[Samba] Domain logon problem with w2k client on a Samba-3 PDC
Jean-Francois Leblond
jfleblond at videotron.ca
Wed Jun 15 04:40:36 GMT 2005
I made some research on the error, I'm seeing: "_samr_create_user: ACCESS
DENIED". The description looks similar to my problem i.e. Samba3 PDC with a
W2K client domain logon
The solution points to a link which does exist anymore:
http://www.samba.org/samba/docs/man/guide/secure.html#id2520407
I attached the level 2 and 3 log output. At level 3, I'm getting a log file
with the ip address. Server name is jflcent and client is jflw2k. I cleared
the logs before capturing. Nopthing was logged in smbd.log or nmbd.log
At log level 2, I'm getting this in the client log file:
[root at jflcent samba]# tail -f jflw2k.log
[2005/06/15 00:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:26:24, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:26:24, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [testuser] -> [testuser] ->
[testuser] succeeded
[2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PALMARINC ->
S-1-5-21-1306232831-1958954829-1360062360
[2005/06/15 00:26:24, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2005/06/15 00:26:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PALMARINC ->
S-1-5-21-1306232831-1958954829-1360062360
[2005/06/15 00:26:24, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
0x00000010)
[2005/06/15 00:26:24, 2] smbd/server.c:exit_server(571)
Closing connections
[2005/06/15 00:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:26:25, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [testuser] -> [testuser] ->
[testuser] succeeded
[2005/06/15 00:26:25, 2] smbd/server.c:exit_server(571)
Closing connections
Client log file at level 3:
[root at jflcent samba]# cat jflw2k.log
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 137
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 3418) conn 0x0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/06/15 00:37:37, 3] smbd/negprot.c:reply_negprot(549)
Selected protocol NT LM 0.12
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 202
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 3418) conn 0x0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc803
[2005/06/15 00:37:37, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 32
[2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x80008207
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 306
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 3418) conn 0x0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc803
[2005/06/15 00:37:37, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/06/15 00:37:37, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
Got user=[testuser] domain=[PALMARINC] workstation=[JFLW2K] len1=24
len2=24
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[PALMARINC]\[testuser]@[JFLW2K] with the new password interface
[2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [PALMARINC]\[testuser]@[JFLW2K]
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [testuser] succeeded
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [testuser] -> [testuser] ->
[testuser] succeeded
[2005/06/15 00:37:37, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/06/15 00:37:37, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x00008215
[2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(222)
User name: testuser Real name: Samba user test
[2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(241)
UNIX uid 501 is UNIX user testuser, and will be vuid 100
[2005/06/15 00:37:37, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'testuser' using home directory:
'/home/testuser'
[2005/06/15 00:37:37, 3] param/loadparm.c:lp_add_home(2341)
adding home's share [testuser] for user 'testuser' at '/home/testuser'
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 84
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 3418) conn 0x0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/service.c:make_connection_snum(472)
Connect path is '/tmp' for service [IPC$]
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 3] smbd/vfs.c:vfs_init_default(203)
Initialising default vfs hooks
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/service.c:make_connection_snum(648)
jflw2k (192.168.0.7) connect to service IPC$ initially as user testuser
(uid=501, gid=100) (pid 3418)
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/reply.c:reply_tcon_and_X(456)
tconX service=IPC$
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75cb nwritten=72
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75cb min=1024 max=1024 nread=68
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 176
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=88 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75cb)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 820
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=46 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75cb)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=46 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75cb)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 512
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75cc nwritten=72
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75cc min=1024 max=1024 nread=68
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=36 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75cc)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=184 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75cc)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=148 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75cc)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 42
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75cc)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75cc)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 100
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe samr opening.
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\samr
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75cd nwritten=72
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75cd min=1024 max=1024 nread=68
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 156
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=68 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CONNECT4
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 752
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 140
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=52 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 1080
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 170
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=82 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PALMARINC ->
S-1-5-21-1306232831-1958954829-1360062360
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 18
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 164
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=76 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 732
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 140
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=52 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 1080
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 170
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=82 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2005/06/15 00:37:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain PALMARINC ->
S-1-5-21-1306232831-1958954829-1360062360
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 18
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 164
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=76 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:37, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 732
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 176
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=88 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CREATE_USER
[2005/06/15 00:37:37, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
0x00000010)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 16
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 132
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 132
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 75cd)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 45
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 34 of length 132
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:37, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:37, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75cb)
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/06/15 00:37:37, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 35 of length 45
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 36 of length 39
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 3418) conn 0x98e9218
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/service.c:close_cnum(836)
jflw2k (192.168.0.7) closed connection to service IPC$
[2005/06/15 00:37:37, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 37 of length 43
[2005/06/15 00:37:37, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 3418) conn 0x0
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 3] smbd/reply.c:reply_ulogoffX(1249)
ulogoffX vuid=100
[2005/06/15 00:37:37, 3] smbd/process.c:timeout_processing(1336)
timeout_processing: End of file from client (client has disconnected).
[2005/06/15 00:37:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:37, 2] smbd/server.c:exit_server(571)
Closing connections
[2005/06/15 00:37:37, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/06/15 00:37:37, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 137
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 3419) conn 0x0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/06/15 00:37:38, 3] smbd/negprot.c:reply_negprot(549)
Selected protocol NT LM 0.12
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 202
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 3419) conn 0x0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc803
[2005/06/15 00:37:38, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 32
[2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x80008207
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 306
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 3419) conn 0x0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc803
[2005/06/15 00:37:38, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/06/15 00:37:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
Got user=[testuser] domain=[PALMARINC] workstation=[JFLW2K] len1=24
len2=24
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[PALMARINC]\[testuser]@[JFLW2K] with the new password interface
[2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [PALMARINC]\[testuser]@[JFLW2K]
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [testuser] succeeded
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [testuser] -> [testuser] ->
[testuser] succeeded
[2005/06/15 00:37:38, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/06/15 00:37:38, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x00008215
[2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(222)
User name: testuser Real name: Samba user test
[2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(241)
UNIX uid 501 is UNIX user testuser, and will be vuid 100
[2005/06/15 00:37:38, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'testuser' using home directory:
'/home/testuser'
[2005/06/15 00:37:38, 3] param/loadparm.c:lp_add_home(2341)
adding home's share [testuser] for user 'testuser' at '/home/testuser'
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 84
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 3419) conn 0x0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/service.c:make_connection_snum(472)
Connect path is '/tmp' for service [IPC$]
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:38, 3] smbd/vfs.c:vfs_init_default(203)
Initialising default vfs hooks
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/service.c:make_connection_snum(648)
jflw2k (192.168.0.7) connect to service IPC$ initially as user testuser
(uid=501, gid=100) (pid 3419)
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/reply.c:reply_tcon_and_X(456)
tconX service=IPC$
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (501, 100) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75c9 nwritten=72
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75c9 min=1024 max=1024 nread=68
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 176
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=88 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75c9)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(251)
[2005/06/15 00:37:38, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is
S-1-5-21-1306232831-1958954829-1360062360-2002
se_access_check: also S-1-5-21-1306232831-1958954829-1360062360-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 820
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=46 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75c9)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=46 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75c9)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 512
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75ca nwritten=72
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75ca min=1024 max=1024 nread=68
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=36 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75ca)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=184 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75ca)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=148 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75ca)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 42
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75ca)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "winreg" (pnum 75ca)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 108
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75cb nwritten=72
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75cb min=1024 max=1024 nread=68
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 182
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=94 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 75cb)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_REQCHAL
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 34
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 45
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 108
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 140
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=75cc nwritten=72
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 63
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=75cc min=1024 max=1024 nread=68
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 214
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=126 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 75cc)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_AUTH
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 50
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 45
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 132
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=44 params=0 setup=2
[2005/06/15 00:37:38, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/06/15 00:37:38, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 75c9)
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/06/15 00:37:38, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/06/15 00:37:38, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 45
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 39
[2005/06/15 00:37:38, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 3419) conn 0x98e9218
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:38, 3] smbd/service.c:close_cnum(836)
jflw2k (192.168.0.7) closed connection to service IPC$
[2005/06/15 00:37:38, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/06/15 00:37:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:39, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 43
[2005/06/15 00:37:39, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 3419) conn 0x0
[2005/06/15 00:37:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:39, 3] smbd/reply.c:reply_ulogoffX(1249)
ulogoffX vuid=100
[2005/06/15 00:37:39, 3] smbd/process.c:timeout_processing(1336)
timeout_processing: End of file from client (client has disconnected).
[2005/06/15 00:37:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/15 00:37:39, 2] smbd/server.c:exit_server(571)
Closing connections
[2005/06/15 00:37:39, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/06/15 00:37:39, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)
[root at jflcent samba]#
At level 3, log file with IP address:
[root at jflcent samba]# cat 192.168.0.7.log
[2005/06/15 00:37:37, 3] smbd/oplock.c:init_oplocks(1302)
open_oplock_ipc: opening loopback UDP socket.
[2005/06/15 00:37:37, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
Linux kernel oplocks enabled
[2005/06/15 00:37:37, 3] smbd/oplock.c:init_oplocks(1333)
open_oplock ipc: pid = 3418, global_oplock_port = 32770
[2005/06/15 00:37:37, 3] smbd/process.c:process_smb(1091)
Transaction 0 of length 72
[2005/06/15 00:37:37, 2] smbd/reply.c:reply_special(235)
netbios connect: name1=JFLCENT name2=JFLW2K
[2005/06/15 00:37:37, 2] smbd/reply.c:reply_special(242)
netbios connect: local=jflcent remote=jflw2k, name type = 0
[2005/06/15 00:37:38, 3] smbd/oplock.c:init_oplocks(1302)
open_oplock_ipc: opening loopback UDP socket.
[2005/06/15 00:37:38, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
Linux kernel oplocks enabled
[2005/06/15 00:37:38, 3] smbd/oplock.c:init_oplocks(1333)
open_oplock ipc: pid = 3419, global_oplock_port = 32770
[2005/06/15 00:37:38, 3] smbd/process.c:process_smb(1091)
Transaction 0 of length 72
[2005/06/15 00:37:38, 2] smbd/reply.c:reply_special(235)
netbios connect: name1=JFLCENT name2=JFLW2K
[2005/06/15 00:37:38, 2] smbd/reply.c:reply_special(242)
netbios connect: local=jflcent remote=jflw2k, name type = 0
[root at jflcent samba]#
If you can point me to the right direction, I would greatly appreciate it.
Thanks a lot for your help
JF Leblond
-----Message d'origine-----
De : Paul Gienger [mailto:pgienger at ae-solutions.com]
Envoye : 14 juin 2005 08:43
A : jfleblond at videotron.ca; samba at lists.samba.org
Objet : RE: [Samba] Domain logon problem with w2k client on a Samba-3
PDC
> I'm still getting the error "the following error occured attempting to
> join
> the domain "PALMARINC" "logon failure: unknown username or bad password"
>
> On the other hand, I'm able to connect to a share with the same login and
> password.
What do the server logs say when you get this error?
More information about the samba
mailing list