_iP4500 adding printer service PIXMA_iP4500 tdb_unpack(ddPPP, 17) -> 17 lp_servicenumber: couldn't find PDF add_a_service: Creating snum = 6 for PDF hash_a_service: hashing index 6 for service name PDF adding printer service PDF reloading printer services from pcap cache tdb_unpack(ddPPP, 51) -> 51 Adding default registry entry for printer [Brother_MFC_7320], if it doesn't exist. Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: [loop] base => [HKLM], new_path => [] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM] regdb_fetch_keys: Enter key => [HKLM] tdb_unpack(d, 20) -> 4 tdb_unpack(d, 20) -> 4 tdb_unpack(f, 16) -> 9 tdb_unpack(f, 7) -> 7 regdb_fetch_keys: Exit [2] items Opened policy hnd[1] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67838 winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x009a (154) name_size : 0x009a (154) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x009a (154) name_size : 0x009a (154) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. regkey_open_onelevel: name = [SOFTWARE] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] pathtree_find: Enter [\HKLM\SOFTWARE] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE] tdb_unpack(d, 29) -> 4 tdb_unpack(d, 29) -> 4 tdb_unpack(f, 25) -> 10 tdb_unpack(f, 15) -> 6 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [Microsoft] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft] tdb_unpack(d, 23) -> 4 tdb_unpack(d, 23) -> 4 tdb_unpack(f, 19) -> 11 tdb_unpack(f, 8) -> 8 regdb_fetch_keys: Exit [2] items regkey_open_onelevel: name = [Windows NT] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT] tdb_unpack(d, 19) -> 4 tdb_unpack(d, 19) -> 4 tdb_unpack(f, 15) -> 15 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [CurrentVersion] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] tdb_unpack(d, 46) -> 4 tdb_unpack(d, 46) -> 4 tdb_unpack(f, 42) -> 6 tdb_unpack(f, 36) -> 6 tdb_unpack(f, 30) -> 8 tdb_unpack(f, 22) -> 13 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [5] items regkey_open_onelevel: name = [Print] regdb_open: incrementing refcount (5->6) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [Printers] regdb_open: incrementing refcount (6->7) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] tdb_unpack(d, 38) -> 4 tdb_unpack(d, 38) -> 4 tdb_unpack(f, 34) -> 17 tdb_unpack(f, 17) -> 13 tdb_unpack(f, 4) -> 4 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [Brother_MFC_7320] regdb_open: incrementing refcount (7->8) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers\Brother_MFC_7320] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers\Brother_MFC_7320] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers\Brother_MFC_7320] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [Brother_MFC_7320] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: [loop] base => [Brother_MFC_7320], new_path => [] pathtree_find_child: Did not find [Brother_MFC_7320] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320] tdb_unpack(d, 41) -> 4 tdb_unpack(d, 41) -> 4 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 10 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [3] items regdb_close: decrementing refcount (8->7) regdb_close: decrementing refcount (7->6) regdb_close: decrementing refcount (6->5) regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) regdb_close: decrementing refcount (3->2) Opened policy hnd[2] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67838 winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-7a53-388b31220000 result : WERR_OK winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother_MFC_7320 already exists winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 0E 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (2->1) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67a80 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67a80 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000d-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 0D 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (1->0) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67a80 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67a80 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK Deleted handle list for RPC connection \winreg tdb_unpack(ddPPP, 43) -> 43 Adding default registry entry for printer [PIXMA_iP4500], if it doesn't exist. Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: [loop] base => [HKLM], new_path => [] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM] regdb_fetch_keys: Enter key => [HKLM] tdb_unpack(d, 20) -> 4 tdb_unpack(d, 20) -> 4 tdb_unpack(f, 16) -> 9 tdb_unpack(f, 7) -> 7 regdb_fetch_keys: Exit [2] items Opened policy hnd[1] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67838 winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0092 (146) name_size : 0x0092 (146) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0092 (146) name_size : 0x0092 (146) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. regkey_open_onelevel: name = [SOFTWARE] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] pathtree_find: Enter [\HKLM\SOFTWARE] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE] tdb_unpack(d, 29) -> 4 tdb_unpack(d, 29) -> 4 tdb_unpack(f, 25) -> 10 tdb_unpack(f, 15) -> 6 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [Microsoft] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft] tdb_unpack(d, 23) -> 4 tdb_unpack(d, 23) -> 4 tdb_unpack(f, 19) -> 11 tdb_unpack(f, 8) -> 8 regdb_fetch_keys: Exit [2] items regkey_open_onelevel: name = [Windows NT] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT] tdb_unpack(d, 19) -> 4 tdb_unpack(d, 19) -> 4 tdb_unpack(f, 15) -> 15 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [CurrentVersion] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] tdb_unpack(d, 46) -> 4 tdb_unpack(d, 46) -> 4 tdb_unpack(f, 42) -> 6 tdb_unpack(f, 36) -> 6 tdb_unpack(f, 30) -> 8 tdb_unpack(f, 22) -> 13 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [5] items regkey_open_onelevel: name = [Print] regdb_open: incrementing refcount (5->6) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [Printers] regdb_open: incrementing refcount (6->7) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] tdb_unpack(d, 38) -> 4 tdb_unpack(d, 38) -> 4 tdb_unpack(f, 34) -> 17 tdb_unpack(f, 17) -> 13 tdb_unpack(f, 4) -> 4 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [PIXMA_iP4500] regdb_open: incrementing refcount (7->8) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers\PIXMA_iP4500] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers\PIXMA_iP4500] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers\PIXMA_iP4500] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [PIXMA_iP4500] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: [loop] base => [PIXMA_iP4500], new_path => [] pathtree_find_child: Did not find [PIXMA_iP4500] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500] tdb_unpack(d, 41) -> 4 tdb_unpack(d, 41) -> 4 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 10 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [3] items regdb_close: decrementing refcount (8->7) regdb_close: decrementing refcount (7->6) regdb_close: decrementing refcount (6->5) regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) regdb_close: decrementing refcount (3->2) Opened policy hnd[2] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67838 winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-7a53-388b31220000 result : WERR_OK winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PIXMA_iP4500 already exists winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000010-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 10 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (2->1) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a720 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a720 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000f-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 0F 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (1->0) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67838 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67838 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK Deleted handle list for RPC connection \winreg tdb_unpack(ddPPP, 17) -> 17 Adding default registry entry for printer [PDF], if it doesn't exist. Create pipe requested \winreg init_pipe_handle_list: created handle list for pipe \winreg init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg Created internal pipe \winreg winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY regkey_open_onelevel: name = [HKLM] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 regdb_open: registry db opened. refcount reset (1) reghook_cache_find: Searching for keyname [\HKLM] pathtree_find: Enter [\HKLM] pathtree_find: [loop] base => [HKLM], new_path => [] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM] regdb_fetch_keys: Enter key => [HKLM] tdb_unpack(d, 20) -> 4 tdb_unpack(d, 20) -> 4 tdb_unpack(f, 16) -> 9 tdb_unpack(f, 7) -> 7 regdb_fetch_keys: Exit [2] items Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67908 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67908 winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 result : WERR_OK winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 keyname: struct winreg_String name_len : 0x0080 (128) name_size : 0x0080 (128) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. regkey_open_onelevel: name = [SOFTWARE] regdb_open: incrementing refcount (1->2) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] pathtree_find: Enter [\HKLM\SOFTWARE] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE] tdb_unpack(d, 29) -> 4 tdb_unpack(d, 29) -> 4 tdb_unpack(f, 25) -> 10 tdb_unpack(f, 15) -> 6 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [Microsoft] regdb_open: incrementing refcount (2->3) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft] tdb_unpack(d, 23) -> 4 tdb_unpack(d, 23) -> 4 tdb_unpack(f, 19) -> 11 tdb_unpack(f, 8) -> 8 regdb_fetch_keys: Exit [2] items regkey_open_onelevel: name = [Windows NT] regdb_open: incrementing refcount (3->4) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT] tdb_unpack(d, 19) -> 4 tdb_unpack(d, 19) -> 4 tdb_unpack(f, 15) -> 15 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [CurrentVersion] regdb_open: incrementing refcount (4->5) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] tdb_unpack(d, 46) -> 4 tdb_unpack(d, 46) -> 4 tdb_unpack(f, 42) -> 6 tdb_unpack(f, 36) -> 6 tdb_unpack(f, 30) -> 8 tdb_unpack(f, 22) -> 13 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [5] items regkey_open_onelevel: name = [Print] regdb_open: incrementing refcount (5->6) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb76a1920 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] tdb_unpack(d, 13) -> 4 tdb_unpack(d, 13) -> 4 tdb_unpack(f, 9) -> 9 regdb_fetch_keys: Exit [1] items regkey_open_onelevel: name = [Printers] regdb_open: incrementing refcount (6->7) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] tdb_unpack(d, 38) -> 4 tdb_unpack(d, 38) -> 4 tdb_unpack(f, 34) -> 17 tdb_unpack(f, 17) -> 13 tdb_unpack(f, 4) -> 4 regdb_fetch_keys: Exit [3] items regkey_open_onelevel: name = [PDF] regdb_open: incrementing refcount (7->8) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] pathtree_find: [loop] base => [HKLM], new_path => [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] pathtree_find_child: child key => [HKLM] pathtree_find_child: child key => [HKPT] pathtree_find_child: Found [HKLM] pathtree_find: [loop] base => [SOFTWARE], new_path => [Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] pathtree_find_child: child key => [SOFTWARE] pathtree_find_child: child key => [SYSTEM] pathtree_find_child: Found [SOFTWARE] pathtree_find: [loop] base => [Microsoft], new_path => [Windows NT\CurrentVersion\Print\Printers\PDF] pathtree_find_child: child key => [Microsoft] pathtree_find_child: child key => [Samba] pathtree_find_child: Found [Microsoft] pathtree_find: [loop] base => [Windows NT], new_path => [CurrentVersion\Print\Printers\PDF] pathtree_find_child: child key => [Windows NT] pathtree_find_child: Found [Windows NT] pathtree_find: [loop] base => [CurrentVersion], new_path => [Print\Printers\PDF] pathtree_find_child: child key => [CurrentVersion] pathtree_find_child: Found [CurrentVersion] pathtree_find: [loop] base => [Print], new_path => [Printers\PDF] pathtree_find_child: child key => [Perflib] pathtree_find_child: child key => [Ports] pathtree_find_child: child key => [Print] pathtree_find_child: Found [Print] pathtree_find: [loop] base => [Printers], new_path => [PDF] pathtree_find_child: child key => [Printers] pathtree_find_child: Found [Printers] pathtree_find: [loop] base => [PDF], new_path => [] pathtree_find_child: Did not find [PDF] pathtree_find: Found data_p! pathtree_find: Exit reghook_cache_find: found ops 0xb6b9a220 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] regdb_fetch_keys: Enter key => [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF] tdb_unpack(d, 41) -> 4 tdb_unpack(d, 41) -> 4 tdb_unpack(f, 37) -> 9 tdb_unpack(f, 28) -> 10 tdb_unpack(f, 18) -> 18 regdb_fetch_keys: Exit [3] items regdb_close: decrementing refcount (8->7) regdb_close: decrementing refcount (7->6) regdb_close: decrementing refcount (6->5) regdb_close: decrementing refcount (5->4) regdb_close: decrementing refcount (4->3) regdb_close: decrementing refcount (3->2) Opened policy hnd[2] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-7a53-388b31220000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b67910 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b67910 winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-7a53-388b31220000 result : WERR_OK winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF already exists winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (2->1) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b6a628 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b6a628 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-7a53-388b31220000 Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 7A 53 38 8B ........ ....zS8. [0010] 31 22 00 00 1".. Closed policy regdb_close: decrementing refcount (1->0) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b682f8 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b682f8 winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK Deleted handle list for RPC connection \winreg tdb_unpack(dd, 8) -> 8 tdb_unpack(ddPPP, 51) -> 51 tdb_unpack(ddPPP, 43) -> 43 tdb_unpack(ddPPP, 17) -> 17 Could not find child 8754 -- ignoring Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 2625280 SO_RCVBUF = 1058624 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 1 SO_SNDBUF = 2625280 SO_RCVBUF = 1058624 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue May 20 00:28:34 2014 Allowed connection from ::1 (::1) Connection allowed from ipv6:::1:48106 to ipv6:::1:445 init_oplocks: initializing messages. Registering messaging pointer for type 774 - private_data=0xb7b65d60 Registering messaging pointer for type 776 - private_data=0xb7b65d60 Registering messaging pointer for type 778 - private_data=0xb7b65d60 Registering messaging pointer for type 770 - private_data=0xb7b65d60 Registering messaging pointer for type 787 - private_data=0xb7b65d60 Registering messaging pointer for type 779 - private_data=0xb7b65d60 Registering messaging pointer for type 15 - private_data=(nil) Overriding messaging pointer for type 15 - private_data=(nil) Deregistering messaging pointer for type 16 - private_data=(nil) Registering messaging pointer for type 16 - private_data=0xb7b65d60 Deregistering messaging pointer for type 33 - private_data=0xb7b5a560 Registering messaging pointer for type 33 - private_data=0xb7b65d60 Deregistering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 1 - private_data=(nil) s3_tevent: Added timed event "smbd_idle_event_handler": 0xb7b5dfc0 event_add_idle: idle_evt(keepalive) 0xb7b5dfc0 s3_tevent: Added timed event "smbd_idle_event_handler": 0xb7b5a758 event_add_idle: idle_evt(deadtime) 0xb7b5a758 s3_tevent: Added timed event "smbd_idle_event_handler": 0xb7b644b8 event_add_idle: idle_evt(housekeeping) 0xb7b644b8 got smb length of 190 got message type 0x0 of len 0xbe Transaction 0 of length 194 (0 toread) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=0 smb_pid=65534 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=155 [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. switch message SMBnegprot (pid 8753) conn 0x0 created /tmp/SMBnegprot.20.req len 194 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [DOS LANMAN2.1] Requested protocol [LANMAN2.1] Requested protocol [Samba] Requested protocol [NT LANMAN 1.0] Requested protocol [NT LM 0.12] set_remote_arch: Client arch is 'Samba' lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue May 20 00:28:34 2014 check lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2:/var/run/samba/serverid.tdb 3: Locking key 3122000000000000FFFFFFFF Allocated locked data 0x0xb7b690f0 Unlocking key 3122000000000000FFFFFFFF release lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2: 3: lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue May 20 00:28:34 2014 samba_tevent: Schedule immediate event "tevent_req_trigger": 0xb7b69440 samba_tevent: Run immediate event "tevent_req_trigger": 0xb7b69440 Registering messaging pointer for type 1536 - private_data=0xb7b69380 Making default auth method list for server role = 'standalone server', encrypt passwords = yes Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend wbc Successfully added auth method 'wbc' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp using SPNEGO Selected protocol NT LANMAN 1.0 negprot index=8 size=159 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51267 smb_tid=0 smb_pid=65534 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=12544 (0x3100) smb_vwv[ 8]= 34 (0x22) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=12928 (0x3280) smb_vwv[12]= 3169 (0xC61) smb_vwv[13]=46350 (0xB50E) smb_vwv[14]=53107 (0xCF73) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=90 [0000] 63 6B 73 65 72 76 65 72 00 00 00 00 00 00 00 00 ckserver ........ [0010] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 2A 0...+... ..7....* [0030] 30 28 A0 26 1B 24 6E 6F 74 5F 64 65 66 69 6E 65 0(.&.$no t_define [0040] 64 5F 69 6E 5F 52 46 43 34 31 37 38 40 70 6C 65 d_in_RFC 4178@ple [0050] 61 73 65 5F 69 67 6E 6F 72 65 ase_igno re got smb length of 164 got message type 0x0 of len 0xa4 Transaction 1 of length 168 (0 toread) size=164 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=65535 smb_pid=8756 smb_uid=0 smb_mid=1 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 83 (0x53) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49236 (0xC054) smb_vwv[11]=32768 (0x8000) smb_bcc=105 [0000] 60 51 06 06 2B 06 01 05 05 02 A0 47 30 45 A0 0E `Q..+... ...G0E.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 33 0...+... ..7....3 [0020] 04 31 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .1NTLMSS P....... [0030] 08 60 09 00 09 00 20 00 00 00 08 00 08 00 29 00 .`.... . ......). [0040] 00 00 57 4F 52 4B 47 52 4F 55 50 43 4B 53 45 52 ..WORKGR OUPCKSER [0050] 56 45 52 55 00 6E 00 69 00 78 00 00 00 53 00 61 VERU.n.i .x...S.a [0060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . switch message SMBsesssetupX (pid 8753) conn 0x0 created /tmp/SMBsesssetupX.41.req len 168 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc843 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2: 3: Locking key 535E39CF Allocated locked data 0x0xb7b59970 smbXsrv_session_global_store: key '535E39CF' stored &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x535e39cf (1398684111) session_wire_id : 0x000000000000de40 (56896) creation_time : Di Mai 20 00:52:48 2014 CEST expiration_time : Do Jan 1 01:00:00 1970 CET auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) local_address : 'ipv6:::1:445' remote_address : 'ipv6:::1:48106' remote_name : '::1' auth_session_info_seqnum : 0x00000000 (0) Unlocking key 535E39CF release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: smbXsrv_session_create: global_id (0x535e39cf) stored &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0x0000de40 (56896) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x535e39cf (1398684111) session_wire_id : 0x000000000000de40 (56896) creation_time : Di Mai 20 00:52:48 2014 CEST expiration_time : Do Jan 1 01:00:00 1970 CET auth_session_info_seqnum : 0x00000000 (0) auth_session_info : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) local_address : 'ipv6:::1:445' remote_address : 'ipv6:::1:48106' remote_name : '::1' auth_session_info_seqnum : 0x00000000 (0) status : NT_STATUS_MORE_PROCESSING_REQUIRED idle_time : Di Mai 20 00:52:48 2014 CEST nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : NULL compat : NULL tcon_table : NULL Making default auth method list for server role = 'standalone server', encrypt passwords = yes load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init Starting GENSEC mechanism spnego push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Starting GENSEC submechanism ntlmssp Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0009 (9) DomainNameMaxLen : 0x0009 (9) DomainName : * DomainName : 'WORKGROUP' WorkstationLen : 0x0008 (8) WorkstationMaxLen : 0x0008 (8) Workstation : * Workstation : 'CKSERVER' challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0010 (16) TargetNameMaxLen : 0x0010 (16) TargetName : * TargetName : 'CKSERVER' NegotiateFlags : 0x608a8215 (1619690005) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 1: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : b63c99c28752927d Reserved : 0000000000000000 TargetInfoLen : 0x0044 (68) TargetNameInfoMaxLen : 0x0044 (68) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'CKSERVER' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'CKSERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ckserver' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 size=274 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=8756 smb_uid=56896 smb_mid=1 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 163 (0xA3) smb_bcc=231 [0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 8A 60 B6 3C 99 C2 87 52 92 7D 00 ......`. <...R.}. [0040] 00 00 00 00 00 00 00 44 00 44 00 40 00 00 00 43 .......D .D.@...C [0050] 00 4B 00 53 00 45 00 52 00 56 00 45 00 52 00 02 .K.S.E.R .V.E.R.. [0060] 00 10 00 43 00 4B 00 53 00 45 00 52 00 56 00 45 ...C.K.S .E.R.V.E [0070] 00 52 00 01 00 10 00 43 00 4B 00 53 00 45 00 52 .R.....C .K.S.E.R [0080] 00 56 00 45 00 52 00 04 00 00 00 03 00 10 00 63 .V.E.R.. .......c [0090] 00 6B 00 73 00 65 00 72 00 76 00 65 00 72 00 00 .k.s.e.r .v.e.r.. [00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a [00B0] 00 6D 00 62 00 61 00 20 00 34 00 2E 00 31 00 2E .m.b.a. .4...1.. [00C0] 00 36 00 2D 00 55 00 62 00 75 00 6E 00 74 00 75 .6.-.U.b .u.n.t.u [00D0] 00 00 00 57 00 4F 00 52 00 4B 00 47 00 52 00 4F ...W.O.R .K.G.R.O [00E0] 00 55 00 50 00 00 00 .U.P... got smb length of 362 got message type 0x0 of len 0x16a Transaction 2 of length 366 (0 toread) size=362 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=65535 smb_pid=8756 smb_uid=56896 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 280 (0x118) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49236 (0xC054) smb_vwv[11]=32768 (0x8000) smb_bcc=303 [0000] A1 82 01 14 30 82 01 10 A2 82 01 0C 04 82 01 08 ....0... ........ [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [0020] 40 00 00 00 70 00 70 00 58 00 00 00 12 00 12 00 @...p.p. X....... [0030] C8 00 00 00 0E 00 0E 00 DA 00 00 00 10 00 10 00 ........ ........ [0040] E8 00 00 00 10 00 10 00 F8 00 00 00 15 82 08 60 ........ .......` [0050] 23 F6 51 6F 1D C2 14 EA AF B0 0D 43 47 DA 0E 66 #.Qo.... ...CG..f [0060] 06 8D 37 72 CD 20 ED A0 5C 72 51 17 05 27 23 9C ..7r. .. \rQ..'#. [0070] 8B 54 08 05 35 46 14 3A 01 01 00 00 00 00 00 00 .T..5F.: ........ [0080] 80 09 83 0D B5 73 CF 01 4C C5 B9 09 31 70 1C 15 .....s.. L...1p.. [0090] 00 00 00 00 02 00 10 00 43 00 4B 00 53 00 45 00 ........ C.K.S.E. [00A0] 52 00 56 00 45 00 52 00 01 00 10 00 43 00 4B 00 R.V.E.R. ....C.K. [00B0] 53 00 45 00 52 00 56 00 45 00 52 00 04 00 00 00 S.E.R.V. E.R..... [00C0] 03 00 10 00 63 00 6B 00 73 00 65 00 72 00 76 00 ....c.k. s.e.r.v. [00D0] 65 00 72 00 00 00 00 00 57 00 4F 00 52 00 4B 00 e.r..... W.O.R.K. [00E0] 47 00 52 00 4F 00 55 00 50 00 75 00 6E 00 6B 00 G.R.O.U. P.u.n.k. [00F0] 6E 00 6F 00 77 00 6E 00 43 00 4B 00 53 00 45 00 n.o.w.n. C.K.S.E. [0100] 52 00 56 00 45 00 52 00 18 6F 93 10 AC E4 D6 E9 R.V.E.R. .o...... [0110] CC D7 4C D3 C5 6E 3A A2 00 55 00 6E 00 69 00 78 ..L..n:. .U.n.i.x [0120] 00 00 00 53 00 61 00 6D 00 62 00 61 00 00 00 ...S.a.m .b.a... switch message SMBsesssetupX (pid 8753) conn 0x0 created /tmp/SMBsesssetupX.42.req len 366 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc843 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 23f6516f1dc214eaafb00d4347da0e66068d3772cd20eda0 NtChallengeResponseLen : 0x0070 (112) NtChallengeResponseMaxLen: 0x0070 (112) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 112) v2: struct NTLMv2_RESPONSE Response : 5c7251170527239c8b5408053546143a Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Di Mai 20 00:52:47 2014 CEST ChallengeFromClient : 4cc5b90931701c15 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'CKSERVER' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'CKSERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : '' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'ckserver' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0012 (18) DomainNameMaxLen : 0x0012 (18) DomainName : * DomainName : 'WORKGROUP' UserNameLen : 0x000e (14) UserNameMaxLen : 0x000e (14) UserName : * UserName : 'unknown' WorkstationLen : 0x0010 (16) WorkstationMaxLen : 0x0010 (16) Workstation : * Workstation : 'CKSERVER' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 18 6F 93 10 AC E4 D6 E9 CC D7 4C D3 C5 6E 3A A2 .o...... ..L..n:. NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 Got user=[unknown] domain=[WORKGROUP] workstation=[CKSERVER] len1=24 len2=112 lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters INFO: Current debug levels: all: 9999 tdb: 9999 printdrivers: 9999 lanman: 9999 smb: 9999 rpc_parse: 9999 rpc_srv: 9999 rpc_cli: 9999 passdb: 9999 sam: 9999 auth: 9999 winbind: 9999 vfs: 9999 idmap: 9999 quota: 9999 acls: 9999 locking: 9999 msdfs: 9999 dmapi: 9999 registry: 9999 scavenger: 9999 dns: 9999 ldb: 9999 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter dns proxy = no doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter passdb backend = tdbsam doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter guest account = ckserver doing parameter usershare allow guests = yes Processing section "[printers]" doing parameter comment = All Printers doing parameter browseable = no doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter guest ok = no doing parameter read only = yes doing parameter create mask = 0700 Processing section "[print$]" doing parameter comment = Printer Drivers doing parameter path = /var/lib/samba/printers doing parameter browseable = yes doing parameter read only = yes doing parameter guest ok = no Processing section "[smbtest]" doing parameter comment = smbtest doing parameter path = /smbtest doing parameter read only = no doing parameter guest ok = yes pm_process() returned Yes lp_servicenumber: couldn't find homes adding IPC service Mapping user [WORKGROUP]\[unknown] from workstation [CKSERVER] Mapped domain from [WORKGROUP] to [CKSERVER] for user [unknown] from workstation [CKSERVER] attempting to make a user_info for unknown (unknown) making strings for unknown's user_info struct making blobs for unknown's user_info struct made a user_info for unknown (unknown) check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[unknown]@[CKSERVER] with the new password interface check_ntlm_password: mapped user is: [CKSERVER]\[unknown]@[CKSERVER] check_ntlm_password: auth_context challenge created by random challenge is: [0000] B6 3C 99 C2 87 52 92 7D .<...R.} Check auth for: [unknown] check_ntlm_password: guest had nothing to say Check auth for: [unknown] is_myname("CKSERVER") returns 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwnam (TDB): error fetching database. Key: USER_unknown pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 check_sam_security: Couldn't find user 'unknown' in passdb. check_ntlm_password: sam authentication for user [unknown] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [unknown] -> [unknown] FAILED with error NT_STATUS_NO_SUCH_USER Checking NTLMSSP password for WORKGROUP\unknown failed: NT_STATUS_NO_SUCH_USER No such user unknown [WORKGROUP] - using guest account ntlmssp_server_auth: Failed to create unmodified session key. server session key is invalid (len == 0), cannot do KEY_EXCH! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2: 3: Locking key 535E39CF Allocated locked data 0x0xb7b6a9c8 smbXsrv_session_global_store: key '535E39CF' stored &global_blob: struct smbXsrv_session_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_session_globalU(case 0) info0 : * info0: struct smbXsrv_session_global0 db_rec : * session_global_id : 0x535e39cf (1398684111) session_wire_id : 0x000000000000de40 (56896) creation_time : Di Mai 20 00:52:48 2014 CEST expiration_time : Do Jan 1 01:00:00 1970 CET auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000006 (6) sids: ARRAY(6) sids : S-1-5-21-776888349-2444189073-2378508477-501 sids : S-1-5-21-776888349-2444189073-2378508477-514 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-1000 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x00000000000003e8 (1000) gid : 0x00000000000003e8 (1000) ngroups : 0x00000000 (0) groups: ARRAY(0) info : * info: struct auth_user_info account_name : * account_name : 'ckserver' domain_name : * domain_name : 'CKSERVER' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'ckserver' sanitized_username : * sanitized_username : 'unknown' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) local_address : 'ipv6:::1:445' remote_address : 'ipv6:::1:48106' remote_name : '::1' auth_session_info_seqnum : 0x00000001 (1) Unlocking key 535E39CF release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: smbXsrv_session_update: global_id (0x535e39cf) stored &session_blob: struct smbXsrv_sessionB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_sessionU(case 0) info0 : * info0: struct smbXsrv_session table : * db_rec : NULL connection : * local_id : 0x0000de40 (56896) global : * global: struct smbXsrv_session_global0 db_rec : NULL session_global_id : 0x535e39cf (1398684111) session_wire_id : 0x000000000000de40 (56896) creation_time : Di Mai 20 00:52:48 2014 CEST expiration_time : Do Jan 1 01:00:00 1970 CET auth_session_info_seqnum : 0x00000001 (1) auth_session_info : * auth_session_info: struct auth_session_info security_token : * security_token: struct security_token num_sids : 0x00000006 (6) sids: ARRAY(6) sids : S-1-5-21-776888349-2444189073-2378508477-501 sids : S-1-5-21-776888349-2444189073-2378508477-514 sids : S-1-1-0 sids : S-1-5-2 sids : S-1-5-32-546 sids : S-1-22-1-1000 privilege_mask : 0x0000000000000000 (0) 0: SEC_PRIV_MACHINE_ACCOUNT_BIT 0: SEC_PRIV_PRINT_OPERATOR_BIT 0: SEC_PRIV_ADD_USERS_BIT 0: SEC_PRIV_DISK_OPERATOR_BIT 0: SEC_PRIV_REMOTE_SHUTDOWN_BIT 0: SEC_PRIV_BACKUP_BIT 0: SEC_PRIV_RESTORE_BIT 0: SEC_PRIV_TAKE_OWNERSHIP_BIT 0: SEC_PRIV_INCREASE_QUOTA_BIT 0: SEC_PRIV_SECURITY_BIT 0: SEC_PRIV_LOAD_DRIVER_BIT 0: SEC_PRIV_SYSTEM_PROFILE_BIT 0: SEC_PRIV_SYSTEMTIME_BIT 0: SEC_PRIV_PROFILE_SINGLE_PROCESS_BIT 0: SEC_PRIV_INCREASE_BASE_PRIORITY_BIT 0: SEC_PRIV_CREATE_PAGEFILE_BIT 0: SEC_PRIV_SHUTDOWN_BIT 0: SEC_PRIV_DEBUG_BIT 0: SEC_PRIV_SYSTEM_ENVIRONMENT_BIT 0: SEC_PRIV_CHANGE_NOTIFY_BIT 0: SEC_PRIV_UNDOCK_BIT 0: SEC_PRIV_ENABLE_DELEGATION_BIT 0: SEC_PRIV_MANAGE_VOLUME_BIT 0: SEC_PRIV_IMPERSONATE_BIT 0: SEC_PRIV_CREATE_GLOBAL_BIT rights_mask : 0x00000000 (0) 0: LSA_POLICY_MODE_INTERACTIVE 0: LSA_POLICY_MODE_NETWORK 0: LSA_POLICY_MODE_BATCH 0: LSA_POLICY_MODE_SERVICE 0: LSA_POLICY_MODE_PROXY 0: LSA_POLICY_MODE_DENY_INTERACTIVE 0: LSA_POLICY_MODE_DENY_NETWORK 0: LSA_POLICY_MODE_DENY_BATCH 0: LSA_POLICY_MODE_DENY_SERVICE 0: LSA_POLICY_MODE_REMOTE_INTERACTIVE 0: LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00: LSA_POLICY_MODE_ALL (0) 0x00: LSA_POLICY_MODE_ALL_NT4 (0) unix_token : * unix_token: struct security_unix_token uid : 0x00000000000003e8 (1000) gid : 0x00000000000003e8 (1000) ngroups : 0x00000000 (0) groups: ARRAY(0) info : * info: struct auth_user_info account_name : * account_name : 'ckserver' domain_name : * domain_name : 'CKSERVER' full_name : NULL logon_script : NULL profile_path : NULL home_directory : NULL home_drive : NULL logon_server : NULL last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) acct_flags : 0x00000000 (0) authenticated : 0x00 (0) unix_info : * unix_info: struct auth_user_info_unix unix_name : * unix_name : 'ckserver' sanitized_username : * sanitized_username : 'unknown' torture : NULL credentials : NULL connection_dialect : 0x0000 (0) signing_required : 0x00 (0) encryption_required : 0x00 (0) num_channels : 0x00000001 (1) channels: ARRAY(1) channels: struct smbXsrv_channel_global0 server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) local_address : 'ipv6:::1:445' remote_address : 'ipv6:::1:48106' remote_name : '::1' auth_session_info_seqnum : 0x00000001 (1) status : NT_STATUS_OK idle_time : Di Mai 20 00:52:48 2014 CEST nonce_high : 0x0000000000000000 (0) nonce_low : 0x0000000000000000 (0) gensec : * compat : * tcon_table : NULL lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue May 20 00:28:34 2014 size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=8756 smb_uid=56896 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 34 ...S.a.m .b.a. .4 [0020] 00 2E 00 31 00 2E 00 36 00 2D 00 55 00 62 00 75 ...1...6 .-.U.b.u [0030] 00 6E 00 74 00 75 00 00 00 57 00 4F 00 52 00 4B .n.t.u.. .W.O.R.K [0040] 00 47 00 52 00 4F 00 55 00 50 00 00 00 .G.R.O.U .P... got smb length of 82 got message type 0x0 of len 0x52 Transaction 3 of length 86 (0 toread) size=82 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=65535 smb_pid=8756 smb_uid=56896 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 12 (0xC) smb_vwv[ 3]= 1 (0x1) smb_bcc=39 [0000] 00 5C 00 5C 00 4C 00 4F 00 43 00 41 00 4C 00 48 .\.\.L.O .C.A.L.H [0010] 00 4F 00 53 00 54 00 5C 00 49 00 50 00 43 00 24 .O.S.T.\ .I.P.C.$ [0020] 00 00 00 49 50 43 00 ...IPC. switch message SMBtconX (pid 8753) conn 0x0 created /tmp/SMBtconX.32.req len 86 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [IPC] for share [IPC$] making a connection to 'normal' service ipc$ check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key BB490585 Allocated locked data 0x0xb7b6aaa0 smbXsrv_tcon_global_store: key 'BB490585' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xbb490585 (3142124933) tcon_wire_id : 0x0000e29f (58015) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) Unlocking key BB490585 release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_create: global_id (0xbb490585) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x0000e29f (58015) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xbb490585 (3142124933) tcon_wire_id : 0x0000e29f (58015) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) status : NT_STATUS_INTERNAL_ERROR idle_time : Di Mai 20 00:52:48 2014 CEST compat : NULL Allowed connection from ::1 (::1) set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] user_ok_token: share IPC$ is ok for unix user ckserver is_share_read_only_for_user: share IPC$ is read-only for unix user ckserver se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff Initialising default vfs hooks vfs_find_backend_entry called for posixacl Successfully added vfs backend 'posixacl' vfs_find_backend_entry called for /[Default VFS]/ Successfully added vfs backend '/[Default VFS]/' Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system set_conn_connectpath: service IPC$, connectpath = /tmp user_ok_token: share IPC$ is ok for unix user ckserver is_share_read_only_for_user: share IPC$ is read-only for unix user ckserver se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (6): SID[ 0]: S-1-5-21-776888349-2444189073-2378508477-501 SID[ 1]: S-1-5-21-776888349-2444189073-2378508477-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 0 supplementary groups Impersonated user: uid=(1000,1000), gid=(0,1000) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) set_conn_connectpath: service IPC$, connectpath = /tmp vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp ckserver (ipv6:::1:48106) connect to service IPC$ initially as user ckserver (uid=1000, gid=1000) (pid 8753) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key BB490585 Allocated locked data 0x0xb7b6aa78 smbXsrv_tcon_global_store: key 'BB490585' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0xbb490585 (3142124933) tcon_wire_id : 0x0000e29f (58015) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : 'IPC$' encryption_required : 0x00 (0) session_global_id : 0x535e39cf (1398684111) Unlocking key BB490585 release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_update: global_id (0xbb490585) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x0000e29f (58015) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0xbb490585 (3142124933) tcon_wire_id : 0x0000e29f (58015) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : 'IPC$' encryption_required : 0x00 (0) session_global_id : 0x535e39cf (1398684111) status : NT_STATUS_OK idle_time : Di Mai 20 00:52:48 2014 CEST compat : * tconX service=IPC$ size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=58015 smb_pid=8756 smb_uid=56896 smb_mid=3 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [0000] 49 50 43 00 00 00 00 IPC.... got smb length of 108 got message type 0x0 of len 0x6c Transaction 4 of length 112 (0 toread) size=108 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=58015 smb_pid=8756 smb_uid=56896 smb_mid=4 smt_wct=15 smb_vwv[ 0]= 40 (0x28) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]=65535 (0xFFFF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 40 (0x28) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 108 (0x6C) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=43 [0000] 00 44 20 03 00 5C 00 6C 00 6F 00 63 00 61 00 6C .D ..\.l .o.c.a.l [0010] 00 68 00 6F 00 73 00 74 00 5C 00 73 00 6D 00 62 .h.o.s.t .\.s.m.b [0020] 00 74 00 65 00 73 00 74 00 00 00 .t.e.s.t ... switch message SMBtrans2 (pid 8753) conn 0xb7b6e0b8 created /tmp/SMBtrans2.31.req len 112 setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (6): SID[ 0]: S-1-5-21-776888349-2444189073-2378508477-501 SID[ 1]: S-1-5-21-776888349-2444189073-2378508477-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 0 supplementary groups Impersonated user: uid=(1000,1000), gid=(0,1000) vfs_ChDir to /tmp vfs_ChDir got /tmp call_trans2getdfsreferral dfs_GetDFSReferral: struct dfs_GetDFSReferral in: struct dfs_GetDFSReferral req: struct dfs_GetDFSReferral_in max_referral_level : 0x0003 (3) servername : '\localhost\smbtest' parse_dfs_path: temp = |localhost\smbtest| after trimming \'s parse_dfs_path: hostname: localhost parse_dfs_path: servicename: smbtest get_referred_path: |smbtest| in dfs path \localhost\smbtest is not a dfs root. NT error packet at ../source3/smbd/trans2.c(8572) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=58015 smb_pid=8756 smb_uid=56896 smb_mid=4 smt_wct=0 smb_bcc=0 got smb length of 35 got message type 0x0 of len 0x23 Transaction 5 of length 39 (0 toread) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=58015 smb_pid=8756 smb_uid=56896 smb_mid=5 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 8753) conn 0xb7b6e0b8 created /tmp/SMBtdis.31.req len 39 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key BB490585 Allocated locked data 0x0xb7b6def8 Unlocking key BB490585 release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) ckserver (ipv6:::1:48106) closed connection to service IPC$ vfs_ChDir to / vfs_ChDir got / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=58015 smb_pid=8756 smb_uid=56896 smb_mid=5 smt_wct=0 smb_bcc=0 got smb length of 90 got message type 0x0 of len 0x5a Transaction 6 of length 94 (0 toread) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=65535 smb_pid=8756 smb_uid=56896 smb_mid=6 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 12 (0xC) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [0000] 00 5C 00 5C 00 4C 00 4F 00 43 00 41 00 4C 00 48 .\.\.L.O .C.A.L.H [0010] 00 4F 00 53 00 54 00 5C 00 53 00 4D 00 42 00 54 .O.S.T.\ .S.M.B.T [0020] 00 45 00 53 00 54 00 00 00 3F 3F 3F 3F 3F 00 .E.S.T.. .?????. switch message SMBtconX (pid 8753) conn 0x0 created /tmp/SMBtconX.33.req len 94 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [SMBTEST] making a connection to 'normal' service smbtest check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key 9B18DBCB Allocated locked data 0x0xb7b6aae0 smbXsrv_tcon_global_store: key '9B18DBCB' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x9b18dbcb (2602097611) tcon_wire_id : 0x0000b7c0 (47040) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) Unlocking key 9B18DBCB release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_create: global_id (0x9b18dbcb) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x0000b7c0 (47040) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x9b18dbcb (2602097611) tcon_wire_id : 0x0000b7c0 (47040) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : NULL encryption_required : 0x00 (0) session_global_id : 0x00000000 (0) status : NT_STATUS_INTERNAL_ERROR idle_time : Di Mai 20 00:52:48 2014 CEST compat : NULL Allowed connection from ::1 (::1) set_conn_connectpath: service smbtest, connectpath = /smbtest Connect path is '/smbtest' for service [smbtest] user_ok_token: share smbtest is ok for unix user ckserver is_share_read_only_for_user: share smbtest is read-write for unix user ckserver se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Registering messaging pointer for type 784 - private_data=0xb7b6e128 set_conn_connectpath: service smbtest, connectpath = /smbtest user_ok_token: share smbtest is ok for unix user ckserver is_share_read_only_for_user: share smbtest is read-write for unix user ckserver se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (6): SID[ 0]: S-1-5-21-776888349-2444189073-2378508477-501 SID[ 1]: S-1-5-21-776888349-2444189073-2378508477-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 0 supplementary groups Impersonated user: uid=(1000,1000), gid=(0,1000) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) set_conn_connectpath: service smbtest, connectpath = /smbtest vfswrap_fs_capabilities: timestamp resolution of sec available on share smbtest, directory /smbtest ckserver (ipv6:::1:48106) connect to service smbtest initially as user ckserver (uid=1000, gid=1000) (pid 8753) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key 9B18DBCB Allocated locked data 0x0xb7b6e200 smbXsrv_tcon_global_store: key '9B18DBCB' stored &global_blob: struct smbXsrv_tcon_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000002 (2) info : union smbXsrv_tcon_globalU(case 0) info0 : * info0: struct smbXsrv_tcon_global0 db_rec : * tcon_global_id : 0x9b18dbcb (2602097611) tcon_wire_id : 0x0000b7c0 (47040) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : 'smbtest' encryption_required : 0x00 (0) session_global_id : 0x535e39cf (1398684111) Unlocking key 9B18DBCB release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: smbXsrv_tcon_update: global_id (0x9b18dbcb) stored &tcon_blob: struct smbXsrv_tconB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_tconU(case 0) info0 : * info0: struct smbXsrv_tcon table : * db_rec : NULL local_id : 0x0000b7c0 (47040) global : * global: struct smbXsrv_tcon_global0 db_rec : NULL tcon_global_id : 0x9b18dbcb (2602097611) tcon_wire_id : 0x0000b7c0 (47040) server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) creation_time : Di Mai 20 00:52:48 2014 CEST share_name : 'smbtest' encryption_required : 0x00 (0) session_global_id : 0x535e39cf (1398684111) status : NT_STATUS_OK idle_time : Di Mai 20 00:52:48 2014 CEST compat : * tconX service=SMBTEST size=62 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=47040 smb_pid=8756 smb_uid=56896 smb_mid=6 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 31 (0x1F) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_bcc=13 [0000] 41 3A 00 4E 00 54 00 46 00 53 00 00 00 A:.N.T.F .S... got smb length of 106 got message type 0x0 of len 0x6a Transaction 7 of length 110 (0 toread) size=106 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=47040 smb_pid=8756 smb_uid=56896 smb_mid=7 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 5120 (0x1400) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 4608 (0x1200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=23 [0000] 00 5C 00 74 00 65 00 73 00 74 00 2E 00 74 00 78 .\.t.e.s .t...t.x [0010] 00 74 00 00 00 00 00 .t..... switch message SMBntcreateX (pid 8753) conn 0xb7b6e2b0 created /tmp/SMBntcreateX.15.req len 110 setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 Security token SIDs (6): SID[ 0]: S-1-5-21-776888349-2444189073-2378508477-501 SID[ 1]: S-1-5-21-776888349-2444189073-2378508477-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-1000 Privileges (0x 0): Rights (0x 0): UNIX token of user 1000 Primary group is 1000 and contains 0 supplementary groups Impersonated user: uid=(1000,1000), gid=(0,1000) vfs_ChDir to /smbtest vfs_ChDir got /smbtest reply_ntcreate_and_X: flags = 0x0, access_mask = 0x120089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test.txt unix_convert called on file "test.txt" stat_cache_lookup: lookup failed for name [TEST.TXT] unix_convert begin: name = test.txt, dirpath = , start = test.txt stat_cache_add: Added entry (b7b6b660:size 8) TEST.TXT -> test.txt conversion of base_name finished test.txt -> test.txt check_reduced_name [test.txt] [/smbtest] check_reduced_name realpath [test.txt] -> [/smbtest/test.txt] check_reduced_name: test.txt reduced to /smbtest/test.txt create_file: access_mask = 0x120089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x0 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = test.txt create_file_unixpath: access_mask = 0x120089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x0 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test.txt check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: Locking key 52996799 Allocated locked data 0x0xb7b6eb40 smbXsrv_open_global_store: key '52996799' stored &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) open_global_id : 0x52996799 (1385785241) open_persistent_id : 0x0000000052996799 (1385785241) open_volatile_id : 0x00000000000030bb (12475) open_owner : S-1-5-21-776888349-2444189073-2378508477-501 open_time : Di Mai 20 00:52:48 2014 CEST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 Unlocking key 52996799 release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb lock order: 1: 2: 3: smbXsrv_open_create: global_id (0x52996799) stored &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x000030bb (12475) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002231 (8753) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xd5f50380e4b514e2 (-3029511322209020702) open_global_id : 0x52996799 (1385785241) open_persistent_id : 0x0000000052996799 (1385785241) open_volatile_id : 0x00000000000030bb (12475) open_owner : S-1-5-21-776888349-2444189073-2378508477-501 open_time : Di Mai 20 00:52:48 2014 CEST create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 00000000-0000-0000-0000-000000000000 app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Di Mai 20 00:52:48 2014 CEST compat : NULL allocated file structure fnum 12475 (1 used) file_name_hash: /smbtest/test.txt hash 0x224ec3ce unix_mode(test.txt) returning 0744 open_file_ntcreate: fname=test.txt, dos_attrs=0x0 access_mask=0x120089 share_access=0x3 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=0 private_flags = 0x0 dos_mode: test.txt dos_mode_from_sbuf returning dos_mode returning open_file_ntcreate: fname=test.txt, after mapping access_mask=0x120089 calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x120089, open_access_mask = 0x120089 posix_get_nt_acl: called for file test.txt Adding cache entry with key=[IDMAP/UID2SID/1000] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539967 seconds in the past) uid_to_sid: winbind failed to find a sid for uid 1000 push_sec_ctx(1000, 1000) : sec_ctx_stack_ndx = 1 push_conn_ctx(56896) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(56896) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 192) -> 192 element 5 -> now SET element 6 -> now SET element 7 -> now SET element 8 -> now SET element 9 -> now SET element 20 -> now SET pdb_set_username: setting username ckserver, was element 11 -> now SET pdb_set_domain: setting domain CKSERVER, was element 13 -> now SET pdb_set_nt_username: setting nt username , was element 14 -> now SET pdb_set_full_name: setting full name CK, was element 12 -> now SET Home server: ckserver pdb_set_homedir: setting home dir \\ckserver\ckserver, was element 1 -> now DEFAULT pdb_set_dir_drive: setting dir drive , was NULL element 3 -> now DEFAULT pdb_set_logon_script: setting logon script , was element 4 -> now DEFAULT Home server: ckserver pdb_set_profile_path: setting profile path \\ckserver\ckserver\profile, was element 2 -> now DEFAULT element 21 -> now SET element 23 -> now SET pdb_set_workstations: setting workstations , was element 22 -> now SET element 24 -> now SET element 33 -> now SET push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(56896) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 element 34 -> now SET pdb_set_user_sid: setting user sid S-1-5-21-776888349-2444189073-2378508477-3000 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-776888349-2444189073-2378508477-3000 from rid 3000 element 15 -> now SET element 27 -> now SET element 28 -> now SET element 31 -> now SET element 19 -> now SET element 16 -> now SET element 25 -> now SET pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (1000, 1000) - sec_ctx_stack_ndx = 0 LEGACY: uid 1000 -> sid S-1-5-21-776888349-2444189073-2378508477-3000 Adding cache entry with key=[IDMAP/GID2SID/1000] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1400539967 seconds in the past) gid_to_sid: winbind failed to find a sid for gid 1000 push_sec_ctx(1000, 1000) : sec_ctx_stack_ndx = 1 push_conn_ctx(56896) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (1000, 1000) - sec_ctx_stack_ndx = 0 LEGACY: gid 1000 -> sid S-1-22-2-1000 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-1000 gid 1000 (ckserver) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-5-21-776888349-2444189073-2378508477-3000 uid 1000 (ckserver) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-776888349-2444189073-2378508477-3000 uid 1000 (ckserver) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- canon_ace index 1. Type = allow SID = S-1-22-2-1000 gid 1000 (ckserver) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 180 to (NT) 12019f map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 smbd_check_access_rights: file test.txt requesting 0x120089 returning 0x120009 (NT_STATUS_ACCESS_DENIED) smbd_check_access_rights: acl for test.txt is: sd: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9004 (36868) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-776888349-2444189073-2378508477-3000 group_sid : * group_sid : S-1-22-2-1000 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0058 (88) num_aces : 0x00000003 (3) aces: ARRAY(3) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x0012019f (1180063) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-776888349-2444189073-2378508477-3000 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x00000000 (0) object : union security_ace_object_ctr(case 0) trustee : S-1-22-2-1000 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x00000000 (0) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 open_file: smbd_check_access_rights on file test.txt returned NT_STATUS_ACCESS_DENIED check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: Locking key 52996799 Allocated locked data 0x0xb7b6ff38 Unlocking key 52996799 release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb lock order: 1: 2: 3: freed files structure 12475 (0 used) create_file_unixpath: NT_STATUS_ACCESS_DENIED create_file: NT_STATUS_ACCESS_DENIED NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED size=35 smb_com=0xa2 smb_rcls=34 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=47040 smb_pid=8756 smb_uid=56896 smb_mid=7 smt_wct=0 smb_bcc=0 got smb length of 35 got message type 0x0 of len 0x23 Transaction 8 of length 39 (0 toread) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51267 smb_tid=47040 smb_pid=8756 smb_uid=56896 smb_mid=8 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 8753) conn 0xb7b6e2b0 created /tmp/SMBtdis.32.req len 39 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) check lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1:/var/run/samba/smbXsrv_tcon_global.tdb 2: 3: Locking key 9B18DBCB Allocated locked data 0x0xb7b6e628 Unlocking key 9B18DBCB release lock order 1 for /var/run/samba/smbXsrv_tcon_global.tdb lock order: 1: 2: 3: setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) ckserver (ipv6:::1:48106) closed connection to service smbtest vfs_ChDir to / vfs_ChDir got / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=47040 smb_pid=8756 smb_uid=56896 smb_mid=8 smt_wct=0 smb_bcc=0 read_fd_with_timeout: blocking read. EOF from client. receive_smb_raw_talloc failed for client ipv6:::1:48106 read error = NT_STATUS_END_OF_FILE. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) check lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1:/var/run/samba/smbXsrv_session_global.tdb 2: 3: Locking key 535E39CF Allocated locked data 0x0xb7b6d3c8 Unlocking key 535E39CF release lock order 1 for /var/run/samba/smbXsrv_session_global.tdb lock order: 1: 2: 3: smb_pam_start: PAM: Init user: ckserver smb_pam_start: PAM: setting rhost to: ::1 smb_pam_start: PAM: setting tty smb_pam_start: PAM: Init passed for user: ckserver smb_internal_pam_session: PAM: tty set to: smb/1398684111 smb_pam_end: PAM: PAM_END OK. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) check lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2:/var/run/samba/serverid.tdb 3: Locking key 3122000000000000FFFFFFFF Allocated locked data 0x0xb7b6b4e0 Unlocking key 3122000000000000FFFFFFFF release lock order 2 for /var/run/samba/serverid.tdb lock order: 1: 2: 3: Deregistering messaging pointer for type 1536 - private_data=0xb7b69380 notify_context_destructor called Deregistering messaging pointer for type 784 - private_data=0xb7b6e128 Server exit (failed to receive smb request)