[Samba] Authentication fails (sometimes)

Mario Lipinski mario.lipinski at gymszbad.de
Wed Aug 30 11:28:45 GMT 2006


Hello,

I am usually able to log me onto my domain. However, i have problems to
get authentication under windows where I need admin rights, which also
succeeds some times.

I have the following in my groupmap:

# net groupmap list
admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin
guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests
gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb
bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) -> bib-admins
bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) -> bibliothek

and user/group is on the system:

$ getent group admin
admin:x:1000:law,[...]
$ getent passwd law
law:x:1001:1001:Mario Lipinski:/home/law:/bin/bash
$ getent group gsb
gsb:x:60000:

I am member of the group admin (which is also a user with the same uid
if that matters). So everything should be fine.


In my logs I find these line:

[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
  	setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_gid_from_cache(1010)
  fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
  pdb_set_group_sid_from_rid:
  	setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513

Does that mean, that the group id 60000 is assigned to me? Why? I am not
member of the group with id 60000 (see above)

I post almost a full log here. Some parts which might contain my
password is removed. I hope I did not forget anything.


Mario


[2006/08/27 20:02:52, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:02, 3, pid=4545] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:02, 5, pid=4545] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:02, 5, pid=4545] smbd/uid.c:change_to_root_user(275)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/08/27 20:03:02, 10, pid=4545] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 448
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
  got message type 0x0 of len 0x1c0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
  Transaction 14094 of length 452
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=448
  smb_com=0x2f
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37068
  smt_wct=14
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=57054 (0xDEDE)
  smb_vwv[ 2]=30418 (0x76D2)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=65535 (0xFFFF)
  smb_vwv[ 6]=65535 (0xFFFF)
  smb_vwv[ 7]=    8 (0x8)
  smb_vwv[ 8]=  384 (0x180)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=  384 (0x180)
  smb_vwv[11]=   64 (0x40)
  smb_vwv[12]=    0 (0x0)
  smb_vwv[13]=    0 (0x0)
  smb_bcc=385
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
  switch message SMBwriteX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-4092459118-2595994810-1099795350-501
  contains 4 SIDs
  SID[  0]: S-1-5-21-4092459118-2595994810-1099795350-501
  SID[  1]: S-1-1-0
  SID[  2]: S-1-5-2
  SID[  3]: S-1-5-32-546
  SE_PRIV  0x0 0x0 0x0 0x0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 65534
  Primary group is 65534 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] smbd/uid.c:change_to_user(260)
  change_to_user uid=(65534,65534) gid=(0,65534)
[2006/08/27 20:03:03, 4, pid=18112] smbd/vfs.c:vfs_ChDir(741)
  vfs_ChDir to /tmp
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
  search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
  pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_pipe(937)
  write_to_pipe: 76d2 name: NETLOGON open: Yes len: 384
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 384
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 384
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395)
  fill_rpc_header: data_to_copy = 384, len_needed_to_complete_hdr = 16, receive_len = 0
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 16
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 368
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0000 major     : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0001 minor     : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0002 pkt_type  : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0003 flags     : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0008 frag_len  : 0180
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      000a auth_len  : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      000c call_id   : 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482)
  unmarshall_rpc_header: using little-endian RPC
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511)
  unmarshall_rpc_header: type = 0, flags = 3
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 0
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959)
  write_to_pipe: data_left = 368
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:process_incoming_data(852)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 368, incoming data = 368
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719)
  process_complete_pdu: processing packet type 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr_req req
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0000 alloc_hint: 0000013e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0004 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0006 opnum     : 0002
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_pipe_schannel_process(2086)
  data 320 auth 32
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000148 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0148 auth_type    : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0149 auth_level   : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      014a auth_pad_len : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      014b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      014c auth_context_id: 000b3ca0
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000150 smb_io_rpc_auth_schannel_chk 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0150 sig  : 77 00 7a 00 ff ff 00 00 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0158 seq_num: 1d 0f 67 93 6c a8 a1 52 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0160 packet_digest: 53 2d 8b 35 8e b4 ad 03 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0168 confounder: 4a 95 04 46 4a c6 35 ef 
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1710)
  SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_decode(1730)
  SCHANNEL: schannel_decode seq_num=26 data_len=320
[2006/08/27 20:03:03, 3, pid=18112] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 0
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_pipe_request(2223)
  Requested \PIPE\NETLOGON
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2258)
  api_rpcTNP: NETLOGON op 0x2 - api_rpcTNP: rpc command: NET_SAMLOGON
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2284)
  api_rpc_cmds[4].fn == 0x503330
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_q_sam_logon 
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000000 smb_io_sam_info 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000000 smb_io_clnt_info2 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000000 smb_io_clnt_srv 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0000 undoc_buffer : 000aaf30
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000004 smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0004 uni_max_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0008 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      000c uni_str_len: 0000000b
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      0010 buffer     : \.\.G.A.R.F.I.E.L.D...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0028 undoc_buffer2: 000aafec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  00002c smb_io_unistr2 unistr2
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      002c uni_max_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0030 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0034 uni_str_len: 00000009
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      0038 buffer     : G.A.R.G.A.M.E.L...
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              004c ptr_cred: 00c5f020
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000050 smb_io_cred 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000050 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                      0050 data: c9 29 17 5b 3e 77 97 1a 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000058 smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0058 time: 44f1de56
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          005c ptr_rtn_cred : 00c5f02c
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000060 smb_io_cred 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000060 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                  0060 data: 78 16 88 77 ff ff ff ff 
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000068 smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0068 time: 00c5f048
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          006c logon_level  : 0002
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00006e smb_io_sam_info_ctr logon_info
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              006e switch_value : 0002
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              000070 net_io_id_info2 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  0070 ptr_id_info2: 00c5f548
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000074 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0074 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0076 uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0078 buffer     : 000e6db8
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                  007c param_ctrl: 00000a60
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000080 smb_io_logon_id 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0080 low : 001409fd
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0084 high: 00000000
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000088 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0088 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      008a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      008c buffer     : 000e6dbe
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000090 smb_io_unihdr unihdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0090 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      0092 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0094 buffer     : 000e6dc4
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
                  0098 lm_chal: cb e0 c8 79 df 82 1a 99 
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000a0 smb_io_strhdr hdr_nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a0 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a2 str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00a4 buffer     : 000e6dd4
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000a8 smb_io_strhdr hdr_lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00a8 str_str_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
                      00aa str_max_len: 0018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00ac buffer     : 000e6dec
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000b0 smb_io_unistr2 uni_domain_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b0 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b4 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00b8 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00bc buffer     : G.S.B.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000c2 smb_io_unistr2 uni_user_name  
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00c4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00c8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00cc uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00d0 buffer     : l.a.w.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000d6 smb_io_unistr2 uni_wksta_name 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00d8 uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00dc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00e0 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
                      00e4 buffer     : G.A.R.G.A.M.E.L.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  0000f4 smb_io_string2 nt_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00f4 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00f8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      00fc str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
                      0100 buffer     : ..k..RL.....<t1. .<.H.x.
[2006/08/27 20:03:03, 9, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
                  000118 smb_io_string2 lm_chal_resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0118 str_max_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      011c offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
                      0120 str_str_len: 00000018
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_string2(1096)
                      0124 buffer     : .z....j.3...!GD.....)(..
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      013c validation_level: 0003
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(148)
  	sequence = 0x44f1de56
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(150)
  	seed:        1D945542017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(155)
  	seed+seq   73724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(159)
  	CLIENT      C929175B3E77971A
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(164)
  	seed+seq+1   74724787017A748E
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_step(168)
  	SERVER      92A653116C9BED38
[2006/08/27 20:03:03, 5, pid=18112] libsmb/credentials.c:creds_reseed(238)
  cred_reseed: seed 74724787017A748E
[2006/08/27 20:03:03, 10, pid=18112] libsmb/credentials.c:creds_server_check(221)
  creds_server_check: credentials check OK.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] passdb/secrets.c:secrets_store_schannel_session_info(994)
  secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/GARGAMEL
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(847)
  SAM Logon (Network). Domain:[GSB].  User:[law at GARGAMEL] Requested Domain:[GSB]
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(862)
  Attempting validation level 2 for unmapped username law.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:make_auth_context_subsystem(484)
  Making default auth method list for DC, security=user, encrypt passwords = yes
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match guest
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method guest has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match sam
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method sam has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match winbind:trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(391)
  load_auth_module: Attempting to find an auth method to match trustdomain
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method trustdomain has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:load_auth_module(416)
  load_auth_module: auth method winbind has a valid init
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user [GSB]\[law] from workstation [GARGAMEL]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:is_trusted_domain(2016)
  is_trusted_domain: Checking for domain trust with [GSB]
[2006/08/27 20:03:03, 5, pid=18112] passdb/secrets.c:secrets_fetch_trusted_domain_password(339)
  secrets_fetch failed!
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 10, pid=18112] lib/gencache.c:gencache_get(312)
  Cache entry with key = TDOM/GSB couldn't be found
[2006/08/27 20:03:03, 5, pid=18112] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
  no entry for trusted domain GSB found.
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(75)
  attempting to make a user_info for law (law)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(85)
  making strings for law's user_info struct
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_user_info(117)
  making blobs for law's user_info struct
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:make_user_info(135)
  made an encrypted user_info for law (law)
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [GSB]\[law]@[GARGAMEL] with the new password interface
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [GSB]\[law]@[GARGAMEL]
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(233)
  check_ntlm_password: auth_context challenge created by fixed
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(235)
  challenge is: 
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:dump_data(2215)
  [000] CB E0 C8 79 DF 82 1A 99                           ...y.... 
[2006/08/27 20:03:03, 10, pid=18112] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: guest had nothing to say
[2006/08/27 20:03:03, 8, pid=18112] lib/util.c:is_myname(2036)
  is_myname("GSB") returns 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
  Executing query SELECT logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ',NULL FROM user WHERE username = 'law'
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
  pdb_set_username: setting username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
  pdb_set_domain: setting domain GSB, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_nt_username(580)
  pdb_set_nt_username: setting nt username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
  pdb_set_full_name: setting full name Mario Lipinski, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
  pdb_set_homedir: setting home dir \\garfield\law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_logon_script(626)
  pdb_set_logon_script: setting logon script admins.bat, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_profile_path(649)
  pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 5, pid=18112] passdb/pdb_interface.c:lookup_global_sam_rid(1478)
  lookup_global_sam_rid: looking up RID 3003.
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 5, pid=18112] pdb_mysql.c:mysqlsam_select_by_field(292)
  Executing query SELECT logon_time,logoff_time,0,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,'GSB',username,gecos,home_smb,NULL,logon_script,profile_path,NULL,NULL,NULL,NULL,user_sid,group_sid,pass_lm,pass_nt,NULL,acct_ctrl,logon_divs,NULL,NULL,NULL,NULL,'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ',NULL FROM user WHERE user_sid = 'S-1-5-21-4092459118-2595994810-1099795350-3003'
[2006/08/27 20:03:03, 10, pid=18112] pdb_mysql.c:row_to_sam_account(93)
  empty resultpop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] passdb/pdb_interface.c:lookup_global_sam_rid(1540)
  Can't find a unix id for an unmapped group
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
  account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_username(534)
  pdb_set_username: setting username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_domain(557)
  pdb_set_domain: setting domain GSB, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_nt_username(580)
  pdb_set_nt_username: setting nt username law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_fullname(603)
  pdb_set_full_name: setting full name Mario Lipinski, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_homedir(696)
  pdb_set_homedir: setting home dir \\garfield\law, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_dir_drive(672)
  pdb_set_dir_drive: setting dir drive , was NULL
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_logon_script(626)
  pdb_set_logon_script: setting logon script admins.bat, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_profile_path(649)
  pdb_set_profile_path: setting profile path \\garfield\law\.ntprofile, was 
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_workstations(739)
  pdb_set_workstations: setting workstations , was 
[2006/08/27 20:03:03, 10, pid=18112] lib/account_pol.c:account_policy_get(337)
  account_policy_get: name: password history, val: 0
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_user_sid(463)
  pdb_set_user_sid: setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
  	setting user sid S-1-5-21-4092459118-2595994810-1099795350-3002 from rid 3002
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_gid_from_cache(1010)
  fetch gid from cache 60000 -> S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_get_set.c:pdb_set_group_sid(521)
  pdb_set_group_sid: setting group sid S-1-5-21-4092459118-2595994810-1099795350-513
[2006/08/27 20:03:03, 10, pid=18112] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
  pdb_set_group_sid_from_rid:
  	setting group sid S-1-5-21-4092459118-2595994810-1099795350-513 from rid 513
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 9, pid=18112] passdb/passdb.c:pdb_update_autolock_flag(1407)
  pdb_update_autolock_flag: Account law not autolocked, no check needed
[2006/08/27 20:03:03, 4, pid=18112] libsmb/ntlm_check.c:ntlm_password_check(326)
  ntlm_password_check: Checking NT MD4 password
[2006/08/27 20:03:03, 4, pid=18112] auth/auth_sam.c:sam_account_ok(138)
  sam_account_ok: Checking SMB password for user law
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_sam.c:logon_hours_ok(120)
  logon_hours_ok: user law allowed to logon at this time (Sun Aug 27 18:03:03 2006
  )
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
  Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/util_pw.c:getpwnam_alloc(76)
  Got law from pwnam_cache
[2006/08/27 20:03:03, 10, pid=18112] lib/system_smbd.c:sys_getgrouplist(125)
  sys_getgrouplist: user [law]
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 1001 -> S-1-22-2-1001
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 0 -> S-1-22-2-0
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 40 -> S-1-22-2-40
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 50 -> S-1-22-2-50
[2006/08/27 20:03:03, 3, pid=18112] passdb/lookup_sid.c:fetch_sid_from_gid_cache(990)
  fetch sid from gid cache 1000 -> S-1-22-2-1000
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:make_server_info_sam(625)
  make_server_info_sam: made server info for user law -> law
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [law] succeeded
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 3, pid=18112] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(115) : conn_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/08/27 20:03:03, 3, pid=18112] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2006/08/27 20:03:03, 5, pid=18112] auth/auth.c:check_ntlm_password(296)
  check_ntlm_password:  PAM Account for user [law] succeeded
[2006/08/27 20:03:03, 2, pid=18112] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [law] -> [law] -> [law] succeeded
[2006/08/27 20:03:03, 5, pid=18112] auth/auth_util.c:free_user_info(1866)
  attempting to free (and zero) a user_info structure
[2006/08/27 20:03:03, 10, pid=18112] auth/auth_util.c:free_user_info(1870)
  structure was created for law
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(934)
  _net_sam_logon: check_password returned status NT_STATUS_OK
[2006/08/27 20:03:03, 4, pid=18112] rpc_parse/parse_net.c:init_dom_sid2s(1009)
  init_dom_sid2s: 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 net_io_r_sam_logon 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0000 buffer_creds: 00000001
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000004 smb_io_cred 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000004 smb_io_chal 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
              0004 data: 92 a6 53 11 6c 9b ed 38 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00000c smb_io_utime 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              000c time: 44f1de57
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0010 switch_value: 0003
[2006/08/27 20:03:03, 6, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
      000014 net_io_user_info3 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0014 ptr_user_info : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000018 smb_io_time logon time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0018 low : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              001c high: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000020 smb_io_time logoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0020 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0024 high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000028 smb_io_time kickoff time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0028 low : ffffffff
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              002c high: 7fffffff
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000030 smb_io_time last set time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0030 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0034 high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000038 smb_io_time can change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0038 low : 12056880
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              003c high: 01c4942d
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000040 smb_io_time must change time
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0040 low : d4a5e980
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0044 high: 01e9fd1e
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000048 smb_io_unihdr hdr_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0048 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              004a uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              004c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000050 smb_io_unihdr hdr_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0050 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0052 uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0054 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000058 smb_io_unihdr hdr_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0058 uni_str_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              005a uni_max_len: 0014
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              005c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000060 smb_io_unihdr hdr_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0060 uni_str_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0062 uni_max_len: 0032
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0064 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000068 smb_io_unihdr hdr_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0068 uni_str_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              006a uni_max_len: 001c
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              006c buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000070 smb_io_unihdr hdr_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0070 uni_str_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              0072 uni_max_len: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0074 buffer     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          0078 logon_count   : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
          007a bad_pw_count  : 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          007c user_rid      : 00000bba
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0080 group_rid     : 00000201
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0084 num_groups    : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          0088 buffer_groups : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          008c user_flgs     : 00000020
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_user_flgs(1555)
  dump_user_flgs
  	account has LOGON_EXTRA_SIDS
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
          0090 user_sess_key: 86 4d c5 2d e6 ec 27 12 cd e8 59 9c 63 d0 54 fc 
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000a0 smb_io_unihdr hdr_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a0 uni_str_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a2 uni_max_len: 0010
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00a4 buffer     : 00000001
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000a8 smb_io_unihdr hdr_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00a8 uni_str_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
              00aa uni_max_len: 0006
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00ac buffer     : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00b0 buffer_dom_id : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
          00b4 lm_sess_key: 30 32 0f fc ff 3e b1 1c 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00bc acct_flags : 00000212
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_net.c:dump_acct_flags(1528)
  dump_acct_flags
  	account has ACB_NORMAL
  	account has ACB_PWNOEXP
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00c8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00cc unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d0 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d4 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00d8 unkown: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00dc num_other_sids: 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          00e0 buffer_other_sids: 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000e4 smb_io_unistr2 uni_user_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00e4 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00e8 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00ec uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              00f0 buffer     : l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0000f6 smb_io_unistr2 uni_full_name
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00f8 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              00fc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0100 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              0104 buffer     : M.a.r.i.o. .L.i.p.i.n.s.k.i.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000120 smb_io_unistr2 uni_logon_script
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0120 uni_max_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0124 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0128 uni_str_len: 0000000a
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              012c buffer     : a.d.m.i.n.s...b.a.t.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          000140 smb_io_unistr2 uni_profile_path
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0140 uni_max_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0144 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0148 uni_str_len: 00000019
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              014c buffer     : \.\.g.a.r.f.i.e.l.d.\.l.a.w.\...n.t.p.r.o.f.i.l.e.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          00017e smb_io_unistr2 uni_home_dir
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0180 uni_max_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0184 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              0188 uni_str_len: 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              018c buffer     : \.\.g.a.r.f.i.e.l.d.\.l.a.w.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001a8 smb_io_unistr2 - NULL uni_dir_drive
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
          01a8 num_groups2   : 00000000
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001ac smb_io_unistr2 uni_logon_srv
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01ac uni_max_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01b0 offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01b4 uni_str_len: 00000008
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              01b8 buffer     : G.A.R.F.I.E.L.D.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001c8 smb_io_unistr2 uni_logon_dom
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01c8 uni_max_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01cc offset     : 00000000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01d0 uni_str_len: 00000003
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:dbg_rw_punival(936)
              01d4 buffer     : G.S.B.
[2006/08/27 20:03:03, 7, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
          0001da smb_io_dom_sid2 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
              01dc num_auths: 00000004
[2006/08/27 20:03:03, 8, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
              0001e0 smb_io_dom_sid sid
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e0 sid_rev_num: 01
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e1 num_auths  : 04
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e2 id_auth[0] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e3 id_auth[1] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e4 id_auth[2] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e5 id_auth[3] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e6 id_auth[4] : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
                  01e7 id_auth[5] : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32s(991)
                  01e8 sub_auths : 00000015 f3edf86e 9abbbcba 418d8b96 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      01f8 auth_resp   : 00000001
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_ntstatus(763)
      01fc status      : NT_STATUS_OK
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe.c:api_rpcTNP(2305)
  api_rpcTNP: called NETLOGON successfully
[2006/08/27 20:03:03, 3, pid=18112] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 998
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963)
  write_to_pipe: data_used = 368
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_write_and_X(217)
  writeX-IPC pnum=76d2 nwritten=384
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=47
  smb_com=0x2f
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37068
  smt_wct=6
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=  384 (0x180)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_bcc=0
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1
[2006/08/27 20:03:03, 10, pid=18112] lib/util_sock.c:read_smb_length_return_keepalive(623)
  got smb length of 59
[2006/08/27 20:03:03, 6, pid=18112] smbd/process.c:process_smb(1109)
  got message type 0x0 of len 0x3b
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:process_smb(1110)
  Transaction 14095 of length 63
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=59
  smb_com=0x2e
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37132
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=57054 (0xDEDE)
  smb_vwv[ 2]=30418 (0x76D2)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]= 1024 (0x400)
  smb_vwv[ 6]= 1024 (0x400)
  smb_vwv[ 7]=65535 (0xFFFF)
  smb_vwv[ 8]=65535 (0xFFFF)
  smb_vwv[ 9]= 1024 (0x400)
  smb_vwv[10]=    0 (0x0)
  smb_vwv[11]=    0 (0x0)
  smb_bcc=0
[2006/08/27 20:03:03, 3, pid=18112] smbd/process.c:switch_message(914)
  switch message SMBreadX (pid 18112) conn 0x9998e0
[2006/08/27 20:03:03, 4, pid=18112] smbd/uid.c:change_to_user(176)
  change_to_user: Skipping user change - already user
[2006/08/27 20:03:03, 4, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264)
  search for pipe pnum=76d2
[2006/08/27 20:03:03, 5, pid=18112] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268)
  pipe name NETLOGON pnum=76d2 (pipes_open=1)
[2006/08/27 20:03:03, 6, pid=18112] rpc_server/srv_pipe_hnd.c:read_from_pipe(995)
  read_from_pipe: 76d2 name: NETLOGON len: 1024
[2006/08/27 20:03:03, 10, pid=18112] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068)
  read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 512.
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000000 smb_io_rpc_hdr hdr
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0000 major     : 05
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0001 minor     : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0002 pkt_type  : 02
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0003 flags     : 03
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0004 pack_type0: 10
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0005 pack_type1: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0006 pack_type2: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0007 pack_type3: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0008 frag_len  : 0240
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      000a auth_len  : 0020
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      000c call_id   : 0000000e
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000010 smb_io_rpc_hdr_resp resp
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      0010 alloc_hint: 00000200
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint16(675)
      0014 context_id: 0000
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0016 cancel_ct : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0017 reserved  : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000218 smb_io_rpc_hdr_auth hdr_auth
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0218 auth_type    : 44
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      0219 auth_level   : 06
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      021a auth_pad_len : 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8(615)
      021b auth_reserved: 00
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint32(704)
      021c auth_context_id: 00000001
[2006/08/27 20:03:03, 10, pid=18112] rpc_parse/parse_prs.c:schannel_encode(1633)
  SCHANNEL: schannel_encode seq_num=27 data_len=512
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_debug(84)
  000220 smb_io_rpc_auth_schannel_chk 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0220 sig  : 77 00 7a 00 ff ff 00 00 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0228 seq_num: 56 92 bc 2e 01 65 4e ee 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0230 packet_digest: 23 19 33 ef 8a c5 df 69 
[2006/08/27 20:03:03, 5, pid=18112] rpc_parse/parse_prs.c:prs_uint8s(851)
      0238 confounder: 70 ec 77 3a 58 e0 61 49 
[2006/08/27 20:03:03, 3, pid=18112] smbd/pipes.c:reply_pipe_read_and_X(262)
  readX-IPC pnum=76d2 min=1024 max=1024 nread=576
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(478)
[2006/08/27 20:03:03, 5, pid=18112] lib/util.c:show_msg(488)
  size=635
  smb_com=0x2e
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=1
  smb_pid=65279
  smb_uid=115
  smb_mid=37132
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=  576 (0x240)
  smb_vwv[ 6]=   59 (0x3B)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=    0 (0x0)
  smb_vwv[11]=    0 (0x0)
  smb_bcc=576
[2006/08/27 20:03:03, 10, pid=18112] lib/util.c:dump_data(2215)
[...]
[2006/08/27 20:03:03, 10, pid=18112] smbd/process.c:setup_select_timeout(1284)
  change_notify_timeout: -1



More information about the samba mailing list