samb4 torture eventlog failed. Need HELP!

Donghui Wen dhwen at
Fri Nov 12 01:32:35 GMT 2004

I checked out samba4 from cvs this morning.
I just found out something: if I change the value of
form 0x00 to 0x07 in librpc/gen_ndr/ndr_eventlog.h. The test can pass, and
I tried to call dcerpc_eventlog_GetNumRecords, it reported the same error,
I change the value of DCERPC_EVENTLOG_OPENEVENTLOG  to 0x04, it still
reports error, ethreal also complains mailformed packet.

I was wondering if anyone ever read windows eventlog successfully from

I tried samba-tng also, but it could not support digital signing.


On Fri, 2004-11-12 at 11:51, Donghui Wen wrote:
> Hi, Andrew and the other samba hacker,
>      I am trying to use samba4 to get eventlog from windows 2003. The
first thing
> I want to try is smbtorture.
> smbtorture // -U administrator%pass RPC-EVENTLOG
> Here is the result:
> ------------------------
> testing OpenEventLog
> OpenEventLog failed - NT_STATUS_NET_WRITE_FAULT
> RPC-EVENTLOG took 0.277033 secs
> -------------------------
> I took a look at the ethreal trace, looks like smbtorture is sending
> a ElfrClearElFW instead a ElfrOpenElv when open the eventlog.
> I have spent some time in reading the source code, but still could
> not figure out the reason. Please help!

Have you tried current SVN?  What revision are you running?

In any case, I get past this call against Win2k3 - but there seems
something fishy about eventlog_ReadEventLogW()...

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at

----- Original Message ----- 
From: "Andrew Bartlett" <abartlet at>
To: "Donghui Wen" <dhwen at>
Cc: <samba-technical at>
Sent: Thursday, November 11, 2004 5:11 PM
Subject: Re: samb4 torture eventlog failed. Need HELP!

More information about the samba-technical mailing list