[Samba] Access denided when join samba+ldap PDC

Erik Skogh erik.skogh at gmail.com
Wed Nov 9 12:58:45 GMT 2005


Hi all!

I'm settting up a samba PDC on SuSE 9.3 with samba 3 using OpenLDAP.

I've got some problems when i try to join a Windows XP Pro sp2 worstation
into the samba PDC.
Windows tell me that i dont have access to join the domain, and samba
logfiles says that LDAP can't be running as non-root.

When I try to join the domain from XP it asks after login and passwd and
here i've try with the administrator account and my own account (senate).
The registrypatch is done and the computer A13 is added to the LDAP:

fileserver log/samba# smbldap-usershow a13$
dn: uid=A13$,ou=Computers,dc=FASITET,dc=SE
objectClass: top,inetOrgPerson,posixAccount
cn: A13$
sn: A13$
uid: A13$
uidNumber: 1005
gidNumber: 555
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer


###### smb.conf

[global]
netbiosname = fileserver
workgroup = FASITET
realm = FASITET.SE <http://FASITET.SE>
interfaces = eth0, lo
hosts allow = 127.0.0.1 <http://127.0.0.1> 192.168.100.
username map = /etc/samba/smbusers
admin users = @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
#min passwd length = 3
obey pam restrictions = No
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew Password*" %n\n "*Retype new
password*" %n\n"
ldap passwd sync = Yes
log level = 3
syslog = 1
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = startup.bat
logon drive = F:
logon home =
logon path =

domain logons = Yes
os level = 65
local master = Yes
preferred master = Yes
domain master = yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1
ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=fasitet,dc=se
ldap suffix = dc=fasitet,dc=se
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start tls
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
winbind separator = +
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes

[homes]
comment = Home Directories
valid users = %S
browseable = Yes
writable = yes
create mask = 0664
directory mask = 0775

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon

[profiles]
comment = Network Profiles Service
path = /var/lib/samba/profiles/
writeable = yes
browsable = yes
create mask = 0644
directory mask = 0755

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[pub]
comment = Public Directory
directory = /pub
comment = Public Directory
directory = /pub
guest ok = yes
writable = yes
browseable = yes
public = yes
read only = no
create mask = 0664
directory mask = 0775
user = senate
force user = senate

[backup]
comment = Backup Directory
directory = /backup
valid users = @users
writable = yes
browseable = yes
read only = no
create mask = 0664
directory mask = 0775

# eof smb.conf

###### log.nmbd
[2005/11/09 13:14:02, 2]
nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(110)
announce_local_master_browser_to_domain_master_browser:
We are both a domain and a local master browser for workgroup FASITET. Do
not announce to ourselves.
[2005/11/09 13:14:02, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(154)
sync_with_dmb:
Initiating sync with domain master browser FILESERVER<20> at IP
192.168.100.12 <http://192.168.100.12> for workgroup FASITET
[2005/11/09 13:14:03, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485)
wins_process_name_query: name query for name *<1b> from IP
127.0.0.1<http://127.0.0.1>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_sendannounce.c:send_local_master_announcement(166)
send_local_master_announcement: type c9b2b for name FILESERVER on subnet
192.168.100.12 <http://192.168.100.12> for workgroup FASITET
[2005/11/09 13:16:08, 3]
nmbd/nmbd_sendannounce.c:send_workgroup_announcement(185)
send_workgroup_announcement: on subnet
192.168.100.12<http://192.168.100.12>for workgroup FASITET
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FASITET<00> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FASITET<1b> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FASITET<1c> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FASITET<1e> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FILESERVER<00> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FILESERVER<03> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:16:08, 3]
nmbd/nmbd_winsserver.c:wins_process_name_refresh_request(476)
wins_process_name_refresh_request: Name refresh for name FILESERVER<20> IP
192.168.100.12 <http://192.168.100.12>
[2005/11/09 13:17:49, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485)
wins_process_name_query: name query for name FASITET<1c> from IP
127.0.0.1<http://127.0.0.1>
[2005/11/09 13:17:49, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request(1537)
wins_process_name_query: name query for name FASITET<1c> returning first IP
192.109.100.100 <http://192.109.100.100>.
[2005/11/09 13:17:49, 3]
nmbd/nmbd_incomingrequests.c:process_node_status_request(323)
process_node_status_request: status request for name FASITET<1c> from IP
192.168.100.12 <http://192.168.100.12> on subnet UNICAST_SUBNET.
[2005/11/09 13:21:59, 3]
nmbd/nmbd_incomingrequests.c:process_node_status_request(323)
process_node_status_request: status request for name *<00> from IP
82.190.52.249 <http://82.190.52.249> on subnet UNICAST_SUBNET.
[2005/11/09 13:25:33, 3]
nmbd/nmbd_incomingdgrams.c:process_workgroup_announce(217)
process_workgroup_announce: from FIREWALL<00> IP
82.96.47.50<http://82.96.47.50>to __MSBROWSE__<01> for workgroup
FASITET1.
[2005/11/09 13:25:53, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(421)
write_browse_list: Wrote browse list into file /var/lib/samba/browse.dat

# eof log.nmbd


###### log.a13 (A13 is the name of my WinXP workstation)
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 10677) conn 0x0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/11/09 13:10:21, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 240
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10677) conn 0x0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:21, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 360
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10677) conn 0x0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:21, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:21, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[administrator] domain=[fasitet] workstation=[A13] len1=24 len2=24
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[fasitet]\[administrator]@[A13] with the new password interface
[2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [fasitet]\[administrator]@[A13]
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/11/09 13:10:21, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2005/11/09 13:10:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: Administrator
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:21, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [administrator] succeeded
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [administrator] ->
[administrator] -> [Administrator] succeeded
[2005/11/09 13:10:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/11/09 13:10:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(222)
User name: Administrator Real name: Administrator
[2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(241)
UNIX uid 0 is UNIX user Administrator, and will be vuid 100
[2005/11/09 13:10:21, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'Administrator' using home directory:
'/home/Administrator'
[2005/11/09 13:10:21, 3] param/loadparm.c:lp_add_home(2360)
adding home's share [Administrator] for user 'Administrator' at
'/home/Administrator'
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 90
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 10677) conn 0x0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/11/09 13:10:21, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.100.98 <http://192.168.100.98>)
[2005/11/09 13:10:21, 3] smbd/service.c:make_connection_snum(479)
Connect path is '/var/tmp' for service [IPC$]
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:21, 3] smbd/vfs.c:vfs_init_default(206)
Initialising default vfs hooks
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/service.c:make_connection_snum(642)
a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$
initially as user Administrator (uid=0, gid=512) (pid 10677)
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/reply.c:reply_tcon_and_X(455)
tconX service=IPC$
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:21, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7698 nwritten=72
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7698 min=1024 max=1024 nread=68
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 184
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7698)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:21, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 826
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7698)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7698)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 16
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7699 nwritten=72
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7699 min=1024 max=1024 nread=68
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7699)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=184 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7699)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=148 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7699)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 46
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7699)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:21, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:21, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:21, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 7699)
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:21, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:21, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/11/09 13:10:21, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 108
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=769a nwritten=72
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=769a min=1024 max=1024 nread=68
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 184
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "NETLOGON" (pnum 769a)
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_REQCHAL
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 34
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 45
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 108
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 140
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=769b nwritten=72
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 63
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=769b min=1024 max=1024 nread=68
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 208
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=120 params=0 setup=2
[2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "NETLOGON" (pnum 769b)
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_AUTH
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 44
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 45
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 132
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:22, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:22, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7698)
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/11/09 13:10:22, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 45
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 43
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 10677) conn 0x0
[2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:22, 3] smbd/reply.c:reply_ulogoffX(1261)
ulogoffX vuid=100
[2005/11/09 13:10:22, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 39
[2005/11/09 13:10:22, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 10677) conn 0x83ce5e0
[2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:22, 3] smbd/service.c:close_cnum(830)
a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service
IPC$
[2005/11/09 13:10:22, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:22, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/11/09 13:10:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:22, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/11/09 13:10:22, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/11/09 13:10:22, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 137
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 10678) conn 0x0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/11/09 13:10:23, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 240
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10678) conn 0x0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:23, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 360
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10678) conn 0x0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:23, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:23, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[administrator] domain=[fasitet] workstation=[A13] len1=24 len2=24
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[fasitet]\[administrator]@[A13] with the new password interface
[2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [fasitet]\[administrator]@[A13]
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/11/09 13:10:23, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: Administrator
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 512
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [administrator] succeeded
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [administrator] ->
[administrator] -> [Administrator] succeeded
[2005/11/09 13:10:23, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/11/09 13:10:23, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(222)
User name: Administrator Real name: Administrator
[2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(241)
UNIX uid 0 is UNIX user Administrator, and will be vuid 100
[2005/11/09 13:10:23, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'Administrator' using home directory:
'/home/Administrator'
[2005/11/09 13:10:23, 3] param/loadparm.c:lp_add_home(2360)
adding home's share [Administrator] for user 'Administrator' at
'/home/Administrator'
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 90
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 10678) conn 0x0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/11/09 13:10:23, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.100.98 <http://192.168.100.98>)
[2005/11/09 13:10:23, 3] smbd/service.c:make_connection_snum(479)
Connect path is '/var/tmp' for service [IPC$]
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:23, 3] smbd/vfs.c:vfs_init_default(206)
Initialising default vfs hooks
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/service.c:make_connection_snum(642)
a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$
initially as user Administrator (uid=0, gid=512) (pid 10678)
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/reply.c:reply_tcon_and_X(455)
tconX service=IPC$
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7699 nwritten=72
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7699 min=1024 max=1024 nread=68
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 184
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7699)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 826
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7699)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7699)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 16
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=769a nwritten=72
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=769a min=1024 max=1024 nread=68
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 769a)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=184 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 769a)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=148 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 769a)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 46
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 769a)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 769a)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 100
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe samr opening.
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\samr
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=769b nwritten=72
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=769b min=1024 max=1024 nread=68
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 176
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=88 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769b)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 45
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 100
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe samr opening.
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 140
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\samr
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=769c nwritten=72
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 63
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=769c min=1024 max=1024 nread=68
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 164
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=76 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CONNECT4
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 982
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 140
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=52 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 88
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 166
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=78 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2005/11/09 13:10:23, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain FASITET ->
S-1-5-21-2628040634-270012795-1265092401
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 14
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 164
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=76 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:23, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-2996
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 956
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 168
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=80 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CREATE_USER
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1898)
ldapsam_add_sam_account: Adding new user
[2005/11/09 13:10:23, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912)
init_ldap_from_sam: Setting entry for user: A13$
[2005/11/09 13:10:23, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
ldapsam_modify_entry: Failed to add user dn=
uid=A13$,ou=Computers,dc=fasitet,dc=se with: Already exists

[2005/11/09 13:10:23, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
ldapsam_add_sam_account: failed to modify/add user with uid = A13$ (dn =
uid=A13$,ou=Computers,dc=fasitet,dc=se)
[2005/11/09 13:10:23, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
could not add user/computer a13$ to passdb. Check permissions?
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 10
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 132
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 34 of length 132
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 769c)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 35 of length 45
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 36 of length 132
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:23, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:23, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 7699)
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/11/09 13:10:23, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:23, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 37 of length 45
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 38 of length 43
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 10678) conn 0x0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/reply.c:reply_ulogoffX(1261)
ulogoffX vuid=100
[2005/11/09 13:10:23, 3] smbd/process.c:process_smb(1091)
Transaction 39 of length 39
[2005/11/09 13:10:23, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 10678) conn 0x83ce750
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/service.c:close_cnum(830)
a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service
IPC$
[2005/11/09 13:10:23, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/11/09 13:10:23, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:23, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/11/09 13:10:23, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/11/09 13:10:23, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 137
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 10693) conn 0x0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/11/09 13:10:51, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 240
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10693) conn 0x0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:51, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 346
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10693) conn 0x0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:51, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:51, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[senate] domain=[fasitet] workstation=[A13] len1=24 len2=24
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[fasitet]\[senate]@[A13] with the new password interface
[2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [fasitet]\[senate]@[A13]
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/11/09 13:10:51, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2005/11/09 13:10:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: senate
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:51, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 513
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [senate] succeeded
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [senate] -> [senate] ->
[senate] succeeded
[2005/11/09 13:10:51, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/11/09 13:10:51, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(222)
User name: senate Real name: System User
[2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(241)
UNIX uid 1001 is UNIX user senate, and will be vuid 100
[2005/11/09 13:10:51, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'senate' using home directory: '/home/senate'
[2005/11/09 13:10:51, 3] param/loadparm.c:lp_add_home(2360)
adding home's share [senate] for user 'senate' at '/home/senate'
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 90
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 10693) conn 0x0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/11/09 13:10:51, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.100.98 <http://192.168.100.98>)
[2005/11/09 13:10:51, 3] smbd/service.c:make_connection_snum(479)
Connect path is '/var/tmp' for service [IPC$]
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:51, 3] smbd/vfs.c:vfs_init_default(206)
Initialising default vfs hooks
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/service.c:make_connection_snum(642)
a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$
initially as user senate (uid=1001, gid=100) (pid 10693)
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/reply.c:reply_tcon_and_X(455)
tconX service=IPC$
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768e nwritten=72
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768e min=1024 max=1024 nread=68
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 184
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768e)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:51, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 826
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768e)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768e)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 16
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768f nwritten=72
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768f min=1024 max=1024 nread=68
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768f)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=184 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768f)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=148 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768f)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 46
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768f)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:51, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768f)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:51, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 108
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7690 nwritten=72
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7690 min=1024 max=1024 nread=68
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 184
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "NETLOGON" (pnum 7690)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_REQCHAL
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 34
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 45
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 108
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe NETLOGON opening.
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 140
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7691 nwritten=72
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 63
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7691 min=1024 max=1024 nread=68
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 208
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:51, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=120 params=0 setup=2
[2005/11/09 13:10:51, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:51, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "NETLOGON" (pnum 7691)
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_AUTH
[2005/11/09 13:10:51, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 44
[2005/11/09 13:10:51, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 45
[2005/11/09 13:10:51, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 132
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768e)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 45
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 43
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 10693) conn 0x0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/reply.c:reply_ulogoffX(1261)
ulogoffX vuid=100
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 39
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 10693) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/service.c:close_cnum(830)
a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service
IPC$
[2005/11/09 13:10:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/11/09 13:10:52, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/11/09 13:10:52, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 137
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 10694) conn 0x0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Windows for Workgroups 3.1a]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN2.1]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [NT LM 0.12]
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/11/09 13:10:52, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LM 0.12
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 240
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10694) conn 0x0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:52, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 40
[2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe2088297
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 346
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 10694) conn 0x0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2005/11/09 13:10:52, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/09 13:10:52, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1]
PrimaryDomain=[]
[2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[senate] domain=[fasitet] workstation=[A13] len1=24 len2=24
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[fasitet]\[senate]@[A13] with the new password interface
[2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [fasitet]\[senate]@[A13]
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/11/09 13:10:52, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2005/11/09 13:10:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: senate
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/11/09 13:10:52, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 513
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [senate] succeeded
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [senate] -> [senate] ->
[senate] succeeded
[2005/11/09 13:10:52, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/11/09 13:10:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(222)
User name: senate Real name: System User
[2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(241)
UNIX uid 1001 is UNIX user senate, and will be vuid 100
[2005/11/09 13:10:52, 3] smbd/password.c:register_vuid(270)
Adding homes service for user 'senate' using home directory: '/home/senate'
[2005/11/09 13:10:52, 3] param/loadparm.c:lp_add_home(2360)
adding home's share [senate] for user 'senate' at '/home/senate'
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 90
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 10694) conn 0x0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/11/09 13:10:52, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.100.98 <http://192.168.100.98>)
[2005/11/09 13:10:52, 3] smbd/service.c:make_connection_snum(479)
Connect path is '/var/tmp' for service [IPC$]
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] smbd/vfs.c:vfs_init_default(206)
Initialising default vfs hooks
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/service.c:make_connection_snum(642)
a13 (192.168.100.98 <http://192.168.100.98>) connect to service IPC$
initially as user senate (uid=1001, gid=100) (pid 10694)
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/reply.c:reply_tcon_and_X(455)
tconX service=IPC$
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 104
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 6 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768a nwritten=72
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 7 of length 63
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768a min=1024 max=1024 nread=68
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 8 of length 184
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=96 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768a)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 826
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 9 of length 134
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768a)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 10 of length 134
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=46 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768a)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 16
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 11 of length 104
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe winreg opening.
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 12 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\winreg
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768b nwritten=72
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 13 of length 63
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768b min=1024 max=1024 nread=68
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 14 of length 124
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=36 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768b)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_HKLM
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 15 of length 272
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=184 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768b)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_OPEN_ENTRY
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 110
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 16 of length 236
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=148 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768b)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_INFO
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 46
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 17 of length 132
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768b)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 18 of length 132
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "winreg" (pnum 768b)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: REG_CLOSE
[2005/11/09 13:10:52, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 19 of length 45
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 20 of length 100
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe samr opening.
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 21 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\samr
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768c nwritten=72
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 22 of length 63
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768c min=1024 max=1024 nread=68
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 23 of length 176
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=88 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768c)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 24 of length 45
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 25 of length 100
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe samr opening.
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 26 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBwriteX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\samr
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=768d nwritten=72
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 27 of length 63
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBreadX (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=768d min=1024 max=1024 nread=68
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 28 of length 164
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=76 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CONNECT4
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 982
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 29 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=52 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 88
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 30 of length 166
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=78 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2005/11/09 13:10:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain FASITET ->
S-1-5-21-2628040634-270012795-1265092401
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 14
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 31 of length 164
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=76 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 956
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 32 of length 140
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=52 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 88
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 33 of length 166
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=78 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN
[2005/11/09 13:10:52, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain FASITET ->
S-1-5-21-2628040634-270012795-1265092401
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 14
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 34 of length 164
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=76 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(251)
[2005/11/09 13:10:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-2628040634-270012795-1265092401-3000
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1201
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1033
se_access_check: also S-1-5-21-2628040634-270012795-1265092401-1067
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 956
[2005/11/09 13:10:52, 3] smbd/process.c:process_smb(1091)
Transaction 35 of length 168
[2005/11/09 13:10:52, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:10:52, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=80 params=0 setup=2
[2005/11/09 13:10:52, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:10:52, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:10:52, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CREATE_USER
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(1001, 100) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(1001, 100) : sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/09 13:10:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0
[2005/11/09 13:10:52, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:52, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/11/09 13:10:53, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:53, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/11/09 13:10:54, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:54, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/11/09 13:10:55, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:55, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/11/09 13:10:56, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:56, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/11/09 13:10:57, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:57, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/11/09 13:10:58, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:58, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/11/09 13:10:59, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:10:59, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/11/09 13:11:00, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:00, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/11/09 13:11:01, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:01, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/11/09 13:11:02, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:02, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/11/09 13:11:03, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:03, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/11/09 13:11:04, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:04, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/11/09 13:11:05, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:05, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/11/09 13:11:06, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:06, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/11/09 13:11:07, 0] lib/smbldap.c:smbldap_open(882)
smbldap_open: cannot access LDAP when not root..
[2005/11/09 13:11:07, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (Timed out)
[2005/11/09 13:11:07, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2350)
could not add user/computer a13$ to passdb. Check permissions?
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 10
[2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091)
Transaction 36 of length 132
[2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:07, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:11:07, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:11:07, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/11/09 13:11:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091)
Transaction 37 of length 132
[2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:07, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:11:07, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:11:07, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "samr" (pnum 768d)
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CLOSE_HND
[2005/11/09 13:11:07, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:11:07, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:07, 3] smbd/process.c:process_smb(1091)
Transaction 38 of length 45
[2005/11/09 13:11:07, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091)
Transaction 39 of length 132
[2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:08, 3] smbd/ipc.c:reply_trans(539)
trans <\PIPE\> data=44 params=0 setup=2
[2005/11/09 13:11:08, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2005/11/09 13:11:08, 3] smbd/ipc.c:api_fd_reply(294)
Got API command 0x26 on pipe "lsarpc" (pnum 768a)
[2005/11/09 13:11:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:08, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_CLOSE
[2005/11/09 13:11:08, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200)
Closed policy
[2005/11/09 13:11:08, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091)
Transaction 40 of length 45
[2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886)
switch message SMBclose (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091)
Transaction 41 of length 43
[2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886)
switch message SMBulogoffX (pid 10694) conn 0x0
[2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:11:08, 3] smbd/reply.c:reply_ulogoffX(1261)
ulogoffX vuid=100
[2005/11/09 13:11:08, 3] smbd/process.c:process_smb(1091)
Transaction 42 of length 39
[2005/11/09 13:11:08, 3] smbd/process.c:switch_message(886)
switch message SMBtdis (pid 10694) conn 0x83ce8d0
[2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:11:08, 3] smbd/service.c:close_cnum(830)
a13 (192.168.100.98 <http://192.168.100.98>) closed connection to service
IPC$
[2005/11/09 13:11:08, 3] smbd/connection.c:yield_connection(69)
Yielding connection to IPC$
[2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:11:08, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/11/09 13:11:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/09 13:11:08, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/11/09 13:11:08, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/11/09 13:11:08, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)

# eof log.a13


Cheers
Erik Skogh


More information about the samba mailing list